Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report BitTorrent.exe

Overview

General Information

Sample Name:BitTorrent.exe
Analysis ID:337783
MD5:4e9b4526b63778c81d4b83b26cc5c93e
SHA1:c7331436cfc402118212205f1428737f72087d07
SHA256:ae2383eeac97ca7bb8454be49a392538d9f1f53f8512e0328b0d551ae5bbe393

Most interesting Screenshot:

Errors
  • Sigma syntax error: Has an empty selector, Rule: Abusing Azure Browser SSO

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Installs Task Scheduler Managed Wrapper
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Antivirus or Machine Learning detection for unpacked file
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Is looking for software installed on the system
JA3 SSL client fingerprint seen in connection with other malware
PE file contains sections with non-standard names
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • BitTorrent.exe (PID: 5608 cmdline: 'C:\Users\user\Desktop\BitTorrent.exe' MD5: 4E9B4526B63778C81D4B83B26CC5C93E)
    • installer.exe (PID: 5484 cmdline: .\installer.exe MD5: F6D8E4BD66542159EA410117FA31717C)
      • GenericSetup.exe (PID: 464 cmdline: 'C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe' C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe MD5: AEA3BF7F054564889ED5FAFAE481D1B7)
        • Carrier.exe (PID: 6192 cmdline: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Carrier.exe MD5: 9F65E9BF390B1B9E714A2759BB995EBD)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: BitTorrent.exeVirustotal: Detection: 24%Perma Link
Source: BitTorrent.exeReversingLabs: Detection: 19%
Source: 3.2.Carrier.exe.400000.0.unpackAvira: Label: TR/Crypt.ULPM.Gen
Source: 3.0.Carrier.exe.400000.0.unpackAvira: Label: TR/Crypt.ULPM.Gen
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_002E74C0 CryptAcquireContextW,___std_exception_copy,CryptCreateHash,___std_exception_copy,CryptHashData,___std_exception_copy,CryptGetHashParam,1_2_002E74C0
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_002EEF70 CryptReleaseContext,CryptDestroyHash,1_2_002EEF70
Source: BitTorrent.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\2021.01.10_14.03.38.868334_installer_pid=5484.txtJump to behavior
Source: BitTorrent.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 104.18.87.101:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.235.79:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\DynActsBLL\obj\Release\DynActsBLL.pdb source: DynActsBLL.dll.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\GenericSetup\obj\Release\GenericSetup.pdb source: GenericSetup.exe, GenericSetup.dll.0.dr
Source: Binary string: E:\Installer\Source\h2o-partner\h2o-partner\BundleConfig\BT002\obj\Release\BT002.pdb source: GenericSetup.exe, GenericSetup.exe.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\GenericSetup\obj\Release\GenericSetup.pdb$ source: GenericSetup.exe, 00000002.00000002.590656730.0000000004B92000.00000002.00020000.sdmp, GenericSetup.dll.0.dr
Source: Binary string: E:\Installer\Source\h2o-partner\h2o-partner\BundleConfig\uTorrent\obj\Release\uTorrent.pdbS:m: _:_CorDllMainmscoree.dll source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.590604060.0000000004B72000.00000002.00020000.sdmp, uTorrent.dll.0.dr
Source: Binary string: F:\Projetos\MyDownloader\MyDownloader\MyDownloader.Core\obj\Debug\MyDownloader.Core.pdb source: GenericSetup.exe, 00000002.00000002.595212596.0000000009DD2000.00000002.00020000.sdmp, MyDownloader.Core.dll.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\OfferServiceBLL\obj\Release\OfferServiceBLL.pdb source: GenericSetup.exe, 00000002.00000002.591156941.0000000005062000.00000002.00020000.sdmp, OfferServiceBLL.dll.0.dr
Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: Microsoft.Win32.TaskScheduler.dll.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\DevLib.Services\obj\Release\DevLib.Services.pdb source: GenericSetup.exe, 00000002.00000002.592289458.00000000059E2000.00000002.00020000.sdmp, DevLib.Services.dll.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\DynActsBLL\obj\Release\DynActsBLL.pdb"2<2 .2_CorDllMainmscoree.dll source: DynActsBLL.dll.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\DevLib\obj\Release\DevLib.pdb source: GenericSetup.exe, DevLib.dll.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\Shared\obj\Release\Shared.pdb source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.591075759.0000000005022000.00000002.00020000.sdmp, Shared.dll.0.dr
Source: Binary string: E:\Installer\Source\h2o-partner\h2o-partner\BundleConfig\uTorrent\obj\Release\uTorrent.pdb source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, GenericSetup.exe, uTorrent.dll.0.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net35/Newtonsoft.Json.pdb source: GenericSetup.exe, 00000002.00000002.592604062.0000000005AA2000.00000002.00020000.sdmp, Newtonsoft.Json.dll.0.dr
Source: Binary string: E:\Installer\Build\installer.pdb source: installer.exe, 00000001.00000000.211488057.0000000000418000.00000002.00020000.sdmp, installer.exe.0.dr
Source: Binary string: C:\pveliz\poc\sciter.src.4.2.6.9\sdk\bin\32\sciter.dll.pdb source: GenericSetup.exe, 00000002.00000002.598327057.000000006ABF2000.00000002.00020000.sdmp, sciter32.dll.0.dr
Source: Binary string: E:\Installer\Source\h2o-partner\h2o-partner\BundleConfig\BT002\obj\Release\BT002.pdbL)f) X)_CorExeMainmscoree.dll source: GenericSetup.exe, 00000002.00000002.579210628.00000000003A2000.00000002.00020000.sdmp, GenericSetup.exe.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\H2OSciter\obj\Release\H2OSciter.pdb source: H2OSciter.dll.0.dr
Source: Binary string: C:\Users\Jonathan\source\repos\HtmlAgilityPack\HtmlAgilityPack.Net35\obj\Release\HtmlAgilityPack.pdb source: GenericSetup.exe, 00000002.00000002.597278541.000000000C762000.00000002.00020000.sdmp, HtmlAgilityPack.dll.0.dr
Source: Binary string: F:\Projetos\MyDownloader\MyDownloader\MyDownloader.Extension\obj\Debug\MyDownloader.Extension.pdb source: GenericSetup.exe, 00000002.00000002.595119153.0000000009DA2000.00000002.00020000.sdmp, MyDownloader.Extension.dll.0.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net35/Newtonsoft.Json.pdbSHA256/ source: GenericSetup.exe, 00000002.00000002.592604062.0000000005AA2000.00000002.00020000.sdmp, Newtonsoft.Json.dll.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\OfferServiceSDK\obj\Release\OfferServiceSDK.pdb source: GenericSetup.exe, 00000002.00000002.595090690.0000000009D92000.00000002.00020000.sdmp, OfferServiceSDK.dll.0.dr
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_00405434 FindFirstFileA,FindFirstFileW,0_2_00405434
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_00374C10 FindFirstFileW,GetLastError,GetLastError,GetLastError,GetLastError,1_2_00374C10
Source: global trafficHTTP traffic detected: POST /v1/event-stat?ProductID=IS&Type=StubBundleStart HTTP/1.1Host: flow.lavasoft.comAccept: application/jsonContent-Type: application/jsoncharsets: utf-8Content-Length: 151Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 54 30 30 32 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 61 36 66 39 39 30 37 32 2d 35 63 30 38 2d 36 63 36 34 2d 66 30 31 39 2d 38 38 32 62 31 37 61 30 62 34 35 65 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 34 64 65 64 65 37 38 2d 37 63 36 35 2d 34 32 37 63 2d 38 37 61 32 2d 62 65 30 30 64 64 35 32 36 32 37 64 22 2c 22 49 6e 50 72 6f 63 65 73 73 22 3a 22 74 72 75 65 22 7d 7d 0a Data Ascii: {"Data":{"BundleId":"BT002","MachineId":"a6f99072-5c08-6c64-f019-882b17a0b45e","InstallId":"94dede78-7c65-427c-87a2-be00dd52627d","InProcess":"true"}}
Source: global trafficHTTP traffic detected: POST /v1/event-stat?ProductID=IS&Type=StubPreUAC HTTP/1.1Host: flow.lavasoft.comAccept: application/jsonContent-Type: application/jsoncharsets: utf-8Content-Length: 132Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 54 30 30 32 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 61 36 66 39 39 30 37 32 2d 35 63 30 38 2d 36 63 36 34 2d 66 30 31 39 2d 38 38 32 62 31 37 61 30 62 34 35 65 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 34 64 65 64 65 37 38 2d 37 63 36 35 2d 34 32 37 63 2d 38 37 61 32 2d 62 65 30 30 64 64 35 32 36 32 37 64 22 7d 7d 0a Data Ascii: {"Data":{"BundleId":"BT002","MachineId":"a6f99072-5c08-6c64-f019-882b17a0b45e","InstallId":"94dede78-7c65-427c-87a2-be00dd52627d"}}
Source: global trafficHTTP traffic detected: POST /v1/event-stat?ProductID=IS&Type=StubPostUAC HTTP/1.1Host: flow.lavasoft.comAccept: application/jsonContent-Type: application/jsoncharsets: utf-8Content-Length: 152Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 54 30 30 32 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 61 36 66 39 39 30 37 32 2d 35 63 30 38 2d 36 63 36 34 2d 66 30 31 39 2d 38 38 32 62 31 37 61 30 62 34 35 65 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 34 64 65 64 65 37 38 2d 37 63 36 35 2d 34 32 37 63 2d 38 37 61 32 2d 62 65 30 30 64 64 35 32 36 32 37 64 22 2c 22 4d 65 73 73 61 67 65 22 3a 22 55 41 43 2d 59 65 73 22 7d 7d 0a Data Ascii: {"Data":{"BundleId":"BT002","MachineId":"a6f99072-5c08-6c64-f019-882b17a0b45e","InstallId":"94dede78-7c65-427c-87a2-be00dd52627d","Message":"UAC-Yes"}}
Source: Joe Sandbox ViewIP Address: 104.16.235.79 104.16.235.79
Source: Joe Sandbox ViewIP Address: 104.18.87.101 104.18.87.101
Source: Joe Sandbox ViewIP Address: 104.18.87.101 104.18.87.101
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: GenericSetup.exe, 00000002.00000002.595119153.0000000009DA2000.00000002.00020000.sdmp, MyDownloader.Extension.dll.0.drString found in binary or memory: label9kURL (e.g: http://www.youtube.com/watch?v=AdPWWDkKS8s) equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: flow.lavasoft.com
Source: unknownHTTP traffic detected: POST /v1/event-stat?ProductID=IS&Type=StubBundleStart HTTP/1.1Host: flow.lavasoft.comAccept: application/jsonContent-Type: application/jsoncharsets: utf-8Content-Length: 151Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 54 30 30 32 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 61 36 66 39 39 30 37 32 2d 35 63 30 38 2d 36 63 36 34 2d 66 30 31 39 2d 38 38 32 62 31 37 61 30 62 34 35 65 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 34 64 65 64 65 37 38 2d 37 63 36 35 2d 34 32 37 63 2d 38 37 61 32 2d 62 65 30 30 64 64 35 32 36 32 37 64 22 2c 22 49 6e 50 72 6f 63 65 73 73 22 3a 22 74 72 75 65 22 7d 7d 0a Data Ascii: {"Data":{"BundleId":"BT002","MachineId":"a6f99072-5c08-6c64-f019-882b17a0b45e","InstallId":"94dede78-7c65-427c-87a2-be00dd52627d","InProcess":"true"}}
Source: GenericSetup.exe, 00000002.00000002.598327057.000000006ABF2000.00000002.00020000.sdmp, sciter32.dll.0.drString found in binary or memory: http://%s:%d;https=https://%s:%dhttpsgzipdeflateContent-EncodingHTTP/1.0:
Source: BitTorrent.exeString found in binary or memory: http://aia.entrust.net/evcs1-chain256.cer01
Source: BitTorrent.exeString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: GenericSetup.exe, 00000002.00000002.594395457.0000000007307000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
Source: BitTorrent.exeString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: BitTorrent.exeString found in binary or memory: http://crl.entrust.net/evcs1.crl0
Source: BitTorrent.exeString found in binary or memory: http://crl.entrust.net/g2ca.crl0;
Source: BitTorrent.exeString found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, Carrier.exe.0.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingg2.crl0T
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, Carrier.exe.0.drString found in binary or memory: http://crl.globalsign.net/root.crl0
Source: BitTorrent.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: GenericSetup.exe, 00000002.00000002.594395457.0000000007307000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
Source: GenericSetup.exe, 00000002.00000002.594395457.0000000007307000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: GenericSetup.exe, 00000002.00000002.594395457.0000000007307000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0L
Source: BitTorrent.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: GenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmpString found in binary or memory: http://flow.lavasoft.com
Source: 2021.01.10_14.03.38.868334_installer_pid=5484.txt.1.drString found in binary or memory: http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart
Source: installer.exe, 00000001.00000002.583789741.0000000000A71000.00000004.00000020.sdmp, installer.exe, 00000001.00000002.583763026.0000000000A60000.00000004.00000020.sdmp, 2021.01.10_14.03.38.868334_installer_pid=5484.txt.1.drString found in binary or memory: http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubPostUAC
Source: installer.exe, 00000001.00000002.583623805.0000000000A2D000.00000004.00000020.sdmpString found in binary or memory: http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubPostUAC1813W
Source: 2021.01.10_14.03.38.868334_installer_pid=5484.txt.1.drString found in binary or memory: http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubPreUAC
Source: 2021.01.10_14.03.38.868334_installer_pid=5484.txt.1.drString found in binary or memory: http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubStart
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://james.newtonking.com/projects/json
Source: GenericSetup.exe, 00000002.00000002.595212596.0000000009DD2000.00000002.00020000.sdmp, MyDownloader.Core.dll.0.drString found in binary or memory: http://localhost/servicemodelsamples/Desktop.zip
Source: GenericSetup.exe, 00000002.00000002.588370166.0000000002CA3000.00000004.00000001.sdmpString found in binary or memory: http://net.geo.opera.com/opera/stable/windows?utm_source=lavasoft&utm_medium=pb&utm_campaign=lavasof
Source: GenericSetup.exe, 00000002.00000002.594395457.0000000007307000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: GenericSetup.exe, 00000002.00000002.594395457.0000000007307000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
Source: BitTorrent.exeString found in binary or memory: http://ocsp.entrust.net00
Source: BitTorrent.exeString found in binary or memory: http://ocsp.entrust.net02
Source: BitTorrent.exeString found in binary or memory: http://ocsp.entrust.net03
Source: BitTorrent.exeString found in binary or memory: http://ocsp.entrust.net05
Source: BitTorrent.exeString found in binary or memory: http://ocsp.sectigo.com0
Source: Carrier.exe.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: Carrier.exe.0.drString found in binary or memory: http://s2.symcb.com0
Source: GenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.587493835.0000000002B62000.00000004.00000001.sdmpString found in binary or memory: http://sdl.adaware.com/cdn/SystemAssistant
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, Carrier.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingg2.crt0
Source: Carrier.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: Carrier.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: Carrier.exe.0.drString found in binary or memory: http://sv.symcd.com0&
Source: GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpString found in binary or memory: http://webcompanion.com/nano_download.php?partner=BT170701
Source: GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpString found in binary or memory: http://webcompanion.com/privacy
Source: GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpString found in binary or memory: http://webcompanion.com/terms
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: WarningPage.html.0.drString found in binary or memory: http://www.bittorrent.com/
Source: Carrier.exe.0.drString found in binary or memory: http://www.bittorrent.com0
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: BitTorrent.exeString found in binary or memory: http://www.entrust.net/rpa0
Source: BitTorrent.exeString found in binary or memory: http://www.entrust.net/rpa03
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: LicensePage.html.0.drString found in binary or memory: http://www.openssl.org/
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: Carrier.exe.0.drString found in binary or memory: http://www.symauth.com/cps0(
Source: Carrier.exe.0.drString found in binary or memory: http://www.symauth.com/rpa00
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: sciter32.dll.0.drString found in binary or memory: http://www.winimage.com/zLibDll
Source: GenericSetup.exe, 00000002.00000002.595119153.0000000009DA2000.00000002.00020000.sdmp, MyDownloader.Extension.dll.0.drString found in binary or memory: http://www.youtube.com/watch?v=AdPWWDkKS8s)
Source: GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: installer.exe, installer.exe, 00000001.00000000.211488057.0000000000418000.00000002.00020000.sdmp, installer.exe.0.drString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: installer.exeString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#
Source: Carrier.exe.0.drString found in binary or memory: https://d.symcb.com/cps0%
Source: Carrier.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0
Source: GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpString found in binary or memory: https://download.winzip.com/oemg/25/winzip_mul_64.msi
Source: GenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmp, installer.exe.0.dr, GenericSetup.exe.config.1.dr, 2021.01.10_14.03.38.868334_installer_pid=5484.txt.1.dr, GenericSetup.exe.config.0.drString found in binary or memory: https://flow.lavasoft.com
Source: GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpString found in binary or memory: https://flow.lavasoft.com/v1/event-stat/?Product
Source: GenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmpString found in binary or memory: https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallStart
Source: GenericSetup.exe, 00000002.00000002.589284770.0000000002DDE000.00000004.00000001.sdmpString found in binary or memory: https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOffersApproved
Source: GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpString found in binary or memory: https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceived
Source: GenericSetup.exe, 00000002.00000002.589284770.0000000002DDE000.00000004.00000001.sdmpString found in binary or memory: https://flow.lavasoft.comD8
Source: LicensePage.html.0.drString found in binary or memory: https://github.com/arvidn/libtorrent/blob/master/LICENSE
Source: GenericSetup.exe, 00000002.00000002.591917813.00000000058A0000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmp, GenericSetup.exe.config.1.dr, GenericSetup.exe.config.0.drString found in binary or memory: https://h2oapi.adaware.com
Source: GenericSetup.exe, 00000002.00000002.591917813.00000000058A0000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmp, GenericSetup.exe.config.1.dr, GenericSetup.exe.config.0.drString found in binary or memory: https://offerservicefallback.blob.core.windows.net
Source: GenericSetup.exe, 00000002.00000002.589315240.0000000002DFA000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.587303185.0000000002B31000.00000004.00000001.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: GenericSetup.exe, 00000002.00000002.594266419.00000000072A4000.00000004.00000001.sdmp, Log.tis.0.drString found in binary or memory: https://sciter.com/docs/content/script/Stream.htm
Source: BitTorrent.exeString found in binary or memory: https://sectigo.com/CPS0D
Source: GenericSetup.exe, 00000002.00000002.587342922.0000000002B39000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.591917813.00000000058A0000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmp, GenericSetup.exe.config.1.dr, GenericSetup.exe.config.0.drString found in binary or memory: https://sos.adaware.com
Source: GenericSetup.exe, 00000002.00000002.587342922.0000000002B39000.00000004.00000001.sdmpString found in binary or memory: https://sos.adaware.com/v1/bundle/list?bundleId=BT002
Source: GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpString found in binary or memory: https://sos.adaware.com/v1/offer/detail?_id=14df08d87c25fac3ded1a7536f8e2ef83280a958
Source: GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpString found in binary or memory: https://sos.adaware.com/v1/offer/detail?_id=6ab2cb954101b5d77df9477d3e7c656c261020fd
Source: GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.587620535.0000000002BCA000.00000004.00000001.sdmpString found in binary or memory: https://systemassistantpro.com/eula/
Source: GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.587620535.0000000002BCA000.00000004.00000001.sdmpString found in binary or memory: https://systemassistantpro.com/privacy/
Source: Microsoft.Win32.TaskScheduler.dll.0.drString found in binary or memory: https://taskscheduler.codeplex.com/
Source: Microsoft.Win32.TaskScheduler.dll.0.drString found in binary or memory: https://taskscheduler.codeplex.com/F
Source: installer.exe, 00000001.00000003.214794494.0000000000A1A000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.589315240.0000000002DFA000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.587303185.0000000002B31000.00000004.00000001.sdmpString found in binary or memory: https://www.adaware.com
Source: LicensePage.html.0.drString found in binary or memory: https://www.bittorrent.com/legal/privacy
Source: LicensePage.html.0.drString found in binary or memory: https://www.bittorrent.com/legal/terms-of-use
Source: GenericSetup.exe, 00000002.00000002.594395457.0000000007307000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: BitTorrent.exeString found in binary or memory: https://www.entrust.net/rpa0
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, Carrier.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, Carrier.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/03
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: GenericSetup.exe, 00000002.00000002.589331537.0000000002E0B000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.590123529.0000000003BF2000.00000004.00000001.sdmpString found in binary or memory: https://www.opera.com/eula/computers
Source: GenericSetup.exe, 00000002.00000002.589393036.0000000002EAC000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.589331537.0000000002E0B000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.590123529.0000000003BF2000.00000004.00000001.sdmpString found in binary or memory: https://www.opera.com/privacy
Source: GenericSetup.exe, 00000002.00000002.589929891.0000000003A53000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpString found in binary or memory: https://www.winzip.com/win/en/eula.html
Source: GenericSetup.exe, 00000002.00000002.589929891.0000000003A53000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpString found in binary or memory: https://www.winzip.com/win/en/privacy.html
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownHTTPS traffic detected: 104.18.87.101:443 -> 192.168.2.3:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.235.79:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: GenericSetup.exe, 00000002.00000002.580818284.0000000000ACB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_00375BF0: CreateFileW,DeviceIoControl,CloseHandle,1_2_00375BF0
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_004160760_2_00416076
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_0040E38E0_2_0040E38E
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_004124800_2_00412480
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_004039C80_2_004039C8
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_00418CC10_2_00418CC1
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_00418D9B0_2_00418D9B
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_0032A7801_2_0032A780
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_0030C8D01_2_0030C8D0
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_00335FC01_2_00335FC0
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003E20F21_2_003E20F2
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003C81301_2_003C8130
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003D71801_2_003D7180
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003E23211_2_003E2321
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003E25501_2_003E2550
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_004017D01_2_004017D0
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003D88271_2_003D8827
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003A19601_2_003A1960
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_00379B301_2_00379B30
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003F5BD01_2_003F5BD0
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003C9C001_2_003C9C00
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003F2DEF1_2_003F2DEF
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003E7E701_2_003E7E70
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003DAEBF1_2_003DAEBF
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_00340F701_2_00340F70
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeCode function: 2_2_04FB92EA2_2_04FB92EA
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Carrier.exeCode function: 3_2_0095CE303_2_0095CE30
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: String function: 002E9790 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: String function: 002F09D0 appears 101 times
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: String function: 0035BAB5 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: String function: 0035BA95 appears 93 times
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: String function: 00373CC0 appears 31 times
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: String function: 00413724 appears 177 times
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: String function: 00403A63 appears 33 times
Source: BitTorrent.exe, 00000000.00000002.581326649.00000000021F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs BitTorrent.exe
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmpBinary or memory string: ShowAfter:{0},InstallLast:{1},OriginalFilename:{2},EmailOfferPage:{3} vs BitTorrent.exe
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameShared.dll. vs BitTorrent.exe
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameuTorrent.dll4 vs BitTorrent.exe
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmpBinary or memory string: <OriginalFilename>k__BackingField vs BitTorrent.exe
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmpBinary or memory string: get_OriginalFilename vs BitTorrent.exe
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmpBinary or memory string: set_OriginalFilename vs BitTorrent.exe
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmpBinary or memory string: GetOriginalFilename vs BitTorrent.exe
Source: BitTorrent.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: GenericSetup.exe, 00000002.00000002.597278541.000000000C762000.00000002.00020000.sdmp, HtmlAgilityPack.dll.0.drBinary or memory string: .sln
Source: GenericSetup.exe, 00000002.00000002.597278541.000000000C762000.00000002.00020000.sdmp, HtmlAgilityPack.dll.0.drBinary or memory string: .csproj.css
Source: GenericSetup.exe, 00000002.00000002.597278541.000000000C762000.00000002.00020000.sdmp, HtmlAgilityPack.dll.0.drBinary or memory string: .vbproj.vbs
Source: classification engineClassification label: mal68.evad.winEXE@7/46@4/2
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_00306CE0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,Process32NextW,CloseHandle,1_2_00306CE0
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_002E6800 CoCreateInstance,CoSetProxyBlanket,1_2_002E6800
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeMutant created: \Sessions\1\BaseNamedObjects\GenericSetupBitTorrent
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeMutant created: \Sessions\1\BaseNamedObjects\GenericSetupInstaller_BT002
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89Jump to behavior
Source: BitTorrent.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\BitTorrent.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: BitTorrent.exeVirustotal: Detection: 24%
Source: BitTorrent.exeReversingLabs: Detection: 19%
Source: GenericSetup.exeString found in binary or memory: Resources/InstallingPage.html
Source: GenericSetup.exeString found in binary or memory: Resources/OfferPage.html or Resources/InstallingPage.html do not exist.
Source: C:\Users\user\Desktop\BitTorrent.exeFile read: C:\Users\user\Desktop\BitTorrent.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\BitTorrent.exe 'C:\Users\user\Desktop\BitTorrent.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exe .\installer.exe
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe 'C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe' C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Carrier.exe C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Carrier.exe
Source: C:\Users\user\Desktop\BitTorrent.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exe .\installer.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe 'C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe' C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Carrier.exe C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Carrier.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
Source: BitTorrent.exeStatic PE information: certificate valid
Source: BitTorrent.exeStatic file information: File size 4898768 > 1048576
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\DynActsBLL\obj\Release\DynActsBLL.pdb source: DynActsBLL.dll.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\GenericSetup\obj\Release\GenericSetup.pdb source: GenericSetup.exe, GenericSetup.dll.0.dr
Source: Binary string: E:\Installer\Source\h2o-partner\h2o-partner\BundleConfig\BT002\obj\Release\BT002.pdb source: GenericSetup.exe, GenericSetup.exe.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\GenericSetup\obj\Release\GenericSetup.pdb$ source: GenericSetup.exe, 00000002.00000002.590656730.0000000004B92000.00000002.00020000.sdmp, GenericSetup.dll.0.dr
Source: Binary string: E:\Installer\Source\h2o-partner\h2o-partner\BundleConfig\uTorrent\obj\Release\uTorrent.pdbS:m: _:_CorDllMainmscoree.dll source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.590604060.0000000004B72000.00000002.00020000.sdmp, uTorrent.dll.0.dr
Source: Binary string: F:\Projetos\MyDownloader\MyDownloader\MyDownloader.Core\obj\Debug\MyDownloader.Core.pdb source: GenericSetup.exe, 00000002.00000002.595212596.0000000009DD2000.00000002.00020000.sdmp, MyDownloader.Core.dll.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\OfferServiceBLL\obj\Release\OfferServiceBLL.pdb source: GenericSetup.exe, 00000002.00000002.591156941.0000000005062000.00000002.00020000.sdmp, OfferServiceBLL.dll.0.dr
Source: Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: Microsoft.Win32.TaskScheduler.dll.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\DevLib.Services\obj\Release\DevLib.Services.pdb source: GenericSetup.exe, 00000002.00000002.592289458.00000000059E2000.00000002.00020000.sdmp, DevLib.Services.dll.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\DynActsBLL\obj\Release\DynActsBLL.pdb"2<2 .2_CorDllMainmscoree.dll source: DynActsBLL.dll.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\DevLib\obj\Release\DevLib.pdb source: GenericSetup.exe, DevLib.dll.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\Shared\obj\Release\Shared.pdb source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.591075759.0000000005022000.00000002.00020000.sdmp, Shared.dll.0.dr
Source: Binary string: E:\Installer\Source\h2o-partner\h2o-partner\BundleConfig\uTorrent\obj\Release\uTorrent.pdb source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, GenericSetup.exe, uTorrent.dll.0.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net35/Newtonsoft.Json.pdb source: GenericSetup.exe, 00000002.00000002.592604062.0000000005AA2000.00000002.00020000.sdmp, Newtonsoft.Json.dll.0.dr
Source: Binary string: E:\Installer\Build\installer.pdb source: installer.exe, 00000001.00000000.211488057.0000000000418000.00000002.00020000.sdmp, installer.exe.0.dr
Source: Binary string: C:\pveliz\poc\sciter.src.4.2.6.9\sdk\bin\32\sciter.dll.pdb source: GenericSetup.exe, 00000002.00000002.598327057.000000006ABF2000.00000002.00020000.sdmp, sciter32.dll.0.dr
Source: Binary string: E:\Installer\Source\h2o-partner\h2o-partner\BundleConfig\BT002\obj\Release\BT002.pdbL)f) X)_CorExeMainmscoree.dll source: GenericSetup.exe, 00000002.00000002.579210628.00000000003A2000.00000002.00020000.sdmp, GenericSetup.exe.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\H2OSciter\obj\Release\H2OSciter.pdb source: H2OSciter.dll.0.dr
Source: Binary string: C:\Users\Jonathan\source\repos\HtmlAgilityPack\HtmlAgilityPack.Net35\obj\Release\HtmlAgilityPack.pdb source: GenericSetup.exe, 00000002.00000002.597278541.000000000C762000.00000002.00020000.sdmp, HtmlAgilityPack.dll.0.dr
Source: Binary string: F:\Projetos\MyDownloader\MyDownloader\MyDownloader.Extension\obj\Debug\MyDownloader.Extension.pdb source: GenericSetup.exe, 00000002.00000002.595119153.0000000009DA2000.00000002.00020000.sdmp, MyDownloader.Extension.dll.0.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net35/Newtonsoft.Json.pdbSHA256/ source: GenericSetup.exe, 00000002.00000002.592604062.0000000005AA2000.00000002.00020000.sdmp, Newtonsoft.Json.dll.0.dr
Source: Binary string: C:\SourceCode\git\h2o-core\h2o-core\OfferServiceSDK\obj\Release\OfferServiceSDK.pdb source: GenericSetup.exe, 00000002.00000002.595090690.0000000009D92000.00000002.00020000.sdmp, OfferServiceSDK.dll.0.dr
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_004180F0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004180F0
Source: BitTorrent.exeStatic PE information: section name: .sxdata
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_00411130 push ecx; mov dword ptr [esp], ecx0_2_00411131
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_00413724 push eax; ret 0_2_00413742
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_00413A90 push eax; ret 0_2_00413ABE
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_00373723 push ecx; ret 1_2_00373736
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_00373D06 push ecx; ret 1_2_00373D19
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DevLib.Services.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\OfferServiceBLL.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\pt\DevLib.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\es\DevLib.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\en\DevLib.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DevLib.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\ru\DevLib.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\H2OSciter.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\OfferServiceSDK.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Microsoft.Win32.TaskScheduler.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DynActsBLL.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\sciter32.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\fr\DevLib.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\de\DevLib.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\HtmlAgilityPack.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\MyDownloader.Extension.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\MyDownloader.Core.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Carrier.exeJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Shared.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\uTorrent.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\it\DevLib.resources.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\2021.01.10_14.03.38.868334_installer_pid=5484.txtJump to behavior

Boot Survival:

barindex
Installs Task Scheduler Managed WrapperShow sources
Source: C:\Users\user\Desktop\BitTorrent.exeFile created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Microsoft.Win32.TaskScheduler.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion:

barindex
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)Show sources
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=True
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=True
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeWindow / User API: threadDelayed 866Jump to behavior
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DevLib.Services.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\OfferServiceBLL.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\pt\DevLib.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\en\DevLib.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Shared.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\es\DevLib.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\ru\DevLib.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DevLib.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\uTorrent.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\H2OSciter.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\it\DevLib.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\OfferServiceSDK.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Microsoft.Win32.TaskScheduler.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DynActsBLL.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\fr\DevLib.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\de\DevLib.resources.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\HtmlAgilityPack.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\MyDownloader.Extension.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.dllJump to dropped file
Source: C:\Users\user\Desktop\BitTorrent.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\MyDownloader.Core.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeRegistry key enumerated: More than 440 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_00405434 FindFirstFileA,FindFirstFileW,0_2_00405434
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_00374C10 FindFirstFileW,GetLastError,GetLastError,GetLastError,GetLastError,1_2_00374C10
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_00328210 GetVersionExW,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,GetModuleHandleW,GetProcAddress,GetSystemMetrics,1_2_00328210
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.591075759.0000000005022000.00000002.00020000.sdmp, Shared.dll.0.drBinary or memory string: <VirtualMachine>k__BackingField
Source: Shared.dll.0.drBinary or memory string: vmware
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, GenericSetup.exe, Shared.dll.0.drBinary or memory string: get_IsVirtualMachine
Source: GenericSetup.exe, 00000002.00000002.592289458.00000000059E2000.00000002.00020000.sdmp, DevLib.Services.dll.0.drBinary or memory string: <VirtualMachine>j__TPar
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.591075759.0000000005022000.00000002.00020000.sdmp, Shared.dll.0.drBinary or memory string: set_VirtualMachine
Source: GenericSetup.exe, 00000002.00000002.592031091.0000000005966000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: GenericSetup.exe, 00000002.00000002.592289458.00000000059E2000.00000002.00020000.sdmp, DevLib.Services.dll.0.drBinary or memory string: <VirtualMachine>i__Field
Source: GenericSetup.exe, DevLib.dll.0.drBinary or memory string: <IsVirtualMachine>k__BackingField
Source: GenericSetup.exe, 00000002.00000002.592289458.00000000059E2000.00000002.00020000.sdmp, DevLib.Services.dll.0.drBinary or memory string: _isVirtualMachine
Source: GenericSetup.exe, 00000002.00000002.592289458.00000000059E2000.00000002.00020000.sdmp, DevLib.Services.dll.0.drBinary or memory string: S{{ InstallId = {0}, MachineId = {1}, BundleId = {2}, BundleType = {3}, DeliveryMethod = {4}, BundleVersion = {5}, PartnerVersion = {6}, CarrierId = {7}, CarrierCompanyName = {8}, CarrierSoftwareName = {9}, CarrierSoftwareVersion = {10}, OsVersion = {11}, OsLanguage = {12}, OsBit = {13}, AgeOfOS = {14}, DotNetFramework = {15}, HostBrowserInfo = {16}, DefaultBrowserFamily = {17}, DefaultBrowserVersion = {18}, AntivirusInfo = {19}, CarrierOsBit = {20}, DeltaMs = {21}, CommandLine = {22}, VirtualMachine = {23}, MessageId = {24}, DownloadDate = {25} }}
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.591075759.0000000005022000.00000002.00020000.sdmp, Shared.dll.0.drBinary or memory string: get_VirtualMachine
Source: GenericSetup.exe, 00000002.00000002.587171951.0000000002B1A000.00000004.00000001.sdmpBinary or memory string: sBit":"AnyCPU","DeltaMs":1336,"CommandLine":"C:\\Users\\USERFOLDER\\AppData\\Local\\Temp\\7zS8E59FB89\\GenericSetup.exe","VirtualMachine":false,"MessageId":"","DownloadDate":"2021-01-10T22:03:35.36835Z"}}
Source: BitTorrent.exe, 00000000.00000003.210175233.0000000002250000.00000004.00000001.sdmp, GenericSetup.exe, Shared.dll.0.drBinary or memory string: set_IsVirtualMachine
Source: GenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmpBinary or memory string: VirtualMachine
Source: C:\Users\user\Desktop\BitTorrent.exeAPI call chain: ExitProcess graph end nodegraph_0-16346
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003E01A7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_003E01A7
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_004180F0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004180F0
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003F0822 mov eax, dword ptr fs:[00000030h]1_2_003F0822
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_0030C8D0 CreateMutexW,GetLastError,std::locale::_Init,std::locale::_Init,std::locale::_Init,GetProcessHeap,HeapFree,MessageBoxW,1_2_0030C8D0
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_0041561A SetUnhandledExceptionFilter,0_2_0041561A
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_0041562C SetUnhandledExceptionFilter,0_2_0041562C
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003E01A7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_003E01A7
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_00372FCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00372FCA
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe 'C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe' C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Carrier.exe C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Carrier.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_0030ADA0 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLastError,GlobalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,LookupAccountSidW,1_2_0030ADA0
Source: BitTorrent.exe, 00000000.00000002.580610839.0000000000C60000.00000002.00000001.sdmp, installer.exe, 00000001.00000002.583887518.0000000001180000.00000002.00000001.sdmp, GenericSetup.exe, 00000002.00000002.582980358.00000000011A0000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: BitTorrent.exe, 00000000.00000002.580610839.0000000000C60000.00000002.00000001.sdmp, installer.exe, 00000001.00000002.583887518.0000000001180000.00000002.00000001.sdmp, GenericSetup.exe, 00000002.00000002.591075759.0000000005022000.00000002.00020000.sdmp, Shared.dll.0.drBinary or memory string: Shell_TrayWnd
Source: BitTorrent.exe, 00000000.00000002.580610839.0000000000C60000.00000002.00000001.sdmp, installer.exe, 00000001.00000002.583887518.0000000001180000.00000002.00000001.sdmp, GenericSetup.exe, 00000002.00000002.582980358.00000000011A0000.00000002.00000001.sdmpBinary or memory string: Progman
Source: BitTorrent.exe, 00000000.00000002.580610839.0000000000C60000.00000002.00000001.sdmp, installer.exe, 00000001.00000002.583887518.0000000001180000.00000002.00000001.sdmp, GenericSetup.exe, 00000002.00000002.582980358.00000000011A0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_0037390F cpuid 1_2_0037390F
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: GetLocaleInfoEx,GetLocaleInfoW,1_2_0036D4F0
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: ___crtGetLocaleInfoEx,1_2_0036D6A6
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,1_2_00400093
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: EnumSystemLocalesW,1_2_00400356
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: EnumSystemLocalesW,1_2_0040030B
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: EnumSystemLocalesW,1_2_004003F1
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: EnumSystemLocalesW,1_2_003F9725
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_004007F7
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_004009CB
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: GetLocaleInfoW,1_2_003F9C71
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\uTorrent.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\H2OSciter.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Shared.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DevLib.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\OfferServiceBLL.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DevLib.Services.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Newtonsoft.Json.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\en\DevLib.resources.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\MyDownloader.Extension.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\MyDownloader.Core.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\OfferServiceSDK.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\HtmlAgilityPack.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_002F6E40 GetSystemTimeAsFileTime,__aulldiv,__aulldiv,1_2_002F6E40
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exeCode function: 1_2_003F8C1D _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,1_2_003F8C1D
Source: C:\Users\user\Desktop\BitTorrent.exeCode function: 0_2_004148D4 EntryPoint,GetVersion,GetCommandLineA,GetStartupInfoA,GetModuleHandleA,0_2_004148D4
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation431Scheduled Task/Job1Process Injection12Virtualization/Sandbox Evasion33Input Capture1System Time Discovery2Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel22Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsCommand and Scripting Interpreter2Boot or Logon Initialization ScriptsScheduled Task/Job1Disable or Modify Tools1LSASS MemorySecurity Software Discovery361Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothNon-Application Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsScheduled Task/Job1Logon Script (Windows)Logon Script (Windows)Process Injection12Security Account ManagerVirtualization/Sandbox Evasion33SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsNative API1Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSProcess Discovery13Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information2LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing1Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery256Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 337783 Sample: BitTorrent.exe Startdate: 10/01/2021 Architecture: WINDOWS Score: 68 35 Multi AV Scanner detection for submitted file 2->35 8 BitTorrent.exe 59 2->8         started        process3 file4 21 C:\Users\user\AppData\Local\...\installer.exe, PE32 8->21 dropped 23 C:\...\Microsoft.Win32.TaskScheduler.dll, PE32 8->23 dropped 25 C:\Users\user\AppData\Local\...\Carrier.exe, PE32 8->25 dropped 27 22 other files (none is malicious) 8->27 dropped 37 Installs Task Scheduler Managed Wrapper 8->37 12 installer.exe 1 2 8->12         started        signatures5 process6 dnsIp7 33 flow.lavasoft.com 104.18.87.101, 443, 49709, 49710 CLOUDFLARENETUS United States 12->33 39 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 12->39 41 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 12->41 43 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 12->43 45 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 12->45 16 GenericSetup.exe 15 4 12->16         started        signatures8 process9 dnsIp10 29 sos.adaware.com 104.16.235.79, 443, 49713, 49716 CLOUDFLARENETUS United States 16->29 31 flow.lavasoft.com 16->31 19 Carrier.exe 16->19         started        process11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
BitTorrent.exe25%VirustotalBrowse
BitTorrent.exe8%MetadefenderBrowse
BitTorrent.exe20%ReversingLabsWin32.PUA.ICBundler

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Carrier.exe8%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Carrier.exe14%ReversingLabs
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DevLib.Services.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DevLib.Services.dll4%ReversingLabs
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DevLib.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DevLib.dll4%ReversingLabs
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DynActsBLL.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DynActsBLL.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe4%ReversingLabs
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\H2OSciter.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\H2OSciter.dll3%ReversingLabs
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\HtmlAgilityPack.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\7zS8E59FB89\HtmlAgilityPack.dll3%ReversingLabs

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
3.2.Carrier.exe.400000.0.unpack100%AviraTR/Crypt.ULPM.GenDownload File
3.0.Carrier.exe.400000.0.unpack100%AviraTR/Crypt.ULPM.GenDownload File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://ocsp.entrust.net050%Avira URL Cloudsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://ocsp.entrust.net030%URL Reputationsafe
http://ocsp.entrust.net030%URL Reputationsafe
http://ocsp.entrust.net030%URL Reputationsafe
http://ocsp.entrust.net030%URL Reputationsafe
http://ocsp.entrust.net020%URL Reputationsafe
http://ocsp.entrust.net020%URL Reputationsafe
http://ocsp.entrust.net020%URL Reputationsafe
http://ocsp.entrust.net020%URL Reputationsafe
http://ocsp.entrust.net000%URL Reputationsafe
http://ocsp.entrust.net000%URL Reputationsafe
http://ocsp.entrust.net000%URL Reputationsafe
http://ocsp.entrust.net000%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://www.bittorrent.com00%Avira URL Cloudsafe
https://flow.lavasoft.comD80%Avira URL Cloudsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
https://sciter.com/docs/content/script/Stream.htm1%VirustotalBrowse
https://sciter.com/docs/content/script/Stream.htm0%Avira URL Cloudsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://%s:%d;https=https://%s:%dhttpsgzipdeflateContent-EncodingHTTP/1.0:0%Avira URL Cloudsafe
http://james.newtonking.com/projects/json0%URL Reputationsafe
http://james.newtonking.com/projects/json0%URL Reputationsafe
http://james.newtonking.com/projects/json0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
https://systemassistantpro.com/privacy/0%Avira URL Cloudsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
https://systemassistantpro.com/eula/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
sos.adaware.com
104.16.235.79
truefalse
    		high
    flow.lavasoft.com
    		104.18.87.101
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubPreUACfalse
        		high
        http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubPostUACfalse
          		high
          http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStartfalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://www.bittorrent.com/legal/terms-of-useLicensePage.html.0.drfalse
              		high
              http://www.fontbureau.com/designersGGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                		high
                https://sos.adaware.com/v1/bundle/list?bundleId=BT002GenericSetup.exe, 00000002.00000002.587342922.0000000002B39000.00000004.00000001.sdmpfalse
                  		high
                  http://www.fontbureau.com/designers/?GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                    		high
                    http://www.founder.com.cn/cn/bTheGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://ocsp.entrust.net05BitTorrent.exefalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ocsp.sectigo.com0BitTorrent.exefalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://ocsp.entrust.net03BitTorrent.exefalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://ocsp.entrust.net02BitTorrent.exefalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers?GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                      		high
                      https://www.opera.com/privacyGenericSetup.exe, 00000002.00000002.589393036.0000000002EAC000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.589331537.0000000002E0B000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.590123529.0000000003BF2000.00000004.00000001.sdmpfalse
                        		high
                        http://ocsp.entrust.net00BitTorrent.exefalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubPostUAC1813Winstaller.exe, 00000001.00000002.583623805.0000000000A2D000.00000004.00000020.sdmpfalse
                          		high
                          http://www.tiro.comGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designersGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                            		high
                            http://www.goodfont.co.krGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            https://www.adaware.cominstaller.exe, 00000001.00000003.214794494.0000000000A1A000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.589315240.0000000002DFA000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.587303185.0000000002B31000.00000004.00000001.sdmpfalse
                              		high
                              https://curl.haxx.se/docs/http-cookies.htmlinstaller.exe, installer.exe, 00000001.00000000.211488057.0000000000418000.00000002.00020000.sdmp, installer.exe.0.drfalse
                                		high
                                https://curl.haxx.se/docs/http-cookies.html#installer.exefalse
                                  		high
                                  https://github.com/arvidn/libtorrent/blob/master/LICENSELicensePage.html.0.drfalse
                                    		high
                                    http://www.sajatypeworks.comGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.typography.netDGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://taskscheduler.codeplex.com/Microsoft.Win32.TaskScheduler.dll.0.drfalse
                                      		high
                                      http://www.founder.com.cn/cn/cTheGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.galapagosdesign.com/staff/dennis.htmGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://fontfabrik.comGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.bittorrent.com/WarningPage.html.0.drfalse
                                        		high
                                        http://www.bittorrent.com0Carrier.exe.0.drfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://crl.entrust.net/g2ca.crl0;BitTorrent.exefalse
                                          		high
                                          https://flow.lavasoft.comD8GenericSetup.exe, 00000002.00000002.589284770.0000000002DDE000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://webcompanion.com/nano_download.php?partner=BT170701GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpfalse
                                            		high
                                            https://taskscheduler.codeplex.com/FMicrosoft.Win32.TaskScheduler.dll.0.drfalse
                                              		high
                                              https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallStartGenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmpfalse
                                                		high
                                                http://crl.entrust.net/evcs1.crl0BitTorrent.exefalse
                                                  		high
                                                  http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubStart2021.01.10_14.03.38.868334_installer_pid=5484.txt.1.drfalse
                                                    		high
                                                    https://sectigo.com/CPS0DBitTorrent.exefalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.galapagosdesign.com/DPleaseGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.openssl.org/LicensePage.html.0.drfalse
                                                      		high
                                                      https://sciter.com/docs/content/script/Stream.htmGenericSetup.exe, 00000002.00000002.594266419.00000000072A4000.00000004.00000001.sdmp, Log.tis.0.drfalse
                                                      • 1%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://flow.lavasoft.com/v1/event-stat/?ProductGenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://www.fonts.comGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                                          		high
                                                          http://www.sandoll.co.krGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://flow.lavasoft.comGenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://www.urwpp.deDPleaseGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://www.bittorrent.com/legal/privacyLicensePage.html.0.drfalse
                                                              		high
                                                              http://crl.entrust.net/ts1ca.crl0BitTorrent.exefalse
                                                                		high
                                                                http://www.zhongyicts.com.cnGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameGenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.entrust.net/rpa0BitTorrent.exefalse
                                                                    		high
                                                                    http://www.sakkal.comGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://aia.entrust.net/evcs1-chain256.cer01BitTorrent.exefalse
                                                                      		high
                                                                      https://download.winzip.com/oemg/25/winzip_mul_64.msiGenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOffersApprovedGenericSetup.exe, 00000002.00000002.589284770.0000000002DDE000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.apache.org/licenses/LICENSE-2.0GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                                                            		high
                                                                            http://www.fontbureau.comGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                                                              		high
                                                                              https://www.winzip.com/win/en/privacy.htmlGenericSetup.exe, 00000002.00000002.589929891.0000000003A53000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://%s:%d;https=https://%s:%dhttpsgzipdeflateContent-EncodingHTTP/1.0:GenericSetup.exe, 00000002.00000002.598327057.000000006ABF2000.00000002.00020000.sdmp, sciter32.dll.0.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		low
                                                                                https://h2oapi.adaware.comGenericSetup.exe, 00000002.00000002.591917813.00000000058A0000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmp, GenericSetup.exe.config.1.dr, GenericSetup.exe.config.0.drfalse
                                                                                  		high
                                                                                  http://www.entrust.net/rpa03BitTorrent.exefalse
                                                                                    		high
                                                                                    https://flow.lavasoft.comGenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmp, installer.exe.0.dr, GenericSetup.exe.config.1.dr, 2021.01.10_14.03.38.868334_installer_pid=5484.txt.1.dr, GenericSetup.exe.config.0.drfalse
                                                                                      		high
                                                                                      http://aia.entrust.net/ts1-chain256.cer01BitTorrent.exefalse
                                                                                        		high
                                                                                        http://sdl.adaware.com/cdn/SystemAssistantGenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.587493835.0000000002B62000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://net.geo.opera.com/opera/stable/windows?utm_source=lavasoft&utm_medium=pb&utm_campaign=lavasofGenericSetup.exe, 00000002.00000002.588370166.0000000002CA3000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://sos.adaware.com/v1/offer/detail?_id=14df08d87c25fac3ded1a7536f8e2ef83280a958GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://www.opera.com/eula/computersGenericSetup.exe, 00000002.00000002.589331537.0000000002E0B000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.590123529.0000000003BF2000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://www.symauth.com/cps0(Carrier.exe.0.drfalse
                                                                                                  		high
                                                                                                  https://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDetailsReceivedGenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://james.newtonking.com/projects/jsonNewtonsoft.Json.dll.0.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://sos.adaware.com/v1/offer/detail?_id=6ab2cb954101b5d77df9477d3e7c656c261020fdGenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.carterandcone.comlGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      • URL Reputation: safe
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://webcompanion.com/privacyGenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tBitTorrent.exefalse
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://www.fontbureau.com/designers/cabarga.htmlNGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://sos.adaware.comGenericSetup.exe, 00000002.00000002.587342922.0000000002B39000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.591917813.00000000058A0000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmp, GenericSetup.exe.config.1.dr, GenericSetup.exe.config.0.drfalse
                                                                                                            		high
                                                                                                            http://www.founder.com.cn/cnGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.fontbureau.com/designers/frere-jones.htmlGenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://systemassistantpro.com/privacy/GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.587620535.0000000002BCA000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://www.symauth.com/rpa00Carrier.exe.0.drfalse
                                                                                                                		high
                                                                                                                http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#BitTorrent.exefalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://www.jiyu-kobo.co.jp/GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://www.newtonsoft.com/jsonschemaNewtonsoft.Json.dll.0.drfalse
                                                                                                                  		high
                                                                                                                  https://systemassistantpro.com/eula/GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.587620535.0000000002BCA000.00000004.00000001.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://webcompanion.com/termsGenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.fontbureau.com/designers8GenericSetup.exe, 00000002.00000002.595924500.000000000A4F6000.00000002.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.winimage.com/zLibDllsciter32.dll.0.drfalse
                                                                                                                        		high
                                                                                                                        https://www.nuget.org/packages/Newtonsoft.Json.BsonNewtonsoft.Json.dll.0.drfalse
                                                                                                                          		high
                                                                                                                          https://offerservicefallback.blob.core.windows.netGenericSetup.exe, 00000002.00000002.591917813.00000000058A0000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.585832546.00000000029F1000.00000004.00000001.sdmp, GenericSetup.exe.config.1.dr, GenericSetup.exe.config.0.drfalse
                                                                                                                            		high
                                                                                                                            http://www.youtube.com/watch?v=AdPWWDkKS8s)GenericSetup.exe, 00000002.00000002.595119153.0000000009DA2000.00000002.00020000.sdmp, MyDownloader.Extension.dll.0.drfalse
                                                                                                                              		high
                                                                                                                              http://crl.entrust.net/2048ca.crl0BitTorrent.exefalse
                                                                                                                                		high
                                                                                                                                https://www.entrust.net/rpa0BitTorrent.exefalse
                                                                                                                                  		high
                                                                                                                                  https://www.winzip.com/win/en/eula.htmlGenericSetup.exe, 00000002.00000002.589929891.0000000003A53000.00000004.00000001.sdmp, GenericSetup.exe, 00000002.00000002.587648744.0000000002BD0000.00000004.00000001.sdmpfalse
                                                                                                                                    		high

                                                                                                                                    Contacted IPs

                                                                                                                                    • No. of IPs < 25%
                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                    • 75% < No. of IPs

                                                                                                                                    Public

                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                    104.16.235.79
                                                                                                                                    		unknownUnited States
                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                    104.18.87.101
                                                                                                                                    		unknownUnited States
                                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                                    General Information

                                                                                                                                    Joe Sandbox Version:31.0.0 Red Diamond
                                                                                                                                    Analysis ID:337783
                                                                                                                                    Start date:10.01.2021
                                                                                                                                    Start time:14:02:47
                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                    Overall analysis duration:0h 11m 36s
                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                    Report type:full
                                                                                                                                    Sample file name:BitTorrent.exe
                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                    Number of analysed new started processes analysed:31
                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                    Technologies:
                                                                                                                                    • HCA enabled
                                                                                                                                    • EGA enabled
                                                                                                                                    • HDC enabled
                                                                                                                                    • AMSI enabled
                                                                                                                                    Analysis Mode:default
                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                    Detection:MAL
                                                                                                                                    Classification:mal68.evad.winEXE@7/46@4/2
                                                                                                                                    EGA Information:
                                                                                                                                    • Successful, ratio: 50%
                                                                                                                                    HDC Information:
                                                                                                                                    • Successful, ratio: 76.7% (good quality ratio 74.9%)
                                                                                                                                    • Quality average: 81.6%
                                                                                                                                    • Quality standard deviation: 26.1%
                                                                                                                                    HCA Information:Failed
                                                                                                                                    Cookbook Comments:
                                                                                                                                    • Adjust boot time
                                                                                                                                    • Enable AMSI
                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                    Warnings:
                                                                                                                                    Show All
                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
                                                                                                                                    • Excluded IPs from analysis (whitelisted): 142.250.180.132, 13.88.21.125, 51.11.168.160, 13.64.90.137, 104.79.90.110, 20.54.26.129, 92.122.213.194, 92.122.213.247, 51.104.144.132, 52.155.217.156
                                                                                                                                    • Excluded domains from analysis (whitelisted): displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, arc.msn.com.nsatc.net, fs.microsoft.com, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, blobcollector.events.data.trafficmanager.net, www.google.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, skypedataprdcolwus15.cloudapp.net
                                                                                                                                    • Execution Graph export aborted for target Carrier.exe, PID 6192 because there are no executed function
                                                                                                                                    • Execution Graph export aborted for target GenericSetup.exe, PID 464 because there are no executed function
                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                    Errors:
                                                                                                                                    • Sigma syntax error: Has an empty selector, Rule: Abusing Azure Browser SSO

                                                                                                                                    Simulations

                                                                                                                                    Behavior and APIs

                                                                                                                                    No simulations

                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                    IPs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                    104.16.235.79IntegrationTest_7.7.2_Soft32.exeGet hashmaliciousBrowse
                                                                                                                                      IntegrationTest4.6.5Soft32.exeGet hashmaliciousBrowse
                                                                                                                                        ARjQJiNmBs.exeGet hashmaliciousBrowse
                                                                                                                                          1piS4PBvBp.exeGet hashmaliciousBrowse
                                                                                                                                            ZzbLdLAne7.exeGet hashmaliciousBrowse
                                                                                                                                              mxuVRaXMkN.exeGet hashmaliciousBrowse
                                                                                                                                                utorrent_setup.exeGet hashmaliciousBrowse
                                                                                                                                                  uTorrent.exeGet hashmaliciousBrowse
                                                                                                                                                    YouTubeDownloaderSetup.exeGet hashmaliciousBrowse
                                                                                                                                                      Garageband_7.2_ab (3).exeGet hashmaliciousBrowse
                                                                                                                                                        YouTubeDownloaderSetup.exeGet hashmaliciousBrowse
                                                                                                                                                          uTorrent.exeGet hashmaliciousBrowse
                                                                                                                                                            burnaware_free_12.9.exeGet hashmaliciousBrowse
                                                                                                                                                              uTorrent.exeGet hashmaliciousBrowse
                                                                                                                                                                btweb_installer(1).exeGet hashmaliciousBrowse
                                                                                                                                                                  104.18.87.101IntegrationTest_7.7.2_Soft32.exeGet hashmaliciousBrowse
                                                                                                                                                                  • flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart
                                                                                                                                                                  IntegrationTest4.6.5Soft32.exeGet hashmaliciousBrowse
                                                                                                                                                                  • flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart
                                                                                                                                                                  ARjQJiNmBs.exeGet hashmaliciousBrowse
                                                                                                                                                                  • flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubPostUAC
                                                                                                                                                                  1piS4PBvBp.exeGet hashmaliciousBrowse
                                                                                                                                                                  • flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubPostUAC
                                                                                                                                                                  ZzbLdLAne7.exeGet hashmaliciousBrowse
                                                                                                                                                                  • flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
                                                                                                                                                                  utorrent_setup.exeGet hashmaliciousBrowse
                                                                                                                                                                  • flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart
                                                                                                                                                                  YouTubeDownloaderSetup.exeGet hashmaliciousBrowse
                                                                                                                                                                  • flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubStart
                                                                                                                                                                  WcInstaller.exeGet hashmaliciousBrowse
                                                                                                                                                                  • flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1
                                                                                                                                                                  Garageband_7.2_ab (3).exeGet hashmaliciousBrowse
                                                                                                                                                                  • flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart
                                                                                                                                                                  zaMTU7CMVg.exeGet hashmaliciousBrowse
                                                                                                                                                                  • flow.lavasoft.com/v1/event-stat-wc?Type=ProgressInstall&ProductID=wc&EventVersion=1

                                                                                                                                                                  Domains

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                  sos.adaware.comIntegrationTest_7.7.2_Soft32.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  ARjQJiNmBs.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  1piS4PBvBp.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  ce69bb65-efdc-4a9d-89b0-b119d0dbb183.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.236.79
                                                                                                                                                                  ZzbLdLAne7.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  utorrent_setup.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  YouTubeDownloaderSetup.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  Garageband_7.2_ab (3).exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.236.79
                                                                                                                                                                  YouTubeDownloaderSetup.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  http://azure.download.pdfforge.org/op/lsop.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.237.150
                                                                                                                                                                  download.ap.bittorrent.com/track/stable/endpoint/utorrent/os/windowsGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.237.150
                                                                                                                                                                  uTorrent.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  http://banner.pdfforge.org/lavasoft_overlay_new_setup_progress_en.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.236.79
                                                                                                                                                                  uTorrent.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  btweb_installer(1).exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  flow.lavasoft.comIntegrationTest_7.7.2_Soft32.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  IntegrationTest4.6.5Soft32.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.88.101
                                                                                                                                                                  ARjQJiNmBs.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.88.101
                                                                                                                                                                  1piS4PBvBp.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.88.101
                                                                                                                                                                  ce69bb65-efdc-4a9d-89b0-b119d0dbb183.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.88.101
                                                                                                                                                                  Installer.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.88.101
                                                                                                                                                                  ZzbLdLAne7.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.88.101
                                                                                                                                                                  mxuVRaXMkN.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.88.101
                                                                                                                                                                  utorrent_setup.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  Setup.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  YouTubeDownloaderSetup.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  WcInstaller.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  Garageband_7.2_ab (3).exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.88.101
                                                                                                                                                                  installer.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.88.101
                                                                                                                                                                  YouTubeDownloaderSetup.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.88.101
                                                                                                                                                                  http://wcdownloadercdn.lavasoft.com/4.10.2225.4082/WcInstaller.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.88.101
                                                                                                                                                                  zaMTU7CMVg.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  download.ap.bittorrent.com/track/stable/endpoint/utorrent/os/windowsGet hashmaliciousBrowse
                                                                                                                                                                  • 104.17.61.19
                                                                                                                                                                  uTorrent.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.88.101

                                                                                                                                                                  ASN

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                  CLOUDFLARENETUSQuotation.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 172.67.188.154
                                                                                                                                                                  6hE7zSMErZ.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 172.67.188.154
                                                                                                                                                                  24D004A104D4D54034DBCFFC2A4.EXEGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.173.80
                                                                                                                                                                  60RaZHDpvI.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.28.5.151
                                                                                                                                                                  parler.apkGet hashmaliciousBrowse
                                                                                                                                                                  • 104.22.10.83
                                                                                                                                                                  parler.apkGet hashmaliciousBrowse
                                                                                                                                                                  • 104.22.11.83
                                                                                                                                                                  Doc.docGet hashmaliciousBrowse
                                                                                                                                                                  • 172.67.215.117
                                                                                                                                                                  Kah76pRyIC.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.28.5.151
                                                                                                                                                                  inrfzFzDHR.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 172.67.180.224
                                                                                                                                                                  ddkMUJ9VLH.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.37.75
                                                                                                                                                                  eblSMm2MsM.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.28.5.151
                                                                                                                                                                  AptoideTV-5.1.2.apkGet hashmaliciousBrowse
                                                                                                                                                                  • 104.22.10.83
                                                                                                                                                                  Request for Quote_SEKOLAH TUNAS BAKTI SG.doc__.rtfGet hashmaliciousBrowse
                                                                                                                                                                  • 104.23.98.190
                                                                                                                                                                  shipping order.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.23.98.190
                                                                                                                                                                  shipping order#.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.23.98.190
                                                                                                                                                                  0939489392303224233.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 162.159.128.233
                                                                                                                                                                  KeyMaker.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 1.0.0.0
                                                                                                                                                                  b12d7feb3507461a.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 162.159.138.232
                                                                                                                                                                  ARCH_2021.docGet hashmaliciousBrowse
                                                                                                                                                                  • 172.67.141.14
                                                                                                                                                                  SecuriteInfo.com.Trojan.DownLoader36.32796.17922.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 162.159.137.232
                                                                                                                                                                  CLOUDFLARENETUSQuotation.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 172.67.188.154
                                                                                                                                                                  6hE7zSMErZ.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 172.67.188.154
                                                                                                                                                                  24D004A104D4D54034DBCFFC2A4.EXEGet hashmaliciousBrowse
                                                                                                                                                                  • 104.16.173.80
                                                                                                                                                                  60RaZHDpvI.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.28.5.151
                                                                                                                                                                  parler.apkGet hashmaliciousBrowse
                                                                                                                                                                  • 104.22.10.83
                                                                                                                                                                  parler.apkGet hashmaliciousBrowse
                                                                                                                                                                  • 104.22.11.83
                                                                                                                                                                  Doc.docGet hashmaliciousBrowse
                                                                                                                                                                  • 172.67.215.117
                                                                                                                                                                  Kah76pRyIC.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.28.5.151
                                                                                                                                                                  inrfzFzDHR.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 172.67.180.224
                                                                                                                                                                  ddkMUJ9VLH.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.37.75
                                                                                                                                                                  eblSMm2MsM.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.28.5.151
                                                                                                                                                                  AptoideTV-5.1.2.apkGet hashmaliciousBrowse
                                                                                                                                                                  • 104.22.10.83
                                                                                                                                                                  Request for Quote_SEKOLAH TUNAS BAKTI SG.doc__.rtfGet hashmaliciousBrowse
                                                                                                                                                                  • 104.23.98.190
                                                                                                                                                                  shipping order.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.23.98.190
                                                                                                                                                                  shipping order#.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.23.98.190
                                                                                                                                                                  0939489392303224233.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 162.159.128.233
                                                                                                                                                                  KeyMaker.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 1.0.0.0
                                                                                                                                                                  b12d7feb3507461a.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 162.159.138.232
                                                                                                                                                                  ARCH_2021.docGet hashmaliciousBrowse
                                                                                                                                                                  • 172.67.141.14
                                                                                                                                                                  SecuriteInfo.com.Trojan.DownLoader36.32796.17922.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 162.159.137.232

                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                  3b5074b1b5d032e5620f69f9f700ff0einvoice.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  inrfzFzDHR.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  Transfer Form.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  b12d7feb3507461a.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  wire payment.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  Invoice payment confirmation.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  umOXxQ9PFS.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  Transfer Form.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  Informacion_29.docGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  do15gc2q.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  SOA.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  INVOICE PACKING LIST Pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  https://linkprotect.cudasvc.com/url?a=http%3a%2f%2ffindcloud.id%2fwp-includes%2f8JTmzq3FN6z3OBJBdBCfXrdcZl5H7ZxOaOZzfl2H%2f&c=E,1,2CiyC7FGbs3Pvr1yrAWkewOmRL-xyrP42HL37xX4omRyLZqRrqWOt_1RKb6pLtfzxs7zIBTrrVMEwQ8pOUIr2mFuNwrd9eHNrfkptUp83QPlV-CrGIoXMw,,&typo=1Get hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  https://northernprepsquad.uk/wp-content/C2SgD76AFgrcENck0bAOmz8LMoQDQN9C8XlsS16BNPCVrzJBNs/Get hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  Dhl paket.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  https://mrveggy.com/resgatecarrinho/jcWVa69vj8IDsQRCud8h6RNI9Mz17JqsPPJ0DFnlbXZGyMM2GcZ3/Get hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  http://covisa.com.br/paypal-closed-y2hir/ABqY1RAPjaNGnFw9flbsTw3mbHnBB1OUWRV6kbbvfAryr4bmEsDoeNMECXf3fg6io/Get hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  1HnGvXpvhg.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  1FXO8fI8R3.exeGet hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79
                                                                                                                                                                  http://goodjobssolutions.com/mayo-clinic-nmk5w/WQDXUGGDH1memfhbzQba7kowTEW24A/Get hashmaliciousBrowse
                                                                                                                                                                  • 104.18.87.101
                                                                                                                                                                  • 104.16.235.79

                                                                                                                                                                  Dropped Files

                                                                                                                                                                  No context

                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\2021.01.10_14.03.38.868334_installer_pid=5484.txt
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):26617
                                                                                                                                                                  Entropy (8bit):5.2964419807965335
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:WvBdZCm/I6/IN58/J/k/L/P/v5r/h/Iz/IY/G/Ejyjkj0ojUjVjQjzjkjKjwjFFL:6moIoQZMv4uc5tkN1tYtfGJJ0Mxh2
                                                                                                                                                                  MD5:F82C8A2E7AA3855DC967B33E320EB7E7
                                                                                                                                                                  SHA1:BCF7E3E9860BAF93D4B633C7E77CE55483C5F182
                                                                                                                                                                  SHA-256:ED2929F9872D4E48EF20A6739ADF23E023E8838B43FE85F63445CB4F852FB9BF
                                                                                                                                                                  SHA-512:E873FD1A845B381AA8D3DE0008345602BA8957FE5E7C4ABFF1874F6EE100A3752C68A04F3B086312FA175B8174DB4F30D4CFBF15FC87F26895496870AFAAD0C2
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: [1][debug][2021-01-10 14:03:38.868334][00:00:00][0x0000156c][0x00000d70][installer][DeleteTempOnNextReboot][223]: Set Delete File On Next Reboot Done:"C:\Users\user\AppData\Local\Temp\7zS8E59FB89\de\DevLib.resources.dll"..[2][debug][2021-01-10 14:03:38.868334][00:00:00][0x0000156c][0x00000d70][installer][DeleteTempOnNextReboot][238]: Set Delete Folder On Next Reboot Done:C:\Users\user\AppData\Local\Temp\7zS8E59FB89\de..[3][debug][2021-01-10 14:03:38.868334][00:00:00][0x0000156c][0x00000d70][installer][DeleteTempOnNextReboot][223]: Set Delete File On Next Reboot Done:"C:\Users\user\AppData\Local\Temp\7zS8E59FB89\en\DevLib.resources.dll"..[4][debug][2021-01-10 14:03:38.868334][00:00:00][0x0000156c][0x00000d70][installer][DeleteTempOnNextReboot][238]: Set Delete Folder On Next Reboot Done:C:\Users\user\AppData\Local\Temp\7zS8E59FB89\en..[5][debug][2021-01-10 14:03:38.868334][00:00:00][0x0000156c][0x00000d70][installer][DeleteTempOnNextReboot][223]: Set Delete File On Next Reboot Done:
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\BundleConfig.json
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:UTF-8 Unicode text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2120
                                                                                                                                                                  Entropy (8bit):4.866892243125279
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:1YAv1FbhznIgI7xoc2uyFwLKsLkt0DKrolUcRqo7P9:mANznfixpBl2cR1z9
                                                                                                                                                                  MD5:944BF405C422A85B6C043A5FC24BA0D1
                                                                                                                                                                  SHA1:168CF17A64AB9010BB0BAF1BB404B6EC5B5D4B5A
                                                                                                                                                                  SHA-256:134202194A3A03107A3F62B994F4B637BA0ACB8B42467B854EE2EE6CFE2CC987
                                                                                                                                                                  SHA-512:D92C6A2DAC520C1ACCD4C75CBFE645036465F32B0CF3F80BDCDD1DD55C454F61BD8288F73B1BF5570A374B71460738FEEDFDE9785E4D92E3C3004594594FD337
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: {.. "BundleConfig": {.. "BundleId": "BT002",.. "AppName": "BitTorrent",.. "AppTitle": "BitTorrent Install Wizard",.. "SupportOldCommandLineStyle": false,.. "IsMultiOffer": false,.. "RequireInternetConnection": true,.. "RequireAdminAccessRights": true,.. "UseOfferInstaller": false,.. "ShowCancelMessage": true,.. "BundleType": "Packaged",.. "DeliveryMethod": "Classic",.. "LockSendingEvent": false,.. "UACSetting": "UACRequired",.. "AssemblyName": "uTorrent",.. "WriteLogFile": false,.. "SendProfileDebugEvent": false,.. "SupportAppEsteemFlow": true,.. "ShowNoTitleBar": false,.. "FormHeight": 497,.. "FormWidth": 700,.. "CertificateName": "",.. "IsSuite": false,.. "NoFilter": false,.. "SendStubUACEvents": true.. },.. "CarrierService": {.. "CompanyName": "BitTorrent Inc.",.. "ProductName": "BitTorrent",.. "SoftwareVersion": "7.10.5.45857",.. "FileDescription": "BitTorrent",.. "LegalCopyright": ".2020 Bit
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Carrier.exe
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1960416
                                                                                                                                                                  Entropy (8bit):7.982930637820915
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:49152:9XMx7j/HETPeZJdvRJaS88mUMGHzHlTy4hGX0Rc0fLA4vS4ejKnV:u7j/keJdvRJajv+UcGX4c0f55V
                                                                                                                                                                  MD5:9F65E9BF390B1B9E714A2759BB995EBD
                                                                                                                                                                  SHA1:ED2EB8BCEDBD177D1AC6B43094D0B5BBA97D3DC9
                                                                                                                                                                  SHA-256:BB9ECA55BB2B7633E7D053F4B5AB7BE761D63D327D74294CCB43F037D2F1BC30
                                                                                                                                                                  SHA-512:89A9C9BA1CB57A63F25A4719DDCD350556484ECFAB9EBF17BF50D99E32CD03895B660EA3BDF4688F1894F71986DAF67F6759F847C7398B5F93A15E95365CD731
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Metadefender, Detection: 8%, Browse
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 14%
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$...........H.`.H.`.H.`..z..T.`..z...`..z..m.`..e.J.`..F..J.`.s.c.S.`.s.e.4.`.s.d.d.`...n.K.`..j.I.`..i.k.`..d..`.A...X.`.A...I.`.A...a.`.H.a..`..e...`....I.`.H...K.`..b.I.`.RichH.`.................PE..L...{.._..........................:.0.U.. :...U...@...........................W...............................................W.......U..................I....................................U.......U.\...........................................UPX0......:.............................UPX1......... :.....................@....rsrc.........U.....................@......................................................................................................................................................................................................................................................................................................3.00.UPX!....
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DevLib.Services.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):220032
                                                                                                                                                                  Entropy (8bit):6.022155360009045
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:VW2jae99JtX/C4JrBzmnrPy0AgspkvwP4ysi6yBwUud0KEEX:VHja0JrBzyrqrgspkRipw
                                                                                                                                                                  MD5:1DC5971BBD5D90DB14ADE4D3DE019B34
                                                                                                                                                                  SHA1:3B90CA0A5228FDC0B3F28D38A730A16F30DC756F
                                                                                                                                                                  SHA-256:558728178BD8521A07223B30F63F97FC82FF8D9F6DE89C1AE9147219A3EC3EE9
                                                                                                                                                                  SHA-512:49EF8CB0334D17AD0235CE6C955FFB6EF07C611CB4D5B220099EF843518F9ACB54D1FD5E9B222A179F95A094FAAD8E7CC1E4DF0FCFF68FA4B520ECE14AAB9383
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x>_.........." ..0.. ...........>... ...@....... ....................................@..................................>..O....@..d............(...3...`......L=............................................... ............... ..H............text........ ... .................. ..`.rsrc...d....@......."..............@..@.reloc.......`.......&..............@..B.................>......H........b..x.............................................................{....*..{....*..{....*..{....*..{....*..{....*..{....*..(......}......}......}.......}.......}.......}.......}....*....0...........u......9....(.....{.....{....o....9....(.....{.....{....o....,w( ....{.....{....o!...,_("....{.....{....o#...,G($....{.....{....o%...,/(&....{.....{....o'...,.((....{.....{....o)...*.*....0.......... ... )UU.Z(.....{....o*...X )UU.Z(.....{....o+...X )UU.Z( ....{....o,...X )
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DevLib.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):76672
                                                                                                                                                                  Entropy (8bit):6.153681574086229
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:azuw8W9A3PZWEWtFoZIXjjzZh9Cjj8wwsGwkF:quUDYyvzZhQv8
                                                                                                                                                                  MD5:1D531819386B79B765FEA17C8E2B8947
                                                                                                                                                                  SHA1:677CBD56F77B58F442D54537F238E55B85A0B5A0
                                                                                                                                                                  SHA-256:CD5D8F743D2528897D65A33AC5D7D4609DF275D0AFBE43CAD4438DED9BC21B42
                                                                                                                                                                  SHA-512:C865EAEAA0C40479A6944DB3D3B6D001B460ED870353AC72471B14DE1B79662B11EA5FA223B74E6FDFBF5A70A37CC470141A242C5853BAF49DF68EC6DB61B397
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x>_.........." ..0.................. ... ....... .......................`.......r....@.....................................O.... ..L................3...@......t................................................ ............... ..H............text...$.... ...................... ..`.rsrc...L.... ......................@..@.reloc.......@......................@..B........................H.......HN................................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{ ...*"..} ...*..{!...*"..}!...*..{"...*"..}"...*..{#...*"..}#...*..{$...*"..}$...*..{%...*"..}%...*..{&...*"..}&...*..(......(......(......(.....~....(......(......(....*..{'...*"..}'...*..{(...*"..}(...*..{)...*"..}).
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\DynActsBLL.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20352
                                                                                                                                                                  Entropy (8bit):6.712461218172328
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:09Y0bpB4jgn5baI7pWCxIWuAWaKDTWCxIWuIW+tSWsa:09keFRtwzAc3wzINS
                                                                                                                                                                  MD5:0B686760E40EC147EB365FB883C16581
                                                                                                                                                                  SHA1:B9D48308F72801BBDDE5ECB3A02D60448E5150B6
                                                                                                                                                                  SHA-256:8EAE5A1862495C2CF57FD0275F574D609083EBF1B75CBB5CFEB1D955302E0DB8
                                                                                                                                                                  SHA-512:57C0FD8FB2945078E4C185C7EEED75FAFC2CF914A4C1564243BBBD6AC12598F3879EE94A5F3F5E4BCC7C483D51034C4C05D134702A6C987AC487EA191740F3B4
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7P..........." ..0.............N2... ...@....... ...............................&....@..................................1..O....@...................3...`......`1..8............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H........#..T............................................................0...........o....o.....+g..(....o....o.....+:..(....(......(....,%.(....&~....r...p.r...p(....o.......K..(....-...........o.......(....-...........o.........~......o....o.......*.*....(.... .Gg..........t....................s.........*.0...........-..+..(......(....-..*.,.( ...o!....o"...-..*(#.........(.....( ...o$......Zo%...+. ....(&...( ...o!....o'...t%...o(...,.( ...o!....o'...t%...o).....Zo*...&.*.
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):133504
                                                                                                                                                                  Entropy (8bit):6.079141069627818
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:OC84InqflsH51fWxs2fq+ut3Ki7IDnVtq7:Nrfq+upKUR
                                                                                                                                                                  MD5:6700FDDE42B27AB7B055F008086DF0A2
                                                                                                                                                                  SHA1:4CCD2E4938C4374F43936BEFFC592638BE9166AA
                                                                                                                                                                  SHA-256:B28748F2E39A97DDF8DFE35B2814A54FB744129719AFC712E4F0F5B6043B0535
                                                                                                                                                                  SHA-512:C3E152EAC4AD7049F543D6792E8E4F8834DE5B6D5AD07EB85A4952A9D70AC3CDA340EF4E84942E704319F7137E66D2B395997557B4BE1928061A54F07AA35944
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x>_.........." ..0.............N.... ........... .......................@.......L....@.....................................O........................3... ....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................0.......H.......d...`...........................................................J.s....}.....(....*6.{.....o....*2.{....o....*2.{....o....*V..}......o.....(....*..{....*....0..8........(....-.(....r...p.(.....+.....\./o........{.....o....&*.0..W........{....r...po....,C.{......o......{.....o......,%.....{ ....{....o.....{.......io!...&.*.("........*"..(#...*&...(....*"..($...*&...(%...*&...(&...*"..('...*..((...*&...()...*"..(*...*"..(+...*&...(,...*..(-...**....(....*&...(/...*..(0.
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28544
                                                                                                                                                                  Entropy (8bit):6.667050149427638
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:wA761ErOAl0Efi11koKI7pWCxIWuAWQotkWCxIWuIWEdSWsaqIbp:1sErO+0EGBtwzAYWwzIvSH
                                                                                                                                                                  MD5:AEA3BF7F054564889ED5FAFAE481D1B7
                                                                                                                                                                  SHA1:03FB4C344E2E7BA3852A2823E411E704FDC5C2B6
                                                                                                                                                                  SHA-256:203E6E3041E87EF3B78BFB639D0F7D409E94523AB29112901DC0F400769144BF
                                                                                                                                                                  SHA-512:D2FF35F9039ADCB0E37B0A66A82B2E2A36D32F6BEFF2AD89344D09526118270B6F8E1ED6E477FBABFF3B153AC26DA2F668AC7FAEA467D9F3FF9ECE70157B27F3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t.._..............0......0......v)... ...@....@.. ....................................@.................................$)..O....@..>,...........<...3...........'............................................... ............... ..H............text...|.... ...................... ..`.rsrc...>,...@......................@..@.reloc...............:..............@..B................X)......H........ ..8..............................................................(.......s....%r...ps....o.....%r+..ps....o.....}....*&..(.....*b..s.........~....o.....*".(.....*BSJB............v2.0.50727......l...p...#~..........#Strings........X...#US.,.......#GUID...<.......#Blob...........W..........3..............................................................s.....s...f.A...........................m.....9.....R...........z.T...X.T.....................E.......&...)...........
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe.config
                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exe
                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2078
                                                                                                                                                                  Entropy (8bit):5.2728317914298275
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:cP02Epki1Xn6bQ/tMwA2vHIKI4YHJyIcsJcJ4YHKJyI+:l28kKZIKI4YpytsJcJ4YqJyt
                                                                                                                                                                  MD5:EFB8DAB33A67572A249DB019E19DFA49
                                                                                                                                                                  SHA1:1554C46531FCE9EACFF6E7E356BC6D27AE0F154D
                                                                                                                                                                  SHA-256:441C50204ACAB66A694C6D9E4A314D20FF161EA84BAE71CDC82820E79623FEBB
                                                                                                                                                                  SHA-512:991A6F663D49881AD592F47ED5B17C705AC76E7FF17DF3C79D5ADE0539158E3362D3260C5A91346DDD8F2C472E32CEFD2E3229DDE3C9CCC6CB1E50F75157D162
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>..<configuration>..... .. .. .. .....<runtime>...... .. ....<NetFx40_LegacySecurityPolicy enabled="true"/>...</runtime>...<startup useLegacyV2RuntimeActivationPolicy="true">...... .. .. ....<supportedRuntime version="v4.0"/>....<supportedRuntime version="v2.0.50727"/>...</startup>...<appSettings>...... .. .. .. .. .. .. .. .. .. .. .. ....<add key="OfferServiceHostUrl" value="https://sos.adaware.com"/>....<add key="FallbackOfferHostUrl" value="https://offerservicefallback.blob.core.windows.net"/>....<add key="FallbackOfferDataFileName" value="FallbackData.json"/>....<add key="FallbackOfferDataDetailsFileName" value="FallbackDetails_@.json"/>....<add key="EventServiceUrl" value="https://flow.lavasoft.com"/>....<add key="BundleInfoHostUrl" value="https://h2oapi.adaware.com"/>....<add key="ClientSettingsProvider.ServiceUri" value=""/>....<add key="InstallId" value="94dede78-7c65-427c-87a2-be00dd52627d"/
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\H2OSciter.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):142720
                                                                                                                                                                  Entropy (8bit):6.069705876419194
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:0sZkgzoO0l6FRu+BVQLmwZpApDfOP4VsfU+3ovnXw7DiZ0/hOnMarErLtMZIBerT:0AM6fpuO5pXYhbarUtCIBtyZErS
                                                                                                                                                                  MD5:B683AC76CDC8C6E1E17E092F694AB47F
                                                                                                                                                                  SHA1:7D49D85207FC204F11D8A49757B9F1D979357735
                                                                                                                                                                  SHA-256:57A72D1AD8E9B54FBCBB9F9A1988CA34887A28CA8DF83536B08C3653E7004DCC
                                                                                                                                                                  SHA-512:23FCA46C13C698E7B119EFF5966A88C21397C93275F8D8A11CA72037C21B0C757F0F648C381BB23D53601AD18A5D8E54D1D02E955CE88DD6352617CBDCFC9887
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~x>_...........!..0.................. ... ....... .......................`............@.....................................O.... ...................3...@....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........i..............................................................2....0(....&*f.-..oW......o;.....(....*..0..N........{....~....(....,.r...ps....z...( ...}..........{.....|....(!.....ior...}....*...0..J........{....~....("...,.r-..ps....z.....{.....{....oz...&.~....}.....|....(#...*...0..M........{....~....("...,.r-..ps....z.....{.....{.........ov...-..*..9........($....*..(%...*.(.........*..{....*"..}....*..(%....~....("...,.rw..ps&...z..(....*....0..@........(%....o
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\HtmlAgilityPack.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):166272
                                                                                                                                                                  Entropy (8bit):5.749196901084618
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:Q5GBA6Iwve7y4OqR2+7sa0v/ow+aAVjvXVYloeHhdrlELbgSAUiB7KwYOUZJ5u66:OGBAb1O8Jk//AVjXVYl3dvFUZebr3
                                                                                                                                                                  MD5:CA8A87A34941791E5861D34A5C5B0B18
                                                                                                                                                                  SHA1:0E8A04F7847B5AAB0562158B0CBEB87CBB10C628
                                                                                                                                                                  SHA-256:F4E487BA52E1B6A10C0EC2E009E2008E1D3DFB7B3C2F87EE08EA5CC91EAB0848
                                                                                                                                                                  SHA-512:50F31696C012D0E5634BC3A9AFCA6B0DCE6CDBE8999EB33D67822860F3CBE5DF570AAFFB410F27D9E93D73DDA01C038DFB8240CCE018C68CBFC6FC804205F948
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..L...........g... ........... ....................................@.................................qg..O....................V...3...........f..8............................................ ............... ..H............text....K... ...L.................. ..`.rsrc................N..............@..@.reloc...............T..............@..B.................g......H........,...9............................................................{....*"..}....*....0..#...........i...+...Y.....(.......X...0..f*..0..>..........o*......+*..Y...o+...% ...._...c..(.......(.......X...0..f*&...(....*.0..:........ ...._....c.....{....(....}.......{....(....}.....{....f*R~......a ...._...da*..(,...*n .....i...%.....(-........*:.(......}....*..{....*V..}.....(,.....}....*..{....*"..}....*..{....*..{....*..{....*..{....*"..}....*...0..E........{....-"..{.
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Microsoft.Win32.TaskScheduler.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):310656
                                                                                                                                                                  Entropy (8bit):6.189652035936469
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:SG07E8NW93vlxjYULsxwwnpfmEtXqMDYr5vnA+19afZ:AE73vPYULsxwwnpfmEtXqMuvFkf
                                                                                                                                                                  MD5:5D1ABDDBDD57DC6F6C69D70717732445
                                                                                                                                                                  SHA1:F167A9D197AA17D8135D4153264EC763BF1AAFCB
                                                                                                                                                                  SHA-256:D0BD7A3C7C610CA79DE5D33D44DCE4C373B0D9740D6848DEF63F98F2FE47D3B2
                                                                                                                                                                  SHA-512:619755458F0F1C8557FBF4E4E232943A6460E2D95BCD9E2AF394379AC7ED68649D321C20243A85F331ECD9C3B687E193067508A3841068DBC01DB2F55881DC55
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H.RY.........." ..0................. ........... ....................................@.....................................O.......0................3..........`................................................ ............... ..H............text...@.... ...................... ..`.rsrc...0...........................@..@.reloc..............................@..B.......................H........y..$............E...W............................................{....*..{....*V.(......}......}....*...0..;........u,.....,/(.....{.....{....o....,.(.....{.....{....o....*.*. .F*. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*.0...........r...p......%..{.........../...../...-.q/......../...-.&.+.../...o.....%..{...........0.....0...-.q0........0...-.&.+...0...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*....0..S........u1.....,G(.....{.....{....o
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\MyDownloader.Core.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):70528
                                                                                                                                                                  Entropy (8bit):5.456040040832188
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:1/nineequbTcsaB8+bfAvCIlATfL99Vi2oc4wZtwzAQwzIyS:ZineezcsaBbfCCRTfL/V5MwrwsQwk
                                                                                                                                                                  MD5:BD6B9907CEC39E8063D5FB81457C5B7D
                                                                                                                                                                  SHA1:8B41B4F4DDF0F7366EF14919F763212EAF59F02E
                                                                                                                                                                  SHA-256:F27065FB36B9EAE26D77B957B149CCE43F9AB196E7DD3DD70D488FB82D4E28CC
                                                                                                                                                                  SHA-512:7CE275347E1780FC02BD9C40B709EB68DD867F38F781DC7920C5039FD60635161A8D2834767F06DA0B0A95E58380A7124DCEC111C23B6839974FD6F1F73BCB62
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.G...........!......... ........... ........@.. ....................... ............@.....................................S........................3..........L................................................ ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\MyDownloader.Extension.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):185216
                                                                                                                                                                  Entropy (8bit):6.578811730156881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:iuAjNMSC7Mdlszb/0DfV9H8I++Wy/6EAwZZIm11ufs48TVB2:P7rzb/0DfDH8I++Wy/6EAwTIm1gfa
                                                                                                                                                                  MD5:FB2FEE89DF095D84F456C9BB10BFD4C5
                                                                                                                                                                  SHA1:AEBADEBCF1E58ADB18D9404F00E834DD94117B09
                                                                                                                                                                  SHA-256:17D4BC8334AA0D043D9399A3DF4851480843C315D076EA72269B152D5E7E7EBD
                                                                                                                                                                  SHA-512:BCCE21050AEE48FE322E6F76196775DF49BDC0DD1F15F367B7681D3CCD2DB8EF53AA4A84CAAE3DA92C6C17E85F3D05DF282CAECB2846DBE077E346741950681A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.G...........!.....p... .......... ........@.. ..............................1+....@.....................................O........................3........................................................... ............... ..H............text....g... ...p.................. ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Newtonsoft.Json.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):493440
                                                                                                                                                                  Entropy (8bit):6.093727112728679
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:fxDl/HgeQ6iL35JY+fy2zqXZIGjk6qTlyCalnBu8jeguAkMAe:z/gecNU2zqX6lUB2Ake
                                                                                                                                                                  MD5:51AF416B1563FB59FDD310157379D0B1
                                                                                                                                                                  SHA1:BC0BE019BE42AFE7021EF6CF709361E58988BDD7
                                                                                                                                                                  SHA-256:F16399C4F6791ABE0C65D62FCCB8FC90CAE7B4EC5412EFEFBE1104E490AF4318
                                                                                                                                                                  SHA-512:2F894C6CBEEDF6DB2D7F0420B79BDF595D39491A34FCB45EA104C6E9551F53CD483DFA395C7E4B2B11195E94AC2482967BF587114A819BDAA0E9C9D02E8C7358
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O............." ..0..J..........*h... ........... ....................................@..................................g..O....................T...3...........g..T............................................ ............... ..H............text....I... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B.................h......H.......X(..0>...................f........................................(....*..(....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{.....3...{.......(....,...{....*..{........-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..o....aX...X...o....2.....cY.....cY....cY..{......{...._..+&.{.....3..{......o....,..{....*.{......-....(....*....0..H.......
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\OfferServiceBLL.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):104320
                                                                                                                                                                  Entropy (8bit):6.113336182736907
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:lt0e2iOZB9SumldCeerhmA/6TMfRmACay70Ab:70e2jZDS4
                                                                                                                                                                  MD5:E8107A6D542759EC90E8B82B632E688F
                                                                                                                                                                  SHA1:73D882E740AC7A2B9BD8E1AAFEE8B0091BB4805C
                                                                                                                                                                  SHA-256:5021D7180895701AADE6DE9187BE6511323B279DB58C7F6D2773FC1EBD2B2AF3
                                                                                                                                                                  SHA-512:7D14FBC7663C7ABC4B9144F4929D02E08420CDFBD69C5489FE014ADF1C515408C8970B707F5B2CD626A1126DEA82A8A44DB1DD78365741C8744380AB32AC7441
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K............." ..0..\...........z... ........... ..............................rF....@..................................z..O....................d...3...........y..8............................................ ............... ..H............text....Z... ...\.................. ..`.rsrc................^..............@..@.reloc...............b..............@..B.................z......H.......... ............................................................~....*.......*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*.0..D........ 0u..}........... ...o....}.....s....}.....s....}.....(......}....*Z~....%-.&.s....%.....*..0..n.........}.......}.......}.......}.......}......}..........s....}.....(....}............s...........s.....o....}....*"..}....*..0..7........o.......(....-..(.....X%(....s....o.....o.......(..
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\OfferServiceSDK.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):29568
                                                                                                                                                                  Entropy (8bit):6.420282973474644
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:nvnt60Ge6M91t0jD2ZcXp4D7aRJJNEoO9Hu9V0SI0GzsM5+7dqJfI7pWCxIWuAWD:nvU0G4/tcyyKSRvMgf4wtwzAJywzIES
                                                                                                                                                                  MD5:DECA3DDE0CB9904F3B1A5B56CE0494CD
                                                                                                                                                                  SHA1:7D8F19411CCDC2F597E53DD80B0D25047F3A103C
                                                                                                                                                                  SHA-256:C85E0D932F13DD3A76498205DF3C329729946DCF1703BE884445A509E57EC28E
                                                                                                                                                                  SHA-512:2DB512FBCFDE339EAEFA7928135EB5043DEB8633EE295B202BFED2A99D165F51FCDE3E8CF24DE73B81C77524686D2345F8019B5F87994E6948082FBB45EB4F65
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~x>_.........." ..0..8...........V... ...`....... ...................................@..................................U..O....`..d............@...3...........T............................................... ............... ..H............text...$6... ...8.................. ..`.rsrc...d....`.......:..............@..@.reloc...............>..............@..B.................V......H.......@'..T-...........................................................0...........(....t.......o....(...+*....0..&.....................(....t.......o....(...+*...0..........r...p......%...%...%....%....(....(.......(....,....(....o.............o....o.....o....r!..p..o......,2.r5..po.....o....s.......(.......o.......,..o......*.......~..........0..v........o......s..... .....%....s ........ ....o!.....+.......o"...&... ....o!........0...o....(...+....,..o......,..o......*..
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\FinishPage.html
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1458
                                                                                                                                                                  Entropy (8bit):4.393337734244553
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:uIKe1l3MC06Lixv76LJgWC8pE9pMItWOck:uIKeL8CmPt7FZck
                                                                                                                                                                  MD5:3BF1735583BBEA98BE9021D18F74A576
                                                                                                                                                                  SHA1:63F44C67C37971B5ADBA01BE6F5309D8FCBAF800
                                                                                                                                                                  SHA-256:A1A2C3AAAC73220795EC17935142C40E2833B2F21660109886F07DDD26F2A88E
                                                                                                                                                                  SHA-512:3770070EAE0B411217D37E4A45CC403913584467E923EC368CD77E3AF85F3258940B7E5F1460BC79058024D96626A5EC4599B0F728FF6145EF32A397192C8AA9
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: .<html>....<head data-event-handler="FinishEventHandler">.. <link rel="stylesheet" type="text/css" href="resources/style.css">.. <script type="text/tiscript" src="resources/tis/EventHandler.tis"></script>..</head>....<body>.. <div class="container">.. <div class="header">.. <h1 id="Header1">Thank you for installing BitTorrent&#174;</h1>.. <div class="head-img-block right">.. <picture id="Icon" class="logoHeader" />.. </div>.. </div>.... <div class="content">.. <div class="wrapper">.. <p>.. Thank you for installing BitTorrent&#174;, the #1 torrent download client on desktop and mobile devices worldwide... </p>.. <p id="Line1" class="mt-1">.. Version {Resource SoftwareVersion} by {Resource CompanyName}... </p>.. <div class="chkbox-block mt-1">.. <button id="CheckBox1"
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\InstallingPage.html
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1347
                                                                                                                                                                  Entropy (8bit):4.290073051086382
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:wYAIuTM+K+INlrEqgIlrbMCcfd14LrervtehMW2ohCRq/HxllyI3TbCpNFCR5MPR:uIue1l3MClLixvoywPqfyZ5tHFWJrRik
                                                                                                                                                                  MD5:F175AB4BE18D9B8DEB33DB0C0F38FF77
                                                                                                                                                                  SHA1:9F2D1CA1E2D376EB26F30A8E1CFADBF05F80EE58
                                                                                                                                                                  SHA-256:F19AED7B330CB4B6B4DAA6C39A3A6131AF8A835C93F85BB57DDF0A0F1A75E482
                                                                                                                                                                  SHA-512:F8FF0E0772CEA8F48CCFB6B47648B3472C79FAA0574231DF0448428D5B056B2A9DCF55576BD08DEB4A1DE2A242FA29D8114DBA4401A3813AB441005251025B9E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Preview: .<html>....<head data-event-handler="InstallEventHandler">.. <link rel="stylesheet" type="text/css" href="resources/style.css">.. <script type="text/tiscript" src="resources/tis/EventHandler.tis"></script>..</head>....<body>.. <div class="container">.. <div class="header">.. <h1 id="Header1">Installing BitTorrent&#174;</h1>.. <div class="head-img-block right">.. <picture id="Icon" class="logoHeader" />.. </div>.. </div>.... <div class="content install">.. <div class="wrapper">.. <p id="Line1" class="line1">.. Please wait while Setup installs BitTorrent&#174; on your computer... </p>.. <div class="progress mt-1">.. <progress id="ProgressBar1" class="progress-bar" />.. </div>.. <p id="Line2" class="line2"></p>.. <p id="Line3" class="line3"></p>.. </div>..
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\LicensePage.html
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):10571
                                                                                                                                                                  Entropy (8bit):4.368450755586957
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:GcbBUFa1wWq8K4TJfwSShjKovNHiw6rHGF:GcbBUFa1zK49wxvpGHK
                                                                                                                                                                  MD5:AC0370806A6CC40B31BE57837AF9FBFA
                                                                                                                                                                  SHA1:0DA32F24E5401A75CD0D1B9DC4351D0F382AE578
                                                                                                                                                                  SHA-256:46C598EBC80E32943F7EE8A409C1415647845DEA0EC698061EC9533A470D8523
                                                                                                                                                                  SHA-512:594DA48EAA0D8501C40A80645F3E63B608B8E08F9BB90460129464DF0A9722EE532902EA35150A9FB1D4D1286B9E606C4E0FE47B61FA621EB738CF4988831398
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: .<html>..<head data-event-handler="LicenseEventHandler">.. <link rel="stylesheet" type="text/css" href="resources/style.css">.. <script type="text/tiscript" src="resources/tis/EventHandler.tis"></script>..</head>....<body>.. <div class="container">.. <div class="header">.. <h1 id="Header1">License Agreement and Privacy Policy</h1>.. <div class="head-img-block right">.. <picture id="Icon" class="logoHeader" />.. </div>.. </div>.. <div class="content">.. <div class="wrapper">.. <p>Please review the license terms before installing BitTorrent. Please scroll down to see the rest of the License Agreement and Privacy Policy.</p>.. <div class="scroll-bar">.. <div class="row legal">.. <h1 class="main_head">End User License Agreement (EULA)</h1>.. <hr class="divider" />.. <p>Date of last r
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\OfferPage.html
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1372
                                                                                                                                                                  Entropy (8bit):4.316524888177204
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:wYAIaL+K+INlrEqgIlrbMCWdyFLvtehMW2ohCRCwvWHOHxEoOPWGOIHrnXMYhCRm:uIPe1l3MC9fvhSo45tHLM+aMZRcFkRek
                                                                                                                                                                  MD5:EFCC32263936E44529D5EC75DE571046
                                                                                                                                                                  SHA1:E0A8C0D75B43906064653B4CC71ECA79207596AC
                                                                                                                                                                  SHA-256:C336A27CF694C523B5C6BF045CD5F01799F5CD4340986496B54FDD687873DEDE
                                                                                                                                                                  SHA-512:B2EBE5E8D7B334CBCFC438CC954ADCD866CA052023E670AEC34765127B0354D31FB49E28B5C9DC49815589365FF2D57BF307F03EA65529961CCD862606D471D7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: .<html>....<head data-event-handler="OfferEventHandler">.. <link rel="stylesheet" type="text/css" href="resources/style.css">.. <script type="text/tiscript" src="resources/tis/EventHandler.tis"></script>..</head>..<body id="Body1">.. <div class="container">.. <div class="header" id="Header">.. <h1 id="Header1"></h1>.. <div class="head-img-block right">.. <picture id="Icon" class="logoHeader" />.. </div>.. </div>.. <div class="content" id="Content">.. <div class="wrapper">.. <p id="Line1" class="line1">Loading...</p>.. <p id="Line2" class="line2"></p>.. <p id="Line3" class="line3"></p>.. <div id="Loader" class="center"><img src="resources/images/loader.gif" /></div>.. </div>.. </div>.... <div class="footer">.. <div id="Buttons" class="w-100">.. <div class="w-50">..
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\SettingPage1.html
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1656
                                                                                                                                                                  Entropy (8bit):4.377789608558563
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:uI1gRgdVge1l3MCWUGxvkpML+QWttWwTfqZRiJrRck:uI1g0meL8CW7Bk8gKC1ck
                                                                                                                                                                  MD5:AB3FC91C3FE48660DD313FEBBC23C8C5
                                                                                                                                                                  SHA1:15415E6B0F71CD36BA5FF0B4E95E0D87EDC74AC0
                                                                                                                                                                  SHA-256:9224B819A9B946929E7B0A9715B5A817981F8E0BE8EFC5FDCB57A66F0BE429D9
                                                                                                                                                                  SHA-512:7323BEF47C59F895C2B92DA45EDE8F0BF9EF5CAC38F9D8B995F876C1443710EC886AEF9C76D5E14676AFF3FFDBC85B8606FA03FC246F99B12867924942BA2B2D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: .<html>....<head data-event-handler="Setting1EventHandler" data-viewstate-type="uTorrent.EventHandlers.Setting1EventHandler+ViewState, uTorrent">.. <link rel="stylesheet" type="text/css" href="resources/style.css">.. <script type="text/tiscript" src="resources/tis/EventHandler.tis"></script>..</head>....<body>.. <div class="container">.. <div class="header">.. <h1 id="Header1">Choose Install Options</h1>.. <div class="head-img-block right">.. <picture id="Icon" class="logoHeader" />.. </div>.. </div>.... <div class="content welcome">.. <div class="wrapper">.. <div class="chkbox-install mt-sm-px">.. <button id="CheckBox1" type="checkbox" checked="true">Create Start menu entry</button>.. </div>.. <div class="chkbox-install">.. <button id="CheckBox2" type="checkbox" checked="true">Create Quick Launch icon</button>..
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\SettingPage2.html
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2571
                                                                                                                                                                  Entropy (8bit):4.332726046677911
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:uI8gMgdVge1l3MCCvolWsS2jpMCjiFWtrQNFTcKMww4AOWL/WO4urHqZRiJrRck:uI8gVmeL8CmolWd2FV2fTqDrCC1ck
                                                                                                                                                                  MD5:591155A3C37D12BC3552CC906D78AD53
                                                                                                                                                                  SHA1:833560F9F9CA8A1A849D24157A2792E6D2B788AB
                                                                                                                                                                  SHA-256:8011404589287BA3F07A4319A97A0A596E10914B75E532CC54B6B7C074455052
                                                                                                                                                                  SHA-512:3A58342CD4D87BDBFD820A94568C75A1A3284B1F60115A7EDD6316E318E43D4F4F0D4E7E027F08D88CA6006D62350B433F523BC7A5880629DC27F0A91FE72633
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: .<html>....<head data-event-handler="Setting2EventHandler" data-viewstate-type="uTorrent.EventHandlers.Setting2EventHandler+ViewState, uTorrent">.. <link rel="stylesheet" type="text/css" href="resources/style.css">.. <script type="text/tiscript" src="resources/tis/EventHandler.tis"></script>..</head>....<body>.. <div class="container">.. <div class="header">.. <h1 id="Header1">Configuration</h1>.. <div class="head-img-block right">.. <picture id="Icon" class="logoHeader" />.. </div>.. </div>.... <div class="content welcome">.. <div class="wrapper">.. <p>The following options automate the configuration of some additional setting in Windows:</p>.. <p class="p-install-options pt-sm" id="Line1">Additional Settings</p>.. <div class="chkbox-install">.. <button id="CheckBox1" type="checkbox" checked="true">.. Add an e
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\WarningPage.html
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1685
                                                                                                                                                                  Entropy (8bit):4.530840218053595
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24:uI5e1l3MC3MJTLvn/f9IHZ3FCmLTsIW7kvOCXuZRwJrRc5:uI5eL8C3OTLnKV5LT+I72E1c5
                                                                                                                                                                  MD5:353D6B1BCAEBB6F7A9FD6F8CB49C2FAC
                                                                                                                                                                  SHA1:15B80F8CB2F58E975A7A61C8EB7DB897C5C3713A
                                                                                                                                                                  SHA-256:78D1E19B6DB2D0F575DA7563C5E4C0A199EC4E0644A4DDDE7106F9487A061AAD
                                                                                                                                                                  SHA-512:87A2F86610FDC791B5D2D28AA336D9646277D31ECF62D1640D0BD9D9616B1A4DECA0B70DD0EF86A4D0CA8ACFC70E7A51949A798380D56D9B895951FB340BE1AF
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: .<html>....<head data-event-handler="WelcomeEventHandler">.. <link rel="stylesheet" type="text/css" href="resources/style.css">.. <script type="text/tiscript" src="resources/tis/EventHandler.tis"></script>..</head>....<body>.. <div class="container">.. <div class="header">.. <h1 id="Header1">Warning<span id="Header2" class="subheader">From BitTorrent, Inc. - the publishers of BitTorrent</span></h1>.. <div class="head-img-block right">.. <picture id="Icon" class="logoHeader" />.. </div>.. </div>.. <div class="content">.. <div class="wrapper">.. <p>.. Beware of online scams! A number of websites have taken our free BitTorrent client and attempt to charge money for it through some sort of &quot;fee&quot; or &quot;subscription&quot; or else they install it for free but infect your computer with malicious code in the process. To protect yourself, be sure to only downl
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\WelcomePage.html
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1583
                                                                                                                                                                  Entropy (8bit):4.420872887386761
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:wYAIJ4+K+INlrEqgIlrbMCcfd1Yq24vtehMW2ohCRCwOHxVT+hIoiX4ISBvA0hu3:uI5e1l3MCQRv3iXSoLlCECvH99JrRc5
                                                                                                                                                                  MD5:01CBF510EAE6803350A774DC9FCF0866
                                                                                                                                                                  SHA1:881E6F1AE712C31EFE9188CC5A2378580B3EC85A
                                                                                                                                                                  SHA-256:A54F0EFB5E97F5205E095F6A7EC86F7119AA007972E62B724E64EE2A1179F105
                                                                                                                                                                  SHA-512:CF6781BE980C14C67E739732BAA9CB97289D3E2762C70B6BAA899C2B8561A6628F85AE625364488C2170E52C0738138A673CEF1EBBC067B3B8E3931B4BD1E2DB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: .<html>....<head data-event-handler="WelcomeEventHandler">.. <link rel="stylesheet" type="text/css" href="resources/style.css">.. <script type="text/tiscript" src="resources/tis/EventHandler.tis"></script>..</head>....<body>.. <div class="container">.. <div class="header">.. <h1 id="Header1">Welcome to BitTorrent&#174; Setup Wizard</h1>.. <div class="head-img-block right">.. <picture id="Icon" class="logoHeader" />.. </div>.. </div>.. <div class="content">.. <div class="wrapper">.. <p class="line1" id="Line1">.. This wizard will guide you through the installation of BitTorrent&#174;, the &#9839;1 torrent download client on desktops and mobile devices worldwide. BitTorrent&#174; is a torrent client that allows you to download files quickly and efficiently... </p>.. <p class="line2 mt-1" id="Line2">.. Version {Resour
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\images\loader.gif
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:GIF image data, version 89a, 120 x 120
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16717
                                                                                                                                                                  Entropy (8bit):7.803028448414118
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:ZnITuNydK/vGIgevnC1TQydIUiKPl8y2m49f03vVa7tyqpfAc0aP7a9:ZXN55ge/CVFpi6Wy219fQvVahfdP7a9
                                                                                                                                                                  MD5:2B26F73D382AB69F3914A7D9FDA97B0F
                                                                                                                                                                  SHA1:A3F5AD928D4BEC107AE2941FA6B23C69D19EEDD0
                                                                                                                                                                  SHA-256:A6A0B05B1D5C52303DD3E9E2F9CDA1E688A490FBE84EA0D6E22A051AB6EFD643
                                                                                                                                                                  SHA-512:744FF7E91C8D1059F48DE97DC816BC7CC0F1A41EA7B8B7E3382FF69BC283255DFDF7B46D708A062967A6C1F2E5138665BE2943ED89D7543FC707E752543AC9A7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: GIF89ax.x........Z..<.....7.....sz.4....O..........8.......]..:.....9.........z.......D..F..<..;...!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh" xmp:CreateDate="2011-05-03T13:01:07-07:00" xmp:ModifyDate="2011-05-31T23:05:37-07:00" xmp:MetadataDate="2011-05-31T23:05:37-07:00" dc:format="image/gif" xmpMM:InstanceID="xmp.iid:A04743E283FD11E0A8C2F3FA01F65D99" xmpMM:DocumentID="xmp.did:A04743E383FD11E0A8C2F3FA01F65D99" xmpMM:OriginalDocument
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\images\warning48x48.png
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):749
                                                                                                                                                                  Entropy (8bit):7.644800644331094
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:6v/7FkmCOh2ryo8L2IL2KXrEw3XCWQk4n1nhRBT1OWvGdzZmr+aP1mHh6MpIA1+y:RlPuo812KXrEwiXk4xh31GdzZmr+a0HH
                                                                                                                                                                  MD5:D3361CF0D689A1B34D84F483D60BA9C9
                                                                                                                                                                  SHA1:D89A9551137AE90F5889ED66E8DC005F85CF99FF
                                                                                                                                                                  SHA-256:56739925AADA73F9489F9A6B72BFAAA92892B27D20F4D221380BA3EAE17F1442
                                                                                                                                                                  SHA-512:247CF4C292D62CEA6BF46AC3AB236E11F3D3885CD49FDD28958C7493EBB86ACE45C9751424F7312F393932D0A7165E2985F56C764D299B7E37F75457EEF2D846
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: .PNG........IHDR...0...0.....W.......IDATx...0...p..Z..-AKpK0%h.ZBn.k.R..-...?.Q..G.W....C0.Nf2.....a........Z..0..........Kj!S.)..W.d.....*....ir.g..i.)..V....H.J.E...&........+.e6..N.)..C.........%..z.5....a.\X.<"."..pZ@&0.XM.V....N...y..D..../L.......=.d..6..!.%.#.jhs.=.n.Hh..5.....).+..1...G..q..l.j.+.$......p..........FP..o..j*.J...6e......R...........r..[.....Q..#.4.........&..)(...../\....{.yu.W..A.j.-o.g.w..*.k..'^.J.n.4.*.\.M.wh.pO%B..8X.P...l,|....n...........@.l'[.8./Mp.|.@(3.......sw.HWUb_d....y[......@...B.R@...(i;.n.1..=}.%4Ob.H.+.a%c..i..Si.0.......n~*w.....}.^.bU..|S......M3H.{.].*hAONOt..:.ii*..(......#..CN.y....C.;m.... M>(...Oi....'.(.?q.-.]..M...M.|.a..+@x+.%?....&.o......IEND.B`.
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\style.css
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):11261
                                                                                                                                                                  Entropy (8bit):5.906452695587247
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:wYFOKrHyRshEVmZCI+AbCQ9YscdvyzMawKboAnwB6x7EZlWSCoRQ2/kmVgjkJ7D2:wYYEHbD+4n9LtnBQ67EZICRQFjAdrYF
                                                                                                                                                                  MD5:9A6660A5BB42D2481F04E289B75CF331
                                                                                                                                                                  SHA1:2F24558493F613A31A3EABACE43B6CF57ECBA6AE
                                                                                                                                                                  SHA-256:A98B233CF901960F6335A2C621BC9383FEEE8E5404ECB230E4ACE6192E981133
                                                                                                                                                                  SHA-512:037A026A3C6A8731FA40DD54BB0BA5985E1DDA9929151271E77B7408D6A3E96F7180B01FCAA3A43F17A9F63B4F596F12CCAEE2BD8A6130B6B73FF1A8C20F2762
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: .body {.. font: 14px "Segoe UI", Verdana;.. font-weight: 400;.. margin: 0;.. padding: 0;.. text-align: center;.. background-color: #fff;..}....h1 {.. font-size: 20px;.. line-height: 20px;.. font-weight: normal;.. margin: 20px 0 10px 0;..}....h2,..h3,..h4,..h5,..h6 {.. font-size: 90%;.. font-weight: normal;.. margin: 0;..}.......left {.. text-align: left !important;..}.....right {.. text-align: right !important;..}.....center {.. text-align: center !important;..}.....hide {.. display: none;..}.....mt-3 {.. margin-top: 3em !important;..}.....mt-1 {.. margin-top: 1.5em !important;..}.....mt-sm-px {.. margin-top: 1em !important;..}.....pt-sm {.. padding-top: 10px !important;..}..../************************************************************************ container ***********/.....container {.. width: 100%;.. height: 100vh;.. margin: 0 auto;.. text-align: left;..}../*************************************************
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\tis\Config.tis
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):102
                                                                                                                                                                  Entropy (8bit):4.576337357192016
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:lSL/15AQumDfAM7/1m1IDfAM7/1iJFLoWPd/:Vcs1aoJqWP5
                                                                                                                                                                  MD5:FB1C09FC31CE983ED99D8913BB9F1474
                                                                                                                                                                  SHA1:BB3D2558928ACDB23CEB42950BD46FE12E03240F
                                                                                                                                                                  SHA-256:293959C3F8EBB87BFFE885CE2331F0B40AB5666F9D237BE4791ED4903CE17BF4
                                                                                                                                                                  SHA-512:9AE91E3C1A09F3D02E0CB13E548B5C441D9C19D8A314EA99BCB9066022971F525C804F8599A42B8D6585CBC36D6573BFF5FADB750EEEFADF1C5BC0D07D38B429
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: view.windowResizable = false;..view.windowMaximizable = false;..view.windowIcon = self.url("app.ico");
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\tis\EventHandler.tis
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):11086
                                                                                                                                                                  Entropy (8bit):5.036298641286738
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:/kKclXboB4HWkYmExWNxExWHUP83pGWynHkWkiykiOk4xMd/OIj/YFf+s:iPfYYFk83pLyHRByBOXxMd/OILYFB
                                                                                                                                                                  MD5:0CDEED0A5E5FD8A64CC8D6EAA7A7C414
                                                                                                                                                                  SHA1:2AE93801A756C5E2BCFDA128F5254965D4EB25F8
                                                                                                                                                                  SHA-256:8EF25A490D94A4DE3F3D4A308C106B7435A7391099B3327E1FDFDE8BEEF64933
                                                                                                                                                                  SHA-512:0BBCF56ACF4E862E80AF09D33C549CB5B549BE00257CFB877C01D2A43EB3D8AC44683078FF02CDE5A77C92EC83AEDA111D5D3BE631015B0AAB2DE39B87A4DC4C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: include "resources/tis/config.tis";..include "resources/tis/ViewStateLoader.tis";..include "resources/tis/TranslateOfferTemplate.tis";..include "resources/tis/Log.tis";....var _eventHandler = $(head).attributes["data-event-handler"];..var _viewStateType = $(head).attributes["data-viewstate-type"];..var _offerEventHandler = "OfferEventHandler";..var _postFinishOfferEventHandler = "PostFinishOfferEventHandler";..var _licenseEventHandler = "LicenseEventHandler";..var _scanningEventHandler = "ScanningEventHandler";..var _suiteEventHandler = "SuiteEventHandler";..var _startMenuFolderEventHandler = "StartMenuFolderEventHandler";....var _viewStateLoader = new ViewStateLoader(self, _eventHandler, _viewStateType);..var _resourceManager;..//var _log = new Log();....// Only called by BaseEventHandler to inject C# ResourceManager to TIS..function SetResourceManager(resourceManager) {.. var eventResult = JSON.parse(resourceManager);.. _resourceManager = eventResult;..}....function self.ready(
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\tis\Log.tis
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1014
                                                                                                                                                                  Entropy (8bit):4.346066520556226
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:My/l6pA3Z0F9L0A2Rf/cKcNXQm3RKtJF0FnqspWi464I2+Oc2+Odtu92+O1kE45y:Pn3Z0X4JRf/cTAmhMF0JW6drD/gyxud5
                                                                                                                                                                  MD5:CEF7A21ACF607D44E160EAC5A21BDF67
                                                                                                                                                                  SHA1:F24F674250A381D6BF09DF16D00DBF617354D315
                                                                                                                                                                  SHA-256:73ED0BE73F408AB8F15F2DA73C839F86FEF46D0A269607330B28F9564FAE73C7
                                                                                                                                                                  SHA-512:5AFB4609EF46F156155F7C1B5FED48FD178D7F3395F80FB3A4FB02F454A3F977D8A15F3EF8541AF62DF83426A3316D31E1B9E2FD77726CF866C75F6D4E7ADC2F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: class Log {.... var _fileName;.... function this(){.... // This needs to be fixed, by the moment __FOLDER__ + "sciterlog.txt" is not working.. // Despite of it is the way that Sciter suggest to do it with Stream.openFile... // https://sciter.com/docs/content/script/Stream.htm.... //_fileName = __FOLDER__ + "sciterlog.txt";.. _fileName = "C:/Temp/sciterlog.txt";.... }.... function Info(text) {.... var stream;.... try {.... stream = Stream.openFile(_fileName, "r");.... if (stream == null){.. stream = Stream.openFile(_fileName, "w+");.. } else {.. stream = Stream.openFile(_fileName, "a+");.. }.... stream.println(new Date().toString("%F %X") + " [INFO] " + text);.... } catch (e) {.. view.msgbox(#alert, e);.. }.. finally {.... if (stream != null){.. stream.close();.. }....
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\tis\TranslateOfferTemplate.tis
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2313
                                                                                                                                                                  Entropy (8bit):4.6605196862152445
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:q7FHLieZMup+2U7DbLX50MQJpFncCIyPE2Pt++zKD8:8dWeZM0+2OfTQjFncCJE2PtBzKD8
                                                                                                                                                                  MD5:551029A3E046C5ED6390CC85F632A689
                                                                                                                                                                  SHA1:B4BD706F753DB6BA3C13551099D4EEF55F65B057
                                                                                                                                                                  SHA-256:7B8C76A85261C5F9E40E49F97E01A14320E9B224FF3D6AF8286632CA94CF96F8
                                                                                                                                                                  SHA-512:22A67A8371D2AA2FDBC840C8E5452C650CB161E71C39B49D868C66DB8B4C47D3297CF83C711EC1D002BC3E3AE16B1E0E4FAF2761954CE56C495827306BAB677E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: var translateOfferLanguage;..var OFFER_DEFAULT_LANGUAGE = "en";....function TranslateOfferElements(resources) {.. var elementsToTranslate = self.select("#Body1");.... try {.. elementsToTranslate.html = TranslateOfferElementsWithHTML(resources, elementsToTranslate);.. }.. catch (err) {.. throw new Error("Unexpected error while translating : " + err);.. }..}....// Translates the whole HTML with the new text depending on the "translateOfferLanguage"..function TranslateOfferElementsWithHTML(resources, htmlToTranslate) {.. var resourceSetToApply;.. var translatedHtml;.... try {.... resourceSetToApply = LoadOfferResources(resources).... for (var resource in resourceSetToApply.resourceValues) {.... // Matches anything that has "${{ResourceKey}}".. var regexp = htmlToTranslate.match("\\$\\{\\{" + resource.key + "\\}\\}").... if (regexp && htmlToTranslate.search(regexp) != -1) {.. htmlToTranslate
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Resources\tis\ViewStateLoader.tis
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):15341
                                                                                                                                                                  Entropy (8bit):4.296294298831933
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ggVOiFMLv6pA12VETqJ7PkPpnc5Timljf5tFaI+9jvm92VETqJ712VWBLi84K4Ey:ggNFXwezljffFaI+9jCWBN4K46Ow6b
                                                                                                                                                                  MD5:EF47B355F8A2E6AB49E31E93C587A987
                                                                                                                                                                  SHA1:8CF9092F6BB0E7426279AC465EB1BBEE3101D226
                                                                                                                                                                  SHA-256:E77239DBDCC6762F298CD5C216A4003CF2AA7B0EF45D364DD558A4BD7F3CDB25
                                                                                                                                                                  SHA-512:3957DFC400F1A371ACADB2A2BC196177F88863908542F68E144BDD012B54663C726E2E0CC5F25356B16012DEEE37F7E931EBAA21292C7688AC8BECBDD96775FC
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: include "resources/tis/Log.tis";..include "resources/tis/TranslateOfferTemplate.tis";....class ViewStateLoader {.... var _controlFilter;.. var _types = {};.. var _self;.. var _eventHandlerName;.. var _viewStateType;.. var _log;.. var _postFinishOfferEventHandler = "PostFinishOfferEventHandler";.. var _offerEventHandler = "OfferEventHandler";.... function this(self, eventHandlerName, viewStateType = null){.... _self = self;.... if (eventHandlerName == _postFinishOfferEventHandler) {.. _viewStateType = "GenericSetup.EventHandlers." + _offerEventHandler + "+ViewState, GenericSetup";.. } else {.. _viewStateType = "GenericSetup.EventHandlers." + eventHandlerName + "+ViewState, GenericSetup";.. }.. .. if (viewStateType != null) {.. _viewStateType = viewStateType;.. }.... // Is not recommended to filter DIVs, it will offset the html layout.. _controlFilter = "body[id],h1[
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Shared.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):231808
                                                                                                                                                                  Entropy (8bit):6.145654566629504
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:FKmFD7Dtrsa97veikRzX/Zi3ZVwMY92nM6kbs9kIVl6pLbK7iQvYdKtjjgmdT4y3:FKmFnJ+zW8pEm0kISpLbMiVGgmO
                                                                                                                                                                  MD5:19D4D7BCA342D9C921DC9EF3FD8C0CD9
                                                                                                                                                                  SHA1:0EB521E8E712964D2B757EE570C9A77ABAE7EF1F
                                                                                                                                                                  SHA-256:78FB5D44062757A1A0F6613DB6B98A4D0B6366E512B165EDE480CF5E92D7D132
                                                                                                                                                                  SHA-512:58A76FAE344DE10FBF115A91D7B9E669BF1F8F388AF68A5CB28FB99E6BDC1249B571507DB868F8BDD545E142F041A6B664BF0BE3F466997982C9515A6CDBB537
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....p..........." ..0..N...........l... ........... ....................................@..................................l..O.......h............V...3...........l..8............................................ ............... ..H............text....M... ...N.................. ..`.rsrc...h............P..............@..@.reloc...............T..............@..B.................l......H.........................................................................{....*"..}....*..(....*..(......(......(......(.......(.......(.......(.......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..((.....(......(......(.......(.......(.......(.......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..(......(......(......(.......(.......(.......(.......(....*..{....*"..}....*..{..
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\app.ico
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 48x48
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):9662
                                                                                                                                                                  Entropy (8bit):5.62847695144587
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:ewlylHlNm+iLrUMMT3qABrkT48YwGV2/UYJxlcsIJFa1FjDK6I7aIMKGSoE5:PlyvAVLrUrOAlP8E2ssx/Qa1NyVom
                                                                                                                                                                  MD5:CC7413942399B5B595C7FDFB23C5FFB6
                                                                                                                                                                  SHA1:E10D12E14A0FA3F0B76F31E9C2C32B7DA7FCA93C
                                                                                                                                                                  SHA-256:0DE7EA049E24950671C1282C07C141FB10459BBE5BFB160EBB25C6730BCFD349
                                                                                                                                                                  SHA-512:36A52693D3463383D89C3E0FEB3BE3A11BDBF1FDC9734A30F7DB30FE48DC325B209DB411430062C8CBAD92271546821BBB00B7391D6554CBCB49668C293B799C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: ......00.......%......(...0...`..... ................................................................................................8........nx.Ze.JU.|@L.z;I.|>K..AN.ET.IX..P^}.Uc%...............................................................................................................................1........jr.|HT.r8E.u:H.|>L..AO..DR..ES..ES..CQ..CQ..BP..?M.}>L..DQ.N\..Ud............................................................................................................A........qy.sBL.q:G..DR..L[..^m........................................................C........................................................................................................Ya.s<I..L[..Ue..}..........................................................................................................................................................S............|OX..JY..Yi..p~......................................................................................._..............
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\de\DevLib.resources.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):22400
                                                                                                                                                                  Entropy (8bit):6.592648335887969
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:l22QEOjVOoWI7pWCxIWuAWW1WCxIWuIWWmLzSWsa:6EnktwzA/wzIZmXS
                                                                                                                                                                  MD5:F4B99B6C47FBEF9A5490FE0941E7186C
                                                                                                                                                                  SHA1:81CDA0FE3E097A262329595E9DF9C0EC56978E7D
                                                                                                                                                                  SHA-256:EFC4964E5B653D8FE7730DF7CED82E67D22202C8F5CD28256EE59A70290745E9
                                                                                                                                                                  SHA-512:3E6247C5094FFD92C38C5C12E03C46447540F7F53070841B3E9CCEA0A21510B0D117269BACD6341E98B0E8CADB018B362976C57B4F77B8A64C3284613F0C65C2
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x>_...........!................N:... ...@....@.. ...............................G....@..................................9..S....@..H............$...3...`....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...H....@......................@..@.reloc.......`......."..............@..B................0:......H........6..\...........P ..L...........................................{..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.jl.K....y...$.#........J...H..w..........+,..mH^.F.".bh.2.e?.&.FKl.II3.O...PR..w..x........................}...........7..........."...Q...2...\...........s.......;...............6A.d.m.i.n.i.s.t.r.a.t.o.r.R.i.g.h.t.s.R
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\en\DevLib.resources.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):17792
                                                                                                                                                                  Entropy (8bit):6.818204890413026
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:yD8I7pWCxIWuAWOtM+WCxIWuIWEjlSWsaK:mjtwzAPTwzIHS
                                                                                                                                                                  MD5:ABF106CBD2E146773EBDC7661D23A57E
                                                                                                                                                                  SHA1:E6D66F8267EA9D9A7DBF0F93236A9A1A2E764ADD
                                                                                                                                                                  SHA-256:97DA5B63D99FC6B299ADA8EB912741BFF3918B8AA5D3EEC8C50BA707DC4397A9
                                                                                                                                                                  SHA-512:C69020C81381A915C06F22FA6A61B5CB2F19CB7845683438B454D0BEFF85B356128270981037190E651CCE2E593E8742AA666342B3CEF5927422E22D35A0450F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x>_...........!.................)... ...@....@.. ....................................@..................................(..K....@..H................3...`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc...H....@......................@..@.reloc.......`......................@..B.................)......H........&..............P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.jl....f.......p...].ec.......U.sR..w............,..._...........j...9...........4A.p.p.E.s.t.e.e.m.F.l.o.w.C.a.n.c.e.l.M.e.s.s.a.g.e.....,B.u.n.d.l.e.I.n.f.o.E.r.r.o.r.C.a.p.t.i.o.n.....,B.u.n.d.l.e.I.n.f.o.E.r.r.o.r.M.e.s.s
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\es\DevLib.resources.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):21888
                                                                                                                                                                  Entropy (8bit):6.637459149578628
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:w5IGAYKWrdntbW6AI7pWCxIWuAW1/WCxIWuIWsgMSWsam:1V6ftwzAkwzIxS
                                                                                                                                                                  MD5:8CAD82D6D906330142F9A10C7FBA4B67
                                                                                                                                                                  SHA1:62E8419D55DE039E7377D1EA7C273306F78F9650
                                                                                                                                                                  SHA-256:6BBC00C15D6E462889354CFC6E23C6AAC2A42754E48C322C13544B78E45C7186
                                                                                                                                                                  SHA-512:9CBE41D70F32767D1E69C70D2A06101A72A60079FE4DAF1358CF6934321E3D37A413627085242BF812C87EB78B2269AB301C507FAF32CAC99CE5694875C86726
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x>_...........!................N9... ...@....@.. ..............................s.....@..................................8..W....@..H............"...3...`....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...H....@......................@..@.reloc.......`....... ..............@..B................09......H........5..\...........P ..G..........................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.jl.K....y...$.#........J...H..w..........+,..mH^.F.".bh.2.e?.&.FKl.II3.O...PR..w..x........................}...........7..........."...Q...2...\...........s.......;...............6A.d.m.i.n.i.s.t.r.a.t.o.r.R.i.g.h.t.s.R
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\fr\DevLib.resources.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):21888
                                                                                                                                                                  Entropy (8bit):6.669079736956604
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:QXyI4JGEqQ5OZgI7pWCxIWuAWZgFWCxIWuIWtcxSWsa:4yIxxQA/twzA/wzI+QS
                                                                                                                                                                  MD5:96B87E804D88AF3BDDDF5C9D53107F6F
                                                                                                                                                                  SHA1:A33404DBCF56BF920F18FFD18213AE028A862221
                                                                                                                                                                  SHA-256:5A321B4CCD186CDCD992273D6A8C2FC26330F935A47A2C38FFF0CBE1D48F1B8E
                                                                                                                                                                  SHA-512:4FF47D8575F1954468FBB15615085C01169358E821EEADC98F94A7FF0696B360E097B352198AF0481AA335A2C1710886026E2486210E541AFB26D826486D0831
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x>_...........!.................9... ...@....@.. ..............................8.....@.................................|9..O....@..H............"...3...`....................................................... ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`....... ..............@..B.................9......H....... 6..\...........P ..............................................D..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.jl.K....y...$.#........J...H..w..........+,..mH^.F.".bh.2.e?.&.FKl.II3.O...PR..w..x........................}...........7..........."...Q...2...\...........s.......;...............6A.d.m.i.n.i.s.t.r.a.t.o.r.R.i.g.h.t.s.R
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exe
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1674624
                                                                                                                                                                  Entropy (8bit):6.574193100129829
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:49152:iv13Hq2ORVsIMUaikqGf7hW6G2GAG/PDZWK5UHXJZ2MFIGv:oaBMPGAGntWs
                                                                                                                                                                  MD5:F6D8E4BD66542159EA410117FA31717C
                                                                                                                                                                  SHA1:CA2C877725FA85FA4531ADFBD6BEB776897FEFC9
                                                                                                                                                                  SHA-256:2E31863F39950468177318BBF6FEB4F2BFB112CB33C93BB3345E76E7955E76D8
                                                                                                                                                                  SHA-512:64C83B035932328B5A507E7B1218B86C2FE00A754214AFA65AB1B1CFCFDAD9B149BF31E2CC3AC9CDDBA0E1ACCCBA1CA66C0DAA39376F740024D3C114908277D5
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Preview: MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........>t..P'..P'..P'.v.'..P'.v.'..P'.v.'..P')J.'..P'..S&..P'...'..P' .U&..P'R.U&..P'..U&..P'..T&..P'...'..P' .T&..P'...'..P'..Q'Z.P'".Y&..P'%..'..P'...'..P'".R&..P'Rich..P'........PE..L...q.._.................b.........../............@..................................A....@..........................................p..v0...........Z...3..............T...........................X...@...............`............................text....`.......b.................. ..`.rdata...............f..............@..@.data...,............z..............@....gfids.......P......................@..@.tls.........`......................@....rsrc...v0...p...2..................@..@.reloc...............B..............@..B........................................................................................................................................................................
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\it\DevLib.resources.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):21888
                                                                                                                                                                  Entropy (8bit):6.631787902719841
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:5VFrYtw1EwqXI7pWCxIWuAWXGDeWCxIWuIW/C7SWsa:zFrY6e4twzANewzICwS
                                                                                                                                                                  MD5:496A084938ADB2367B0E09FDA72F490E
                                                                                                                                                                  SHA1:AF0256B2594413F686EE1A82F843D04C9D6EC388
                                                                                                                                                                  SHA-256:8E6654FD2E34A56710341F18FC4CC7E757F95BAC669BD36D4FBB5FC9A55E55CB
                                                                                                                                                                  SHA-512:F68EBADB9FD21DADD18033E174206AF8AD8106BF4960DF289908143F2DAD1A64AA25EF4253B0A8778C771D6C988EA621F95F59EC1F8C69CEE339F820266E22B2
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x>_...........!................^9... ...@....@.. ....................................@..................................9..S....@..H............"...3...`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...H....@......................@..@.reloc.......`....... ..............@..B................@9......H........5..\...........P ..\...........................................7..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.jl.K....y...$.#........J...H..w..........+,..mH^.F.".bh.2.e?.&.FKl.II3.O...PR..w..x........................}...........7..........."...Q...2...\...........s.......;...............6A.d.m.i.n.i.s.t.r.a.t.o.r.R.i.g.h.t.s.R
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\pt\DevLib.resources.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):21888
                                                                                                                                                                  Entropy (8bit):6.630990160335251
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:hgaJ/HGv95c9I7pWCxIWuAWW56WCxIWuIWksSWsaC0:PJOAetwzAiwzISS
                                                                                                                                                                  MD5:91B722A241811862B5A36DCBA9CEA4C8
                                                                                                                                                                  SHA1:693FB666C16DD150020791E0552C6049B87934D3
                                                                                                                                                                  SHA-256:1AC6741551C70E8E0A9DA4A2EA62AD9AD9D015C1316970D302D871B7C0E0A913
                                                                                                                                                                  SHA-512:77E8D53622CA2B0EC1F909097C6D8104616AA5ED4020ACFC4D571AC7947B687ABA2AC3B2952FC74FB48265F22818619144F45500F97E61C7102AA3621ACE2C4C
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x>_...........!.................8... ...@....@.. ...............................a....@..................................8..O....@..H............"...3...`....................................................... ............... ..H............text........ ...................... ..`.rsrc...H....@......................@..@.reloc.......`....... ..............@..B.................8......H.......@5..\...........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.jl.K....y...$.#........J...H..w..........+,..mH^.F.".bh.2.e?.&.FKl.II3.O...PR..w..x........................}...........7..........."...Q...2...\...........s.......;...............6A.d.m.i.n.i.s.t.r.a.t.o.r.R.i.g.h.t.s.R
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\ru\DevLib.resources.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):23936
                                                                                                                                                                  Entropy (8bit):6.692412241776463
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:D4Pr8mQNJp8+tMSbvI7pWCxIWuAWCD7aWCxIWuIWWcdSWsaN:8TnQtbAtwzAxywzIrISg
                                                                                                                                                                  MD5:B801EBDD868CAF7AB556BA26AAF812D7
                                                                                                                                                                  SHA1:65BC7A70BE4273744231BFA1A1A3F2E310555BA8
                                                                                                                                                                  SHA-256:9C963FAFD177BACF323635B59D0FCE099ED532E65D96057882A5905845B0D904
                                                                                                                                                                  SHA-512:C6DD245BB463CFB0535510E95FAF0A92DEECA5FA09CA16E93BA0EB733E7D87E13131200A9C979F29CA52E84657D94EF6A4D67950EB97453760EA36D77BDE9786
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x>_...........!....."...........@... ...`....@.. ....................................@.................................h@..S....`..H............*...3........................................................... ............... ..H............text.... ... ...".................. ..`.rsrc...H....`.......$..............@..@.reloc...............(..............@..B.................@......H........=..\...........P ..............................................o..............lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.jl.K....y...$.#........J...H..w..........+,..mH^.F.".bh.2.e?.&.FKl.II3.O...PR..w..x........................}...........7..........."...Q...2...\...........s.......;...............6A.d.m.i.n.i.s.t.r.a.t.o.r.R.i.g.h.t.s.R
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\sciter32.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):5331328
                                                                                                                                                                  Entropy (8bit):6.5471822484399835
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:98304:OVQINUZjR4HXo0a8K9DxhTe5O4rEdrqNdN7Rs:zRR4HY0aDrqNdw
                                                                                                                                                                  MD5:3EC64AE938C6BE448BAF55E8D777536B
                                                                                                                                                                  SHA1:59F0B32FFC9815095863CD4B06BC4C5ECD772B1E
                                                                                                                                                                  SHA-256:2ECBE2E4A08EC7B7BA168F861F6FA48B77DABB97F2EB5E64812933E937A2027A
                                                                                                                                                                  SHA-512:90B6F9C7DAF3B8D3B7C468B1DD4C4FE473B9133858F33EA7A96ABE4360068721E2AB65BF52BB4FF1A56CA1CF0EEC1C8EC99824B22A9B31524C2B24DF7B5F16AD
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......'=..c\..c\..c\...... \....t.b\......a\....U.R\....W..\....V.D\....k.b\..j$7.a\....c.g\..X....\..X...w\..X...D\....j.k\....o.H\..c\...^......Y]......b\....[.b\..c\3.b\......b\..Richc\..........PE..L...ixK\...........!......8..|......../...... 8...............................Q.....,BR...@...........................F.H...(.F.......I..3...........&Q..3....M.....0.@.p.....................@.......@.@............ 8.(............................text...4.8.......8................. ..`.rdata....... 8.......8.............@..@.data...t.....F..<....F.............@....gfids..$....pI.......H.............@..@.tls..........I.......H.............@....rsrc....3....I..4....H.............@..@.reloc........M......$M.............@..B........................................................................................................................................................
                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7zS8E59FB89\uTorrent.dll
                                                                                                                                                                  Process:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):22400
                                                                                                                                                                  Entropy (8bit):6.6338482251843836
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:xiNl8OMAb13l9vjeyql8baRZ+nI7pWCxIWuAWHfWCxIWuIWrumvSWsa:xiUqY8baRZ+ItwzAGwzIubvS
                                                                                                                                                                  MD5:B713B3D49C501A28FC4204E6D12D6212
                                                                                                                                                                  SHA1:9FCC806C7E8CA5B6293EDE0F5385860BB4DC3798
                                                                                                                                                                  SHA-256:5E1AFE1DB95DF9C9AC6A4BA0497ADCA79F816530F342F49D9385E4E0BDBD139C
                                                                                                                                                                  SHA-512:4E56D82F62037ED82DB5A3646244A7A582FABAE85E9A23000C414FD5BB21857DCCB705EC7D1C4A677842A7F024B232B7EEF93B9F2D79488A5C64E8040845638D
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................!..0.............~:... ...@....... ...............................t....@.................................+:..O....@...............$...3...`.......9..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................_:......H.......,(..T...........................................................B.(.......(.....*....0............s....%r...p.%......s....o.....%r...p.%......s....o.....%r...p.%......s....o.....%r+..p.%......s....o.....%rG..p.%......s....o.....%re..p.%......s....o.....}....*..0..F...........(.........,..s....%.o........(...+...{.....{....o.......o ....+..*...0..t.......s.......}......}......t......{.........,...s....}..........,....}.......(!..........s"...o#........{....(......+...*

                                                                                                                                                                  Static File Info

                                                                                                                                                                  General

                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                  Entropy (8bit):7.992597798545731
                                                                                                                                                                  TrID:
                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                  File name:BitTorrent.exe
                                                                                                                                                                  File size:4898768
                                                                                                                                                                  MD5:4e9b4526b63778c81d4b83b26cc5c93e
                                                                                                                                                                  SHA1:c7331436cfc402118212205f1428737f72087d07
                                                                                                                                                                  SHA256:ae2383eeac97ca7bb8454be49a392538d9f1f53f8512e0328b0d551ae5bbe393
                                                                                                                                                                  SHA512:e483f0f7e7cd9d3310f49f68237bf940f33be5db9bc1534b58a9ca0dda900cd0927fed4612ee3b69ad36ffca8c49435d363a880fda1293850904c37529fd7a11
                                                                                                                                                                  SSDEEP:98304:KG5Qgf7DI3oJFxIFPua+wzYl1crf54kCLJaMJ0IFFAOp4+t8kJzGOK57H9mXB:KG5TU3oJFedugo1eR4k8J954wDJzqo
                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s..c}...s..Yy...s..w,...s...r./.s..w....s..Yx...s.......s.......s.Zyu...s.Rich..s.................PE..L......M...

                                                                                                                                                                  File Icon

                                                                                                                                                                  Icon Hash:f0d8bc72be9ed470

                                                                                                                                                                  Static PE Info

                                                                                                                                                                  General

                                                                                                                                                                  Entrypoint:0x4148d4
                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                                                  DLL Characteristics:
                                                                                                                                                                  Time Stamp:0x4DAC88CE [Mon Apr 18 18:54:06 2011 UTC]
                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                  File Version Major:4
                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                  Import Hash:e00de6e48b9b06aceb12a81e7bf494c9

                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                  Signature Valid:true
                                                                                                                                                                  Signature Issuer:CN=Entrust Extended Validation Code Signing CA - EVCS1, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
                                                                                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                                                                                  Error Number:0
                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                  • 10/15/2020 1:12:59 PM 10/15/2021 1:12:59 PM
                                                                                                                                                                  Subject Chain
                                                                                                                                                                  • CN="BitTorrent, Inc.", SERIALNUMBER=C3985926, OID.2.5.4.15=Private Organization, O="BitTorrent, Inc.", OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, L=San Francisco, S=California, C=US
                                                                                                                                                                  Version:3
                                                                                                                                                                  Thumbprint MD5:EBBECACF8418EB2FCA98816B9AC31DD5
                                                                                                                                                                  Thumbprint SHA-1:1DDEF5F7A7F5B7370682763F4B3B4934DB81285D
                                                                                                                                                                  Thumbprint SHA-256:ABB904EA48633B67645EF77F8B70D62D7F2E308ACCF359144B9F592025B1D4CD
                                                                                                                                                                  Serial:32E26622CB557B703549D8CD9787694E

                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                  Instruction
                                                                                                                                                                  push ebp
                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                  push FFFFFFFFh
                                                                                                                                                                  push 0041B9E8h
                                                                                                                                                                  push 004147FCh
                                                                                                                                                                  mov eax, dword ptr fs:[00000000h]
                                                                                                                                                                  push eax
                                                                                                                                                                  mov dword ptr fs:[00000000h], esp
                                                                                                                                                                  sub esp, 58h
                                                                                                                                                                  push ebx
                                                                                                                                                                  push esi
                                                                                                                                                                  push edi
                                                                                                                                                                  mov dword ptr [ebp-18h], esp
                                                                                                                                                                  call dword ptr [0041B078h]
                                                                                                                                                                  xor edx, edx
                                                                                                                                                                  mov dl, ah
                                                                                                                                                                  mov dword ptr [004233F0h], edx
                                                                                                                                                                  mov ecx, eax
                                                                                                                                                                  and ecx, 000000FFh
                                                                                                                                                                  mov dword ptr [004233ECh], ecx
                                                                                                                                                                  shl ecx, 08h
                                                                                                                                                                  add ecx, edx
                                                                                                                                                                  mov dword ptr [004233E8h], ecx
                                                                                                                                                                  shr eax, 10h
                                                                                                                                                                  mov dword ptr [004233E4h], eax
                                                                                                                                                                  push 00000001h
                                                                                                                                                                  call 00007F8BA4DAACBBh
                                                                                                                                                                  pop ecx
                                                                                                                                                                  test eax, eax
                                                                                                                                                                  jne 00007F8BA4DA9E2Ah
                                                                                                                                                                  push 0000001Ch
                                                                                                                                                                  call 00007F8BA4DA9EE8h
                                                                                                                                                                  pop ecx
                                                                                                                                                                  call 00007F8BA4DAA76Dh
                                                                                                                                                                  test eax, eax
                                                                                                                                                                  jne 00007F8BA4DA9E2Ah
                                                                                                                                                                  push 00000010h
                                                                                                                                                                  call 00007F8BA4DA9ED7h
                                                                                                                                                                  pop ecx
                                                                                                                                                                  xor esi, esi
                                                                                                                                                                  mov dword ptr [ebp-04h], esi
                                                                                                                                                                  call 00007F8BA4DAC8DCh
                                                                                                                                                                  call dword ptr [0041B07Ch]
                                                                                                                                                                  mov dword ptr [00425A5Ch], eax
                                                                                                                                                                  call 00007F8BA4DAC79Ah
                                                                                                                                                                  mov dword ptr [00423360h], eax
                                                                                                                                                                  call 00007F8BA4DAC543h
                                                                                                                                                                  call 00007F8BA4DAC485h
                                                                                                                                                                  call 00007F8BA4DABEE0h
                                                                                                                                                                  mov dword ptr [ebp-30h], esi
                                                                                                                                                                  lea eax, dword ptr [ebp-5Ch]
                                                                                                                                                                  push eax
                                                                                                                                                                  call dword ptr [0041B080h]
                                                                                                                                                                  call 00007F8BA4DAC416h
                                                                                                                                                                  mov dword ptr [ebp-64h], eax
                                                                                                                                                                  test byte ptr [ebp-30h], 00000001h
                                                                                                                                                                  je 00007F8BA4DA9E28h
                                                                                                                                                                  movzx eax, word ptr [ebp+00h]

                                                                                                                                                                  Rich Headers

                                                                                                                                                                  Programming Language:
                                                                                                                                                                  • [C++] VS98 (6.0) SP6 build 8804
                                                                                                                                                                  • [ASM] VS2010 build 30319
                                                                                                                                                                  • [EXP] VC++ 6.0 SP5 build 8804
                                                                                                                                                                  • [ C ] VS98 (6.0) SP6 build 8804
                                                                                                                                                                  • [ C ] VS2010 build 30319

                                                                                                                                                                  Data Directories

                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1e9ac0x64.rdata
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x270000x32e8.rsrc
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x4a7e100x41c0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x1b0000x200.rdata
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                  Sections

                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                  .text0x10000x197c00x19800False0.583160998775DOS executable (COM)6.60822715389IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .rdata0x1b0000x44900x4600False0.312109375data4.38377551881IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .data0x200000x5a680x3200False0.123828125data1.37933562353IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .sxdata0x260000x40x200False0.02734375data0.0203931352361IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_LNK_INFO, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .rsrc0x270000x32e80x3400False0.420072115385data5.86110384762IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                  Resources

                                                                                                                                                                  NameRVASizeTypeLanguageCountry
                                                                                                                                                                  RT_ICON0x272040x25a8data
                                                                                                                                                                  RT_DIALOG0x297ac0xb8dataEnglishUnited States
                                                                                                                                                                  RT_STRING0x298640x94dataEnglishUnited States
                                                                                                                                                                  RT_STRING0x298f80x34dataEnglishUnited States
                                                                                                                                                                  RT_GROUP_ICON0x2992c0x14data
                                                                                                                                                                  RT_VERSION0x299400x31cdataEnglishUnited States
                                                                                                                                                                  RT_MANIFEST0x29c5c0x68aexported SGML document, ASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                                                                                                  Imports

                                                                                                                                                                  DLLImport
                                                                                                                                                                  OLEAUT32.dllVariantClear, SysAllocString
                                                                                                                                                                  USER32.dllSendMessageA, SetTimer, DialogBoxParamW, DialogBoxParamA, SetWindowLongA, GetWindowLongA, SetWindowTextW, LoadIconA, LoadStringW, LoadStringA, CharUpperW, CharUpperA, DestroyWindow, EndDialog, PostMessageA, ShowWindow, MessageBoxW, GetDlgItem, KillTimer, SetWindowTextA
                                                                                                                                                                  SHELL32.dllShellExecuteExA
                                                                                                                                                                  KERNEL32.dllGetCurrentDirectoryA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, InterlockedIncrement, InterlockedDecrement, GetProcAddress, GetOEMCP, GetACP, GetCPInfo, IsBadCodePtr, IsBadReadPtr, GetFileType, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, HeapSize, GetCurrentProcess, TerminateProcess, IsBadWritePtr, HeapCreate, HeapDestroy, GetEnvironmentVariableA, SetUnhandledExceptionFilter, TlsAlloc, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, WaitForSingleObject, CloseHandle, CreateProcessA, GetCommandLineW, GetVersionExA, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, MultiByteToWideChar, WideCharToMultiByte, GetLastError, LoadLibraryA, GetModuleFileNameW, GetModuleFileNameA, LocalFree, FormatMessageW, FormatMessageA, SetFileTime, CreateFileW, SetLastError, SetFileAttributesW, SetFileAttributesA, RemoveDirectoryW, RemoveDirectoryA, CreateDirectoryW, CreateDirectoryA, DeleteFileW, DeleteFileA, GetFullPathNameW, GetFullPathNameA, SetCurrentDirectoryW, SetCurrentDirectoryA, GetCurrentDirectoryW, GetTempPathW, GetTempPathA, GetCurrentProcessId, GetTickCount, GetCurrentThreadId, FindClose, FindFirstFileW, FindFirstFileA, FindNextFileW, FindNextFileA, CreateFileA, GetFileSize, SetFilePointer, ReadFile, WriteFile, SetEndOfFile, GetStdHandle, WaitForMultipleObjects, Sleep, VirtualAlloc, VirtualFree, CreateEventA, SetEvent, ResetEvent, InitializeCriticalSection, RtlUnwind, RaiseException, HeapAlloc, HeapFree, HeapReAlloc, CreateThread, TlsSetValue, TlsGetValue, ExitThread

                                                                                                                                                                  Version Infos

                                                                                                                                                                  DescriptionData
                                                                                                                                                                  LegalCopyright2020 BitTorrent, Inc. All Rights Reserved.
                                                                                                                                                                  InternalNameBitTorrent.exe
                                                                                                                                                                  FileVersion7.10.5.45857
                                                                                                                                                                  CompanyNameBitTorrent Inc.
                                                                                                                                                                  ProductNameBitTorrent
                                                                                                                                                                  ProductVersion7.10.5.45857
                                                                                                                                                                  FileDescriptionBitTorrent
                                                                                                                                                                  OriginalFilenameBitTorrent.exe
                                                                                                                                                                  Translation0x0409 0x04b0

                                                                                                                                                                  Possible Origin

                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                  Network Behavior

                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                  TCP Packets

                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                  Jan 10, 2021 14:03:40.731235981 CET4971080192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:40.731338024 CET4970980192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:40.771344900 CET8049710104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:40.771539927 CET4971080192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:40.774163008 CET8049709104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:40.774167061 CET4971080192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:40.774327993 CET4970980192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:40.774962902 CET4970980192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:40.814161062 CET8049710104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:40.814757109 CET8049709104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:40.929147005 CET8049709104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:40.929172993 CET8049709104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:40.929323912 CET4970980192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:40.930706978 CET4970980192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:40.938373089 CET8049710104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:40.938457966 CET8049710104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:40.938584089 CET4971080192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:40.971486092 CET8049709104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:40.971668959 CET4970980192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:40.980140924 CET4971080192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:41.021101952 CET8049710104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:41.021286011 CET4971080192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:41.994031906 CET4971180192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:42.034070015 CET8049711104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:42.034331083 CET4971180192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:42.034866095 CET4971180192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:42.074697018 CET8049711104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:42.212119102 CET8049711104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:42.212181091 CET8049711104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:42.212260008 CET4971180192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:42.213685036 CET4971180192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:42.253957033 CET8049711104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:42.254165888 CET4971180192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:50.188544989 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:50.231584072 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:50.231678963 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:50.314346075 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:50.354749918 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:50.356013060 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:50.356050014 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:50.356127977 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:50.567698002 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:50.608141899 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:50.608194113 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:50.661973953 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:51.516354084 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:51.556552887 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:51.556638956 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:51.596769094 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:51.872920990 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:51.872951031 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:51.873018980 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:52.635272980 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:52.675538063 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:52.675718069 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:52.715965033 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:52.798144102 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:52.838349104 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:52.838557005 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:52.958823919 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:52.979895115 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:52.979943991 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:52.980115891 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:52.998946905 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:53.001343966 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:53.001380920 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:53.001512051 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:53.838258028 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:53.878334999 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:53.879107952 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:53.943119049 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:54.008845091 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:54.048932076 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.049088001 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:54.089005947 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.726743937 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.726771116 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.726846933 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.726871014 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.726886988 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.726902962 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:54.726911068 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.726936102 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.726957083 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.726959944 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:54.726969957 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:54.726974010 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.726994038 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.727011919 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:54.727054119 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:54.921184063 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:54.921375036 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:54.961184025 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.961200953 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.961307049 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.961321115 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.961425066 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.961440086 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.077514887 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.099282980 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.099327087 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.099400997 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:55.117666006 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.205498934 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:55.245760918 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.245883942 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:55.286007881 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.425128937 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.465522051 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.465635061 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.469928980 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.469970942 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.470071077 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:55.479332924 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.479650021 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:55.519449949 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.519610882 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.519680023 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:55.524776936 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.528345108 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.553153038 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.559839010 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.568495989 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.593650103 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.763112068 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.763139009 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.763278008 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:55.901108980 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901129007 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901139975 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901148081 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901160002 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901171923 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901184082 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901216030 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901235104 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901276112 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901299000 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901310921 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901357889 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.901407003 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.901416063 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.901421070 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.901424885 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.901460886 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901478052 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901494026 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901504993 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901540995 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.901562929 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.901597977 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901617050 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901633978 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901648998 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901664972 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901683092 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901685953 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.901720047 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901737928 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901752949 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901768923 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901781082 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901794910 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.901851892 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.901866913 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.901871920 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.901875973 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.902257919 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.902276993 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.902288914 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.902301073 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.902312994 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.902328968 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.902328014 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.902344942 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.902360916 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.902364969 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.902378082 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.902395010 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.902410984 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.902410984 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.902426958 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.902426958 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.902448893 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.902451992 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.902466059 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.902491093 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.902527094 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.991888046 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.991914988 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.991928101 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.991936922 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.991947889 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.991961002 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.991972923 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.991981030 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.992088079 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.992108107 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.992122889 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.992140055 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.992151976 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.992165089 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:55.992183924 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.992222071 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.992228985 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.992233038 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:55.992238045 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.094293118 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094320059 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094331026 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094341040 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094528913 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.094682932 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094698906 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094712973 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094726086 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094738960 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094749928 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094764948 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094775915 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094788074 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094826937 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094844103 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094861984 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094875097 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.094883919 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095030069 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095047951 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095063925 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095076084 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095093012 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095108986 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095119953 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095144987 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095163107 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095180035 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095196009 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095211029 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095230103 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095247030 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095262051 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095273972 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.095705032 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.095745087 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.095751047 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.095755100 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.095758915 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.095763922 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.095767021 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.095772028 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.095776081 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.095778942 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.096029043 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096046925 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096064091 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096081972 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096093893 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096110106 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096126080 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096141100 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096151114 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.096153021 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096169949 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096187115 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096195936 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.096211910 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.096218109 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096235991 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096251011 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096256971 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.096271992 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096285105 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.096290112 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096307993 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.096328020 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.096360922 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.119594097 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119612932 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119623899 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119635105 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119642973 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119653940 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119663954 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119674921 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119682074 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119761944 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119796991 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119812965 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119824886 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119837046 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119865894 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119880915 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.119915009 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.119957924 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.119963884 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.119967937 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.119972944 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.120034933 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.120050907 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.120063066 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.120079994 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.120110989 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.120129108 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.122848988 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.134591103 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.134633064 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.134644985 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.134656906 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.134665012 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.134768009 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.134799004 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.135771036 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.135790110 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.135804892 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.135821104 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.135838032 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.135858059 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.135875940 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.135890961 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.135906935 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.135921001 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.135930061 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.135967970 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.135973930 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.135977983 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.135998011 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.162748098 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.192696095 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.192745924 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.192783117 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.192821026 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.192846060 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.192862988 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.192874908 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.192900896 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.192924976 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.192939997 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.192998886 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193005085 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.193044901 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193080902 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193100929 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.193109035 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193145990 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193166971 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.193193913 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193236113 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193267107 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.193274021 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193311930 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193330050 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.193350077 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193408966 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193422079 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.193449020 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193485975 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193506002 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.193517923 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193567991 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193578005 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.193609953 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193646908 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193664074 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.193686008 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193722963 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193738937 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.193757057 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193810940 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.193883896 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193926096 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193963051 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.193989038 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.194000959 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.194040060 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.194062948 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.194076061 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.194113970 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.194129944 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.194149971 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.194196939 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.194235086 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.194237947 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.194272995 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.194294930 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.225300074 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:56.265618086 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.265678883 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:56.306790113 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.325275898 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.419166088 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.419217110 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.419332027 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:56.420118093 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:56.464062929 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.464176893 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:56.504369020 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.633219004 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.633265018 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.633332968 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:56.737591982 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.737639904 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.737680912 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.737718105 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.737759113 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.737781048 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.737795115 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.737818956 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.737823963 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.737855911 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.737863064 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.737900972 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.737920046 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.737927914 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.737965107 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.737988949 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.738012075 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738054037 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738071918 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.738090992 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738128901 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738156080 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738156080 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.738192081 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738212109 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.738229990 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738266945 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738289118 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.738313913 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738356113 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738374949 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.738393068 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738430977 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738450050 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.738468885 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738497972 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738528013 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.738533020 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738569975 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738589048 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.738617897 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738662958 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738677025 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.738698006 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.738754034 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.743015051 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:56.783200026 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.783293962 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:56.823786020 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941122055 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941167116 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941205978 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941234112 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941246033 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.941270113 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941288948 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.941308975 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941356897 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941365957 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.941420078 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941459894 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941473961 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.941497087 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941534996 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941550016 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.941574097 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941610098 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941623926 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.941648960 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941688061 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941704035 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.941735983 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941777945 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941796064 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.941814899 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941853046 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941867113 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.941891909 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941926956 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.941940069 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.941965103 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.942001104 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.942014933 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.942042112 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.942094088 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.942172050 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.942209005 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.942245960 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.942257881 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.942282915 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.942328930 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.942333937 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.942370892 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.942405939 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.942424059 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.942444086 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.942471981 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.942496061 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:56.984373093 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.984405041 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.984457016 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:57.043797970 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.043838978 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.043875933 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.043912888 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.043948889 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.043960094 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.043987989 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.043991089 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.043999910 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.044017076 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044064045 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044096947 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044135094 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044172049 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044208050 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044219971 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.044235945 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.044255972 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044297934 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044312000 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.044333935 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044370890 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044384956 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.044409037 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044445038 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044457912 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.044482946 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044512033 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044533968 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.044559002 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044600010 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044608116 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.044636965 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044683933 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044704914 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.044723988 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044759989 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044775963 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.044797897 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044837952 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044867039 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.044873953 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044914007 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044925928 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.044951916 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.044997931 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.045001030 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.045031071 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.045080900 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.045258045 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.045308113 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.045346022 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.045358896 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.045403004 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.045454979 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.045459986 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.045491934 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.045528889 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.045545101 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.045564890 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.045609951 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.045612097 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.047065973 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:57.087133884 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.087208033 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:57.127245903 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.146543980 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:03:57.243526936 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.243554115 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.243627071 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:57.246819973 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:57.287565947 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.287664890 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:03:57.327739954 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.552979946 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.553004026 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:57.553083897 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:05:37.056050062 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:05:37.056683064 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:05:37.096673965 CET44349713104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:05:37.096868992 CET44349716104.16.235.79192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:05:37.097105026 CET49716443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:05:37.097104073 CET49713443192.168.2.3104.16.235.79
                                                                                                                                                                  Jan 10, 2021 14:05:37.609549046 CET49712443192.168.2.3104.18.87.101
                                                                                                                                                                  Jan 10, 2021 14:05:37.650326967 CET44349712104.18.87.101192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:05:37.650748968 CET49712443192.168.2.3104.18.87.101

                                                                                                                                                                  UDP Packets

                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                  Jan 10, 2021 14:03:40.601710081 CET6511053192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:03:40.658379078 CET53651108.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:41.889723063 CET5836153192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:03:41.946139097 CET53583618.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:49.660979033 CET6349253192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:03:49.712054014 CET53634928.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:50.106206894 CET6083153192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:03:50.168581963 CET53608318.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:52.737245083 CET6010053192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:03:52.796694040 CET53601008.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:54.928395987 CET5319553192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:03:54.976274967 CET53531958.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:56.850323915 CET5014153192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:03:56.909681082 CET53501418.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:58.926351070 CET5302353192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:03:58.974381924 CET53530238.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:03:59.340810061 CET4956353192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:03:59.397423983 CET53495638.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:00.551249027 CET5135253192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:00.599379063 CET53513528.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:01.766515970 CET5934953192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:01.814603090 CET53593498.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:02.972660065 CET5708453192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:03.020924091 CET53570848.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:04.032028913 CET5882353192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:04.090152979 CET53588238.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:04.235722065 CET5756853192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:04.283765078 CET53575688.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:06.166985035 CET5054053192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:06.218029976 CET53505408.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:07.293215036 CET5436653192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:07.341315985 CET53543668.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:08.593101025 CET5303453192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:08.641109943 CET53530348.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:09.819097042 CET5776253192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:09.867307901 CET53577628.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:12.128987074 CET5543553192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:12.185461998 CET53554358.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:13.518234968 CET5071353192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:13.569267988 CET53507138.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:14.845078945 CET5613253192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:14.895965099 CET53561328.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:16.242311001 CET5898753192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:16.290273905 CET53589878.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:16.491086960 CET5657953192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:16.557569981 CET53565798.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:17.403702021 CET6063353192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:17.451579094 CET53606338.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:18.563601971 CET6129253192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:18.611785889 CET53612928.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:19.829005957 CET6361953192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:19.877070904 CET53636198.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:21.207236052 CET6493853192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:21.255319118 CET53649388.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:34.942172050 CET6194653192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:34.993377924 CET53619468.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:04:38.249959946 CET6491053192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:04:38.307964087 CET53649108.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:05:09.443573952 CET5212353192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:05:09.494224072 CET53521238.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:05:11.456798077 CET5613053192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:05:11.516144037 CET53561308.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:06:20.243673086 CET5633853192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:06:20.325160980 CET53563388.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:06:20.973709106 CET5942053192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:06:21.030237913 CET53594208.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:06:21.719324112 CET5878453192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:06:21.775902033 CET53587848.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:06:22.318423986 CET6397853192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:06:22.374763012 CET53639788.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:06:23.133178949 CET6293853192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:06:23.231232882 CET53629388.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:06:23.955804110 CET5570853192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:06:24.012707949 CET53557088.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:06:24.774203062 CET5680353192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:06:24.832997084 CET53568038.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:06:25.747320890 CET5714553192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:06:25.803569078 CET53571458.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:06:27.019480944 CET5535953192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:06:27.070441961 CET53553598.8.8.8192.168.2.3
                                                                                                                                                                  Jan 10, 2021 14:06:27.522480965 CET5830653192.168.2.38.8.8.8
                                                                                                                                                                  Jan 10, 2021 14:06:27.578870058 CET53583068.8.8.8192.168.2.3

                                                                                                                                                                  DNS Queries

                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                  Jan 10, 2021 14:03:40.601710081 CET192.168.2.38.8.8.80x64feStandard query (0)flow.lavasoft.comA (IP address)IN (0x0001)
                                                                                                                                                                  Jan 10, 2021 14:03:41.889723063 CET192.168.2.38.8.8.80x7b49Standard query (0)flow.lavasoft.comA (IP address)IN (0x0001)
                                                                                                                                                                  Jan 10, 2021 14:03:50.106206894 CET192.168.2.38.8.8.80x7429Standard query (0)flow.lavasoft.comA (IP address)IN (0x0001)
                                                                                                                                                                  Jan 10, 2021 14:03:52.737245083 CET192.168.2.38.8.8.80x1a24Standard query (0)sos.adaware.comA (IP address)IN (0x0001)

                                                                                                                                                                  DNS Answers

                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                  Jan 10, 2021 14:03:40.658379078 CET8.8.8.8192.168.2.30x64feNo error (0)flow.lavasoft.com104.18.87.101A (IP address)IN (0x0001)
                                                                                                                                                                  Jan 10, 2021 14:03:40.658379078 CET8.8.8.8192.168.2.30x64feNo error (0)flow.lavasoft.com104.18.88.101A (IP address)IN (0x0001)
                                                                                                                                                                  Jan 10, 2021 14:03:41.946139097 CET8.8.8.8192.168.2.30x7b49No error (0)flow.lavasoft.com104.18.87.101A (IP address)IN (0x0001)
                                                                                                                                                                  Jan 10, 2021 14:03:41.946139097 CET8.8.8.8192.168.2.30x7b49No error (0)flow.lavasoft.com104.18.88.101A (IP address)IN (0x0001)
                                                                                                                                                                  Jan 10, 2021 14:03:50.168581963 CET8.8.8.8192.168.2.30x7429No error (0)flow.lavasoft.com104.18.87.101A (IP address)IN (0x0001)
                                                                                                                                                                  Jan 10, 2021 14:03:50.168581963 CET8.8.8.8192.168.2.30x7429No error (0)flow.lavasoft.com104.18.88.101A (IP address)IN (0x0001)
                                                                                                                                                                  Jan 10, 2021 14:03:52.796694040 CET8.8.8.8192.168.2.30x1a24No error (0)sos.adaware.com104.16.235.79A (IP address)IN (0x0001)
                                                                                                                                                                  Jan 10, 2021 14:03:52.796694040 CET8.8.8.8192.168.2.30x1a24No error (0)sos.adaware.com104.16.236.79A (IP address)IN (0x0001)

                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                  • flow.lavasoft.com

                                                                                                                                                                  HTTP Packets

                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                  0192.168.2.349710104.18.87.10180C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exe
                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                  Jan 10, 2021 14:03:40.774167061 CET0OUTPOST /v1/event-stat?ProductID=IS&Type=StubBundleStart HTTP/1.1
                                                                                                                                                                  Host: flow.lavasoft.com
                                                                                                                                                                  Accept: application/json
                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                  charsets: utf-8
                                                                                                                                                                  Content-Length: 151
                                                                                                                                                                  Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 54 30 30 32 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 61 36 66 39 39 30 37 32 2d 35 63 30 38 2d 36 63 36 34 2d 66 30 31 39 2d 38 38 32 62 31 37 61 30 62 34 35 65 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 34 64 65 64 65 37 38 2d 37 63 36 35 2d 34 32 37 63 2d 38 37 61 32 2d 62 65 30 30 64 64 35 32 36 32 37 64 22 2c 22 49 6e 50 72 6f 63 65 73 73 22 3a 22 74 72 75 65 22 7d 7d 0a
                                                                                                                                                                  Data Ascii: {"Data":{"BundleId":"BT002","MachineId":"a6f99072-5c08-6c64-f019-882b17a0b45e","InstallId":"94dede78-7c65-427c-87a2-be00dd52627d","InProcess":"true"}}
                                                                                                                                                                  Jan 10, 2021 14:03:40.938373089 CET3INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Sun, 10 Jan 2021 13:03:40 GMT
                                                                                                                                                                  Content-Type: application/json; charset=utf-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Set-Cookie: __cfduid=d424499eb43f8c08b7d7d637f273e8ceb1610283820; expires=Tue, 09-Feb-21 13:03:40 GMT; path=/; domain=.lavasoft.com; HttpOnly; SameSite=Lax
                                                                                                                                                                  Access-Control-Allow-Origin: https://www.adaware.com
                                                                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                  Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                                                                                                                                                  Access-Control-Expose-Headers: Content-Length,Content-Range
                                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                                  cf-request-id: 078dfe3f050000dfefcd0d2000000001
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 60f699780f43dfef-FRA
                                                                                                                                                                  Data Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                                                                                                                                                  Data Ascii: 1d{"message":"Event persisted"}
                                                                                                                                                                  Jan 10, 2021 14:03:40.938457966 CET3INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                  1192.168.2.349709104.18.87.10180C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exe
                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                  Jan 10, 2021 14:03:40.774962902 CET1OUTPOST /v1/event-stat?ProductID=IS&Type=StubPreUAC HTTP/1.1
                                                                                                                                                                  Host: flow.lavasoft.com
                                                                                                                                                                  Accept: application/json
                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                  charsets: utf-8
                                                                                                                                                                  Content-Length: 132
                                                                                                                                                                  Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 54 30 30 32 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 61 36 66 39 39 30 37 32 2d 35 63 30 38 2d 36 63 36 34 2d 66 30 31 39 2d 38 38 32 62 31 37 61 30 62 34 35 65 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 34 64 65 64 65 37 38 2d 37 63 36 35 2d 34 32 37 63 2d 38 37 61 32 2d 62 65 30 30 64 64 35 32 36 32 37 64 22 7d 7d 0a
                                                                                                                                                                  Data Ascii: {"Data":{"BundleId":"BT002","MachineId":"a6f99072-5c08-6c64-f019-882b17a0b45e","InstallId":"94dede78-7c65-427c-87a2-be00dd52627d"}}
                                                                                                                                                                  Jan 10, 2021 14:03:40.929147005 CET2INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Sun, 10 Jan 2021 13:03:40 GMT
                                                                                                                                                                  Content-Type: application/json; charset=utf-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Set-Cookie: __cfduid=d9a206e50b9618c53842d59c0c438f44b1610283820; expires=Tue, 09-Feb-21 13:03:40 GMT; path=/; domain=.lavasoft.com; HttpOnly; SameSite=Lax
                                                                                                                                                                  Access-Control-Allow-Origin: https://www.adaware.com
                                                                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                  Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                                                                                                                                                  Access-Control-Expose-Headers: Content-Length,Content-Range
                                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                                  cf-request-id: 078dfe3f0600001f2d14210000000001
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 60f6997809241f2d-FRA
                                                                                                                                                                  Data Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                                                                                                                                                  Data Ascii: 1d{"message":"Event persisted"}
                                                                                                                                                                  Jan 10, 2021 14:03:40.929172993 CET2INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                  2192.168.2.349711104.18.87.10180C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exe
                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                  Jan 10, 2021 14:03:42.034866095 CET4OUTPOST /v1/event-stat?ProductID=IS&Type=StubPostUAC HTTP/1.1
                                                                                                                                                                  Host: flow.lavasoft.com
                                                                                                                                                                  Accept: application/json
                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                  charsets: utf-8
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Data Raw: 7b 22 44 61 74 61 22 3a 7b 22 42 75 6e 64 6c 65 49 64 22 3a 22 42 54 30 30 32 22 2c 22 4d 61 63 68 69 6e 65 49 64 22 3a 22 61 36 66 39 39 30 37 32 2d 35 63 30 38 2d 36 63 36 34 2d 66 30 31 39 2d 38 38 32 62 31 37 61 30 62 34 35 65 22 2c 22 49 6e 73 74 61 6c 6c 49 64 22 3a 22 39 34 64 65 64 65 37 38 2d 37 63 36 35 2d 34 32 37 63 2d 38 37 61 32 2d 62 65 30 30 64 64 35 32 36 32 37 64 22 2c 22 4d 65 73 73 61 67 65 22 3a 22 55 41 43 2d 59 65 73 22 7d 7d 0a
                                                                                                                                                                  Data Ascii: {"Data":{"BundleId":"BT002","MachineId":"a6f99072-5c08-6c64-f019-882b17a0b45e","InstallId":"94dede78-7c65-427c-87a2-be00dd52627d","Message":"UAC-Yes"}}
                                                                                                                                                                  Jan 10, 2021 14:03:42.212119102 CET5INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Sun, 10 Jan 2021 13:03:42 GMT
                                                                                                                                                                  Content-Type: application/json; charset=utf-8
                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                  Set-Cookie: __cfduid=db6d69474e9943e43855290b953392fe51610283822; expires=Tue, 09-Feb-21 13:03:42 GMT; path=/; domain=.lavasoft.com; HttpOnly; SameSite=Lax
                                                                                                                                                                  Access-Control-Allow-Origin: https://www.adaware.com
                                                                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                  Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Access-Control-Allow-Origin
                                                                                                                                                                  Access-Control-Expose-Headers: Content-Length,Content-Range
                                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                                  cf-request-id: 078dfe43f4000016e60302e000000001
                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                  CF-RAY: 60f6997fec3816e6-FRA
                                                                                                                                                                  Data Raw: 31 64 0d 0a 7b 22 6d 65 73 73 61 67 65 22 3a 22 45 76 65 6e 74 20 70 65 72 73 69 73 74 65 64 22 7d 0d 0a
                                                                                                                                                                  Data Ascii: 1d{"message":"Event persisted"}
                                                                                                                                                                  Jan 10, 2021 14:03:42.212181091 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                  HTTPS Packets

                                                                                                                                                                  TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                  Jan 10, 2021 14:03:50.356050014 CET104.18.87.101443192.168.2.349712CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEWed Jul 29 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Thu Jul 29 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                                                                  CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                                                                                                                  Jan 10, 2021 14:03:53.001380920 CET104.16.235.79443192.168.2.349713CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IESat Aug 15 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Sun Aug 15 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,03b5074b1b5d032e5620f69f9f700ff0e
                                                                                                                                                                  CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025

                                                                                                                                                                  Code Manipulations

                                                                                                                                                                  Statistics

                                                                                                                                                                  CPU Usage

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  Memory Usage

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                  Behavior

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  System Behavior

                                                                                                                                                                  Analysis Process: BitTorrent.exe PID: 5608 Parent PID: 5724

                                                                                                                                                                  General

                                                                                                                                                                  Start time:14:03:36
                                                                                                                                                                  Start date:10/01/2021
                                                                                                                                                                  Path:C:\Users\user\Desktop\BitTorrent.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:'C:\Users\user\Desktop\BitTorrent.exe'
                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                  File size:4898768 bytes
                                                                                                                                                                  MD5 hash:4E9B4526B63778C81D4B83B26CC5C93E
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:low

                                                                                                                                                                  Chronological Activities

                                                                                                                                                                  Analysis Process: installer.exe PID: 5484 Parent PID: 5608

                                                                                                                                                                  General

                                                                                                                                                                  Start time:14:03:38
                                                                                                                                                                  Start date:10/01/2021
                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\7zS8E59FB89\installer.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:.\installer.exe
                                                                                                                                                                  Imagebase:0x2e0000
                                                                                                                                                                  File size:1674624 bytes
                                                                                                                                                                  MD5 hash:F6D8E4BD66542159EA410117FA31717C
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:low

                                                                                                                                                                  Chronological Activities

                                                                                                                                                                  Analysis Process: GenericSetup.exe PID: 464 Parent PID: 5484

                                                                                                                                                                  General

                                                                                                                                                                  Start time:14:03:40
                                                                                                                                                                  Start date:10/01/2021
                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe
                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                  Commandline:'C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe' C:\Users\user\AppData\Local\Temp\7zS8E59FB89\GenericSetup.exe
                                                                                                                                                                  Imagebase:0x3a0000
                                                                                                                                                                  File size:28544 bytes
                                                                                                                                                                  MD5 hash:AEA3BF7F054564889ED5FAFAE481D1B7
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                  • Detection: 0%, Metadefender, Browse
                                                                                                                                                                  • Detection: 4%, ReversingLabs
                                                                                                                                                                  Reputation:low

                                                                                                                                                                  Chronological Activities

                                                                                                                                                                  Analysis Process: Carrier.exe PID: 6192 Parent PID: 464

                                                                                                                                                                  General

                                                                                                                                                                  Start time:14:03:48
                                                                                                                                                                  Start date:10/01/2021
                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Carrier.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\7zS8E59FB89\Carrier.exe
                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                  File size:1960416 bytes
                                                                                                                                                                  MD5 hash:9F65E9BF390B1B9E714A2759BB995EBD
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                  • Detection: 8%, Metadefender, Browse
                                                                                                                                                                  • Detection: 14%, ReversingLabs
                                                                                                                                                                  Reputation:low

                                                                                                                                                                  Chronological Activities

                                                                                                                                                                  Disassembly

                                                                                                                                                                  Code Analysis

                                                                                                                                                                  Reset < >

                                                                                                                                                                    Analysis Process: BitTorrent.exe PID: 5608 Parent PID: 5724 BitTorrent.exeCOMMON

                                                                                                                                                                    Execution Graph

                                                                                                                                                                    Execution Coverage:17.4%
                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                    Signature Coverage:1.8%
                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                    Total number of Limit Nodes:21

                                                                                                                                                                    Graph

                                                                                                                                                                    execution_graph 13007 40b681 13008 40b68e 13007->13008 13012 40b69f 13007->13012 13008->13012 13013 40b6c0 13008->13013 13014 40b6ca __EH_prolog 13013->13014 13028 404349 13014->13028 13019 404349 ctype 34 API calls 13020 40b710 13019->13020 13021 404320 ctype 34 API calls 13020->13021 13022 40b71b 13021->13022 13037 409739 13022->13037 13025 403a63 13113 413d6f 13025->13113 13047 40435e 13028->13047 13031 404320 13032 40432b 13031->13032 13033 404349 ctype 34 API calls 13032->13033 13034 404333 13033->13034 13035 403a63 ctype 29 API calls 13034->13035 13036 40433b 13035->13036 13036->13019 13038 409743 __EH_prolog 13037->13038 13039 404320 ctype 34 API calls 13038->13039 13040 409759 13039->13040 13041 404320 ctype 34 API calls 13040->13041 13042 409765 13041->13042 13043 404320 ctype 34 API calls 13042->13043 13044 409771 13043->13044 13045 404320 ctype 34 API calls 13044->13045 13046 40977c 13045->13046 13046->13025 13051 412fb0 13047->13051 13055 40b815 13047->13055 13048 404350 13048->13031 13052 412fb9 FindCloseChangeNotification 13051->13052 13054 412fce 13051->13054 13053 412fc4 GetLastError 13052->13053 13052->13054 13053->13054 13054->13048 13056 40b82c 13055->13056 13057 40b864 13056->13057 13059 403a63 ctype 29 API calls 13056->13059 13060 409dfc 13056->13060 13057->13048 13059->13056 13061 409e06 __EH_prolog 13060->13061 13080 407782 13061->13080 13064 404320 ctype 34 API calls 13065 409e30 13064->13065 13066 404320 ctype 34 API calls 13065->13066 13067 409e3f 13066->13067 13068 404349 ctype 34 API calls 13067->13068 13069 409e59 13068->13069 13070 404320 ctype 34 API calls 13069->13070 13071 409e64 13070->13071 13072 404349 ctype 34 API calls 13071->13072 13073 409e7b 13072->13073 13074 404320 ctype 34 API calls 13073->13074 13075 409e86 13074->13075 13088 4099f1 13075->13088 13081 407792 13080->13081 13082 407797 13080->13082 13108 413030 SetEvent 13081->13108 13084 4077ad 13082->13084 13112 412fe0 WaitForSingleObject 13082->13112 13084->13064 13086 4077a6 13087 412fb0 ctype 2 API calls 13086->13087 13087->13084 13089 4099fb __EH_prolog 13088->13089 13090 407782 5 API calls 13089->13090 13091 409a14 13090->13091 13092 412fb0 ctype 2 API calls 13091->13092 13093 409a1c 13092->13093 13094 412fb0 ctype 2 API calls 13093->13094 13095 409a24 13094->13095 13096 412fb0 ctype 2 API calls 13095->13096 13097 409a2c 13096->13097 13098 409a39 13097->13098 13099 409a43 __EH_prolog 13098->13099 13100 404320 ctype 34 API calls 13099->13100 13101 409a59 13100->13101 13102 404320 ctype 34 API calls 13101->13102 13103 409a65 13102->13103 13104 404320 ctype 34 API calls 13103->13104 13105 409a71 13104->13105 13106 404320 ctype 34 API calls 13105->13106 13107 409a7d 13106->13107 13107->13056 13109 413040 GetLastError 13108->13109 13110 41303d 13108->13110 13111 41304a 13109->13111 13110->13082 13111->13082 13112->13086 13114 403a6c 13113->13114 13115 413d9d 13113->13115 13114->13012 13116 413de2 13115->13116 13117 413da7 13115->13117 13118 413dd3 13116->13118 13121 4154da ctype 28 API calls 13116->13121 13130 4154da 13117->13130 13118->13114 13120 413e3b RtlFreeHeap 13118->13120 13120->13114 13126 413dee ctype 13121->13126 13122 413dae ctype 13123 413dc8 13122->13123 13145 415898 13122->13145 13151 413dd9 13123->13151 13125 413e1a 13158 413e31 13125->13158 13126->13125 13154 41661f 13126->13154 13131 415530 EnterCriticalSection 13130->13131 13132 4154f2 13130->13132 13131->13122 13161 413c35 13132->13161 13135 415508 13137 4154da ctype 27 API calls 13135->13137 13138 415510 13137->13138 13139 415521 13138->13139 13140 415517 InitializeCriticalSection 13138->13140 13142 413d6f ctype 27 API calls 13139->13142 13141 415526 13140->13141 13170 41553b LeaveCriticalSection 13141->13170 13142->13141 13144 41552e 13144->13131 13146 4158d6 13145->13146 13150 415b8c ctype 13145->13150 13147 415ad2 VirtualFree 13146->13147 13146->13150 13148 415b36 13147->13148 13149 415b45 VirtualFree HeapFree 13148->13149 13148->13150 13149->13150 13150->13123 13254 41553b LeaveCriticalSection 13151->13254 13153 413de0 13153->13118 13155 416662 13154->13155 13156 41664c 13154->13156 13155->13125 13156->13155 13255 416506 13156->13255 13264 41553b LeaveCriticalSection 13158->13264 13160 413e38 13160->13118 13171 413c47 13161->13171 13164 4149dc 13165 4149e5 13164->13165 13166 4149ea 13164->13166 13234 4175cd 13165->13234 13240 417606 13166->13240 13170->13144 13172 413c44 13171->13172 13173 413c4e ctype 13171->13173 13172->13135 13172->13164 13173->13172 13175 413c73 13173->13175 13176 413ca0 13175->13176 13180 413ce3 13175->13180 13177 4154da ctype 28 API calls 13176->13177 13183 413cce 13176->13183 13178 413cb6 13177->13178 13193 415bc1 13178->13193 13179 413d52 RtlAllocateHeap 13182 413cd5 13179->13182 13180->13183 13184 413d05 13180->13184 13182->13173 13183->13179 13183->13182 13186 4154da ctype 28 API calls 13184->13186 13188 413d0c 13186->13188 13202 416664 13188->13202 13190 413d1f 13209 413d39 13190->13209 13196 415bf3 13193->13196 13194 415c92 13198 413cc1 13194->13198 13219 415f7b 13194->13219 13196->13194 13196->13198 13212 415eca 13196->13212 13199 413cda 13198->13199 13223 41553b LeaveCriticalSection 13199->13223 13201 413ce1 13201->13183 13207 416672 ctype 13202->13207 13203 41675e VirtualAlloc 13208 41672f ctype 13203->13208 13204 416833 13224 41636c 13204->13224 13207->13203 13207->13204 13207->13208 13208->13190 13208->13208 13233 41553b LeaveCriticalSection 13209->13233 13211 413d2c 13211->13182 13211->13183 13213 415f0d HeapAlloc 13212->13213 13214 415edd HeapReAlloc 13212->13214 13215 415f5d 13213->13215 13217 415f33 VirtualAlloc 13213->13217 13214->13215 13216 415efc 13214->13216 13215->13194 13216->13213 13217->13215 13218 415f4d HeapFree 13217->13218 13218->13215 13220 415f8d VirtualAlloc 13219->13220 13222 415fd6 13220->13222 13222->13198 13223->13201 13225 416380 HeapAlloc 13224->13225 13226 416379 13224->13226 13227 41639d VirtualAlloc 13225->13227 13232 4163d5 ctype 13225->13232 13226->13227 13228 416492 13227->13228 13229 4163bd VirtualAlloc 13227->13229 13230 41649a HeapFree 13228->13230 13228->13232 13231 416484 VirtualFree 13229->13231 13229->13232 13230->13232 13231->13228 13232->13208 13233->13211 13235 4175d7 13234->13235 13236 417606 ctype 7 API calls 13235->13236 13239 417604 13235->13239 13237 4175ee 13236->13237 13238 417606 ctype 7 API calls 13237->13238 13238->13239 13239->13166 13242 417619 13240->13242 13241 417730 ctype 13244 417743 GetStdHandle WriteFile 13241->13244 13242->13241 13243 417659 13242->13243 13248 4149f3 13242->13248 13245 417665 GetModuleFileNameA 13243->13245 13243->13248 13244->13248 13246 41767d ctype 13245->13246 13249 4180f0 13246->13249 13248->13135 13250 4180fd LoadLibraryA 13249->13250 13251 41813f 13249->13251 13250->13251 13252 41810e GetProcAddress 13250->13252 13251->13248 13252->13251 13253 418125 GetProcAddress GetProcAddress 13252->13253 13253->13251 13254->13153 13258 416513 13255->13258 13256 4165c3 13256->13155 13257 416534 VirtualFree 13257->13258 13258->13256 13258->13257 13260 4164b0 VirtualFree 13258->13260 13261 4164cd 13260->13261 13262 4164fd 13261->13262 13263 4164dd HeapFree 13261->13263 13262->13258 13263->13258 13264->13160 13265 410f30 13266 413d6f ctype 29 API calls 13265->13266 13267 410f36 13266->13267 13268 409374 13269 413030 2 API calls 13268->13269 13270 40938f GetDlgItem 13269->13270 13271 4093a6 LoadIconA SendMessageA 13270->13271 13272 4093c8 SetTimer 13270->13272 13271->13272 13277 405eeb 13272->13277 13278 405ef5 __EH_prolog 13277->13278 13279 405f16 13278->13279 13280 405f07 SetWindowTextW 13278->13280 13292 401cb5 13279->13292 13281 405f4b 13280->13281 13289 40970a 13281->13289 13286 403a63 ctype 29 API calls 13287 405f43 13286->13287 13288 403a63 ctype 29 API calls 13287->13288 13288->13281 13290 409713 PostMessageA 13289->13290 13291 4093ec 13289->13291 13290->13291 13293 401cd3 13292->13293 13299 40218d 13293->13299 13296 403d8e 13311 403ccd 13296->13311 13300 40219d 13299->13300 13304 401ce9 13299->13304 13305 403a3d 13300->13305 13303 403a63 ctype 29 API calls 13303->13304 13304->13296 13306 413c35 ctype 29 API calls 13305->13306 13307 403a48 13306->13307 13308 4021a7 13307->13308 13310 413b0d RaiseException 13307->13310 13308->13303 13308->13304 13310->13308 13312 403cd7 __EH_prolog 13311->13312 13324 40245b 13312->13324 13315 403d5d 13330 403dae 13315->13330 13316 403d1a WideCharToMultiByte 13316->13315 13319 403d48 13316->13319 13318 40245b 30 API calls 13318->13316 13333 413b0d RaiseException 13319->13333 13322 403a63 ctype 29 API calls 13323 403d7a SetWindowTextA 13322->13323 13323->13286 13325 402496 13324->13325 13326 40246b 13324->13326 13325->13315 13325->13316 13325->13318 13327 403a3d 30 API calls 13326->13327 13328 402472 13327->13328 13328->13325 13329 403a63 ctype 29 API calls 13328->13329 13329->13325 13331 40245b 30 API calls 13330->13331 13332 403d72 13331->13332 13332->13322 13333->13315 13334 403724 13339 403740 13334->13339 13337 403739 13338 403a63 ctype 29 API calls 13338->13337 13340 40374a __EH_prolog 13339->13340 13355 4037d4 13340->13355 13342 40376d 13343 403a63 ctype 29 API calls 13342->13343 13344 403778 13343->13344 13359 4036b9 DeleteCriticalSection 13344->13359 13347 403a63 ctype 29 API calls 13348 403789 13347->13348 13349 403a63 ctype 29 API calls 13348->13349 13350 4037a3 13349->13350 13351 403a63 ctype 29 API calls 13350->13351 13352 4037ab 13351->13352 13353 403a63 ctype 29 API calls 13352->13353 13354 40372c 13353->13354 13354->13337 13354->13338 13356 4037e1 DestroyWindow 13355->13356 13357 4037dd 13355->13357 13358 4037f1 13356->13358 13357->13342 13358->13342 13360 412fb0 ctype 2 API calls 13359->13360 13361 4036ce 13360->13361 13362 403a63 ctype 29 API calls 13361->13362 13363 4036d6 13362->13363 13363->13347 13364 4148d4 GetVersion 13395 4157c8 HeapCreate 13364->13395 13366 414932 13367 414937 13366->13367 13368 41493f 13366->13368 13828 414a01 13367->13828 13407 41528c 13368->13407 13372 414944 13373 414950 13372->13373 13374 414948 13372->13374 13417 417411 13373->13417 13375 414a01 8 API calls 13374->13375 13377 41494f 13375->13377 13377->13373 13378 41495a GetCommandLineA 13431 4172df 13378->13431 13382 414974 13463 416fd9 13382->13463 13384 414979 13385 41497e GetStartupInfoA 13384->13385 13476 416f81 13385->13476 13387 414990 GetModuleHandleA 13480 401014 13387->13480 13396 4157e8 13395->13396 13397 41581e 13395->13397 13842 415680 13396->13842 13397->13366 13400 415804 13402 415821 13400->13402 13404 41636c ctype 5 API calls 13400->13404 13401 4157f7 13854 415825 HeapAlloc 13401->13854 13402->13366 13405 415801 13404->13405 13405->13402 13406 415812 HeapDestroy 13405->13406 13406->13397 13957 4154b1 InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection 13407->13957 13409 415292 TlsAlloc 13410 4152a2 13409->13410 13411 4152dc 13409->13411 13412 416ccc 30 API calls 13410->13412 13411->13372 13413 4152ab 13412->13413 13413->13411 13414 4152b3 TlsSetValue 13413->13414 13414->13411 13415 4152c4 13414->13415 13416 4152ca GetCurrentThreadId 13415->13416 13416->13372 13418 413c35 ctype 29 API calls 13417->13418 13419 417424 13418->13419 13420 417432 GetStartupInfoA 13419->13420 13421 4149dc ctype 7 API calls 13419->13421 13427 417551 13420->13427 13430 417480 13420->13430 13421->13420 13423 41757c GetStdHandle 13426 41758a GetFileType 13423->13426 13423->13427 13424 4175bc SetHandleCount 13424->13378 13425 413c35 ctype 29 API calls 13425->13430 13426->13427 13427->13423 13427->13424 13428 4174f7 13428->13427 13429 417519 GetFileType 13428->13429 13429->13428 13430->13425 13430->13427 13430->13428 13432 4172fa GetEnvironmentStringsW 13431->13432 13433 41732d 13431->13433 13435 417302 13432->13435 13436 41730e GetEnvironmentStrings 13432->13436 13434 41731e 13433->13434 13433->13435 13437 41496a 13434->13437 13440 4173c0 GetEnvironmentStrings 13434->13440 13441 4173cc 13434->13441 13438 417346 WideCharToMultiByte 13435->13438 13439 41733a GetEnvironmentStringsW 13435->13439 13436->13434 13436->13437 13454 417092 13437->13454 13443 41737a 13438->13443 13444 4173ac FreeEnvironmentStringsW 13438->13444 13439->13437 13439->13438 13440->13437 13440->13441 13445 413c35 ctype 29 API calls 13441->13445 13446 413c35 ctype 29 API calls 13443->13446 13444->13437 13452 4173e7 13445->13452 13447 417380 13446->13447 13447->13444 13448 417389 WideCharToMultiByte 13447->13448 13450 4173a3 13448->13450 13451 41739a 13448->13451 13449 4173fd FreeEnvironmentStringsA 13449->13437 13450->13444 13453 413d6f ctype 29 API calls 13451->13453 13452->13449 13453->13450 13455 4170a4 13454->13455 13456 4170a9 GetModuleFileNameA 13454->13456 13958 417fe2 13455->13958 13458 4170cc 13456->13458 13459 413c35 ctype 29 API calls 13458->13459 13460 4170ed 13459->13460 13461 4170fd 13460->13461 13462 4149dc ctype 7 API calls 13460->13462 13461->13382 13462->13461 13464 416fe6 13463->13464 13467 416feb ctype 13463->13467 13465 417fe2 48 API calls 13464->13465 13465->13467 13466 413c35 ctype 29 API calls 13468 417018 13466->13468 13467->13466 13469 4149dc ctype 7 API calls 13468->13469 13475 41702c ctype 13468->13475 13469->13475 13470 41706f 13471 413d6f ctype 29 API calls 13470->13471 13472 41707b 13471->13472 13472->13384 13473 413c35 ctype 29 API calls 13473->13475 13474 4149dc ctype 7 API calls 13474->13475 13475->13470 13475->13473 13475->13474 13477 416f8a 13476->13477 13479 416f8f 13476->13479 13478 417fe2 48 API calls 13477->13478 13478->13479 13479->13387 13987 401a7b GetVersionExA 13480->13987 13483 40218d 30 API calls 13484 401055 13483->13484 13485 40218d 30 API calls 13484->13485 13486 401067 13485->13486 13487 40218d 30 API calls 13486->13487 13488 401079 13487->13488 13489 40218d 30 API calls 13488->13489 13490 40108b GetCommandLineW 13489->13490 13491 401cb5 30 API calls 13490->13491 13492 40109a 13491->13492 13989 4038d7 13492->13989 13495 403a63 ctype 29 API calls 13496 4010b4 13495->13496 13497 40218d 30 API calls 13496->13497 13498 4010c7 13497->13498 13999 40460b 13498->13999 13505 401cb5 30 API calls 13506 4010ef 13505->13506 14029 401e6f 13506->14029 13511 403a63 ctype 29 API calls 13512 401112 13511->13512 13513 403a63 ctype 29 API calls 13512->13513 13514 40111a 13513->13514 13515 401154 13514->13515 14158 401e4e 13514->14158 13516 40245b 30 API calls 13515->13516 13518 401166 13516->13518 14036 401b11 13518->14036 13522 40117c 13524 401180 13522->13524 13525 401199 13522->13525 13527 401191 13524->13527 14165 410ec0 MessageBoxW 13524->14165 13528 401cb5 30 API calls 13525->13528 13526 403a63 ctype 29 API calls 13529 401143 13526->13529 13533 403a63 ctype 29 API calls 13527->13533 13531 4011a9 13528->13531 13532 40237b 30 API calls 13529->13532 13535 40218d 30 API calls 13531->13535 13534 40114c 13532->13534 13536 401a2f 13533->13536 13537 402340 30 API calls 13534->13537 13542 4011bb 13535->13542 13539 403a63 ctype 29 API calls 13536->13539 13537->13515 13538 4014b2 14043 401c9d 13538->14043 13540 401a37 13539->13540 13543 403a63 ctype 29 API calls 13540->13543 13542->13538 14166 403de4 13542->14166 13546 401a3f 13543->13546 13549 403a63 ctype 29 API calls 13546->13549 13553 401a47 13549->13553 13551 4011f2 13729 401203 13551->13729 14193 410ec0 MessageBoxW 13551->14193 13552 40120b 13557 401cb5 30 API calls 13552->13557 13556 403a63 ctype 29 API calls 13553->13556 13554 4014f1 13558 403a3d 30 API calls 13554->13558 13555 4014d8 13607 4014e9 13555->13607 14201 410ec0 MessageBoxW 13555->14201 13560 401a4f 13556->13560 13562 401218 13557->13562 13571 4014f8 13558->13571 13565 403a63 ctype 29 API calls 13560->13565 14194 4040fd 13562->14194 13563 404349 ctype 34 API calls 13567 401341 13563->13567 13564 40536a 43 API calls 13568 401a06 13564->13568 13569 401392 13565->13569 13572 404320 ctype 34 API calls 13567->13572 13573 403a63 ctype 29 API calls 13568->13573 13834 416a66 13569->13834 14062 407f8e 13571->14062 13575 40134c 13572->13575 13577 401a11 13573->13577 13574 403a63 ctype 29 API calls 13578 401232 13574->13578 13580 403a63 ctype 29 API calls 13575->13580 13582 403a63 ctype 29 API calls 13577->13582 13579 401cb5 30 API calls 13578->13579 13583 401241 13579->13583 13584 401354 13580->13584 13587 401a19 13582->13587 13588 4040fd 30 API calls 13583->13588 13589 403a63 ctype 29 API calls 13584->13589 13585 401529 14202 410ec0 MessageBoxW 13585->14202 13586 40153a 14072 401d16 13586->14072 13592 403a63 ctype 29 API calls 13587->13592 13593 401253 13588->13593 13594 40135f 13589->13594 13592->13527 13596 403a63 ctype 29 API calls 13593->13596 13597 403a63 ctype 29 API calls 13594->13597 13600 40125b 13596->13600 13601 401367 13597->13601 13598 40218d 30 API calls 13599 401561 13598->13599 14075 402efe 13599->14075 13603 401cb5 30 API calls 13600->13603 13604 403a63 ctype 29 API calls 13601->13604 13606 40126a 13603->13606 13608 40136f 13604->13608 13611 4040fd 30 API calls 13606->13611 13607->13564 13612 403a63 ctype 29 API calls 13608->13612 13609 401584 13620 4015b5 13609->13620 13648 4015ef 13609->13648 14203 405ed1 13609->14203 13610 4015f8 13614 403a63 ctype 29 API calls 13610->13614 13615 40127f 13611->13615 13613 401377 13612->13613 13616 403a63 ctype 29 API calls 13613->13616 13617 401600 13614->13617 13618 403a63 ctype 29 API calls 13615->13618 13619 40137f 13616->13619 13622 401c9d 30 API calls 13617->13622 13623 401287 13618->13623 13625 403a63 ctype 29 API calls 13619->13625 13635 405ed1 33 API calls 13620->13635 13620->13648 13627 401609 13622->13627 13628 403b38 ctype 5 API calls 13623->13628 13624 403a63 ctype 29 API calls 13629 401924 13624->13629 13631 401387 13625->13631 14115 404f70 13627->14115 13634 401298 13628->13634 13630 403a63 ctype 29 API calls 13629->13630 13636 40192f 13630->13636 13637 403a63 ctype 29 API calls 13631->13637 13632 401daf 30 API calls 13638 4015aa 13632->13638 13640 401cb5 30 API calls 13634->13640 13641 4015d5 MessageBoxW 13635->13641 13646 40536a 43 API calls 13636->13646 13637->13569 13642 403a63 ctype 29 API calls 13638->13642 13644 4012af 13640->13644 13645 403a63 ctype 29 API calls 13641->13645 13642->13620 13657 403a63 ctype 29 API calls 13644->13657 13645->13648 13649 401946 13646->13649 13647 40161c 13650 401650 13647->13650 13651 401620 13647->13651 13648->13624 13652 403a63 ctype 29 API calls 13649->13652 13653 4017b4 13650->13653 13654 401659 13650->13654 13655 404f2c 33 API calls 13651->13655 13658 401951 13652->13658 13660 4017ec 13653->13660 14215 401d50 13653->14215 13659 401a66 31 API calls 13654->13659 13656 401628 13655->13656 13661 403a63 ctype 29 API calls 13656->13661 13662 4012c7 13657->13662 13664 403a63 ctype 29 API calls 13658->13664 13665 401664 13659->13665 13663 401d16 30 API calls 13660->13663 13667 401630 13661->13667 13676 401daf 30 API calls 13662->13676 13678 4012e4 13662->13678 13668 4017fb 13663->13668 13669 401959 13664->13669 13670 401692 13665->13670 13671 40169e 13665->13671 13675 403a63 ctype 29 API calls 13667->13675 14137 405bad 13668->14137 13680 403a63 ctype 29 API calls 13669->13680 14206 401e18 13670->14206 13673 401a66 31 API calls 13671->13673 13682 4016a9 ShellExecuteExA 13673->13682 13675->13607 13676->13678 13677 40139a 13684 401cb5 30 API calls 13677->13684 13678->13677 13685 4012f6 MessageBoxW 13678->13685 13687 401964 13680->13687 13688 401798 13682->13688 13689 4016e8 13682->13689 13691 4013a7 13684->13691 13685->13677 13692 40130e 13685->13692 13694 403a63 ctype 29 API calls 13687->13694 13697 403a63 ctype 29 API calls 13688->13697 13695 4016f9 13689->13695 14209 410ec0 MessageBoxW 13689->14209 13698 4040fd 30 API calls 13691->13698 13699 403a63 ctype 29 API calls 13692->13699 13693 401cb5 30 API calls 13700 401810 13693->13700 13701 40196c 13694->13701 13704 403a63 ctype 29 API calls 13695->13704 13705 4017a6 13697->13705 13707 4013bc 13698->13707 13708 401319 13699->13708 14141 401e8b 13700->14141 13710 403a63 ctype 29 API calls 13701->13710 13712 401701 13704->13712 13713 403a63 ctype 29 API calls 13705->13713 13714 401daf 30 API calls 13707->13714 13715 403a63 ctype 29 API calls 13708->13715 13711 401974 13710->13711 13717 403a63 ctype 29 API calls 13711->13717 13718 403a63 ctype 29 API calls 13712->13718 13719 4017ae 13713->13719 13720 4013c5 13714->13720 13721 401321 13715->13721 13725 40197c 13717->13725 13726 401709 13718->13726 13727 4019bf 13719->13727 13728 403a63 ctype 29 API calls 13720->13728 13723 403a63 ctype 29 API calls 13721->13723 13722 403a63 ctype 29 API calls 13724 401828 13722->13724 13723->13729 13731 403a63 ctype 29 API calls 13725->13731 13735 4013d0 13728->13735 13729->13563 13738 401984 13731->13738 13736 403a63 ctype 29 API calls 13735->13736 13741 4013d8 13736->13741 13743 403a63 ctype 29 API calls 13738->13743 13747 401cb5 30 API calls 13741->13747 13749 40198c 13743->13749 13752 4013e7 13747->13752 13754 403a63 ctype 29 API calls 13749->13754 13757 4040fd 30 API calls 13752->13757 13754->13569 13760 4013fc 13757->13760 13763 401daf 30 API calls 13760->13763 13766 401405 13763->13766 13769 403a63 ctype 29 API calls 13766->13769 13773 401410 13769->13773 13778 403a63 ctype 29 API calls 13773->13778 13782 401418 13778->13782 13785 401cb5 30 API calls 13782->13785 13788 401427 13785->13788 13792 4040fd 30 API calls 13788->13792 13796 401440 13792->13796 13797 402635 30 API calls 13796->13797 13801 40144d 13797->13801 13803 401daf 30 API calls 13801->13803 13806 401456 13803->13806 13808 403a63 ctype 29 API calls 13806->13808 13810 401461 13808->13810 13812 403a63 ctype 29 API calls 13810->13812 13814 40146c 13812->13814 13816 403a63 ctype 29 API calls 13814->13816 13818 401474 13816->13818 13819 403a63 ctype 29 API calls 13818->13819 13820 40147f 13819->13820 13821 403a63 ctype 29 API calls 13820->13821 13822 401487 13821->13822 13823 403a63 ctype 29 API calls 13822->13823 13824 40148f 13823->13824 13825 404349 ctype 34 API calls 13824->13825 13826 4014a7 13825->13826 13827 404320 ctype 34 API calls 13826->13827 13827->13538 13829 414a0a 13828->13829 13830 414a0f 13828->13830 13831 4175cd ctype 7 API calls 13829->13831 13832 417606 ctype 7 API calls 13830->13832 13831->13830 13833 414a18 ExitProcess 13832->13833 16340 416a88 13834->16340 13837 416e09 13838 4152f3 35 API calls 13837->13838 13839 416e14 13838->13839 13840 416f3a UnhandledExceptionFilter 13839->13840 13841 4149ce 13839->13841 13840->13841 13856 413a90 13842->13856 13845 4156c3 GetEnvironmentVariableA 13849 4156e2 13845->13849 13853 4157a0 13845->13853 13846 4156a9 13846->13845 13847 4156bb 13846->13847 13847->13400 13847->13401 13850 415727 GetModuleFileNameA 13849->13850 13851 41571f 13849->13851 13850->13851 13851->13853 13858 4177c0 13851->13858 13853->13847 13861 415653 GetModuleHandleA 13853->13861 13855 415841 13854->13855 13855->13405 13857 413a9c GetVersionExA 13856->13857 13857->13845 13857->13846 13863 4177d7 13858->13863 13862 41566a 13861->13862 13862->13847 13866 4177ef 13863->13866 13865 41781f 13867 418578 6 API calls 13865->13867 13869 417948 13865->13869 13871 4177d3 13865->13871 13876 41843d 13865->13876 13866->13865 13872 418578 13866->13872 13867->13865 13869->13871 13887 416cba 13869->13887 13871->13853 13873 418596 13872->13873 13875 41858a 13872->13875 13890 41883c 13873->13890 13875->13866 13877 41845b InterlockedIncrement 13876->13877 13886 418448 13876->13886 13878 418477 InterlockedDecrement 13877->13878 13881 418481 13877->13881 13879 4154da ctype 29 API calls 13878->13879 13879->13881 13902 4184ac 13881->13902 13883 4184a1 InterlockedDecrement 13883->13886 13884 418497 13908 41553b LeaveCriticalSection 13884->13908 13886->13865 13927 4152f3 GetLastError TlsGetValue 13887->13927 13889 416cbf 13889->13871 13891 41886d GetStringTypeW 13890->13891 13895 418885 13890->13895 13892 418889 GetStringTypeA 13891->13892 13891->13895 13892->13895 13896 418971 13892->13896 13893 4188b0 GetStringTypeA 13893->13896 13894 4188d4 13894->13896 13898 4188ea MultiByteToWideChar 13894->13898 13895->13893 13895->13894 13896->13875 13898->13896 13899 41890e ctype 13898->13899 13899->13896 13900 418948 MultiByteToWideChar 13899->13900 13900->13896 13901 418961 GetStringTypeW 13900->13901 13901->13896 13903 4184d7 13902->13903 13907 41848e 13902->13907 13904 4184f3 13903->13904 13905 418578 6 API calls 13903->13905 13904->13907 13909 4185ed 13904->13909 13905->13904 13907->13883 13907->13884 13908->13886 13910 418639 13909->13910 13911 41861d LCMapStringW 13909->13911 13914 418682 LCMapStringA 13910->13914 13915 41869f 13910->13915 13911->13910 13912 418641 LCMapStringA 13911->13912 13912->13910 13913 41877b 13912->13913 13913->13907 13914->13913 13915->13913 13916 4186b5 MultiByteToWideChar 13915->13916 13916->13913 13917 4186df 13916->13917 13917->13913 13918 418715 MultiByteToWideChar 13917->13918 13918->13913 13919 41872e LCMapStringW 13918->13919 13919->13913 13920 418749 13919->13920 13921 41874f 13920->13921 13923 41878f 13920->13923 13921->13913 13922 41875d LCMapStringW 13921->13922 13922->13913 13923->13913 13924 4187c7 LCMapStringW 13923->13924 13924->13913 13925 4187df WideCharToMultiByte 13924->13925 13925->13913 13928 41530f 13927->13928 13929 41534e SetLastError 13927->13929 13938 416ccc 13928->13938 13929->13889 13932 415320 TlsSetValue 13933 415346 13932->13933 13934 415331 13932->13934 13935 4149dc ctype 7 API calls 13933->13935 13937 415337 GetCurrentThreadId 13934->13937 13936 41534d 13935->13936 13936->13929 13937->13929 13948 416d01 ctype 13938->13948 13939 415318 13939->13932 13939->13933 13940 416db9 HeapAlloc 13940->13948 13941 4154da ctype 29 API calls 13941->13948 13942 4154da ctype 29 API calls 13947 416d7b 13942->13947 13943 415bc1 ctype 5 API calls 13943->13948 13944 416664 ctype 6 API calls 13944->13947 13947->13940 13947->13942 13947->13944 13947->13948 13952 416dee 13947->13952 13948->13939 13948->13940 13948->13941 13948->13943 13948->13947 13949 416d65 13948->13949 13955 41553b LeaveCriticalSection 13949->13955 13951 416d6c 13951->13948 13956 41553b LeaveCriticalSection 13952->13956 13954 416df5 13954->13947 13955->13951 13956->13954 13957->13409 13959 417feb 13958->13959 13960 417ff2 13958->13960 13962 417c0a 13959->13962 13960->13456 13963 4154da ctype 29 API calls 13962->13963 13964 417c1a 13963->13964 13973 417db7 13964->13973 13968 417daf 13968->13960 13970 417c56 GetCPInfo 13972 417c6c 13970->13972 13971 417c31 13986 41553b LeaveCriticalSection 13971->13986 13972->13971 13978 417e5d GetCPInfo 13972->13978 13974 417dd7 13973->13974 13975 417dc7 GetOEMCP 13973->13975 13976 417c22 13974->13976 13977 417ddc GetACP 13974->13977 13975->13974 13976->13970 13976->13971 13976->13972 13977->13976 13979 417f48 13978->13979 13980 417e80 13978->13980 13979->13971 13981 41883c 6 API calls 13980->13981 13982 417efc 13981->13982 13983 4185ed 9 API calls 13982->13983 13984 417f20 13983->13984 13985 4185ed 9 API calls 13984->13985 13985->13979 13986->13968 13988 40102d 13987->13988 13988->13483 13990 4038e1 __EH_prolog 13989->13990 13991 403956 13990->13991 13993 401ded 30 API calls 13990->13993 13998 4010ac 13990->13998 13992 401e4e 30 API calls 13991->13992 13994 403965 13992->13994 13993->13990 13995 401daf 30 API calls 13994->13995 13996 403972 13995->13996 13997 403a63 ctype 29 API calls 13996->13997 13997->13998 13998->13495 14000 404615 __EH_prolog 13999->14000 14001 404636 GetModuleFileNameA 14000->14001 14002 404697 GetModuleFileNameW 14000->14002 14004 404656 14001->14004 14008 4010cf 14001->14008 14003 4046b8 14002->14003 14002->14008 14006 401d50 30 API calls 14003->14006 14003->14008 14004->14008 14239 403bdf 14004->14239 14006->14008 14017 40237b 14008->14017 14011 401daf 30 API calls 14012 404683 14011->14012 14013 403a63 ctype 29 API calls 14012->14013 14014 40468b 14013->14014 14015 403a63 ctype 29 API calls 14014->14015 14016 404693 14015->14016 14016->14008 14018 402385 __EH_prolog 14017->14018 14260 4025c7 14018->14260 14020 402394 14021 403a63 ctype 29 API calls 14020->14021 14022 4010d7 14021->14022 14023 402340 14022->14023 14024 40234a __EH_prolog 14023->14024 14025 4025c7 30 API calls 14024->14025 14026 402359 14025->14026 14027 403a63 ctype 29 API calls 14026->14027 14028 4010df 14027->14028 14028->13505 14274 40222b 14029->14274 14032 403b38 14035 403b41 14032->14035 14033 403a90 5 API calls ctype 14033->14035 14034 401108 14034->13511 14035->14033 14035->14034 14037 401b1b __EH_prolog 14036->14037 14287 405a0f 14037->14287 14040 401b4d 14040->13522 14041 401b49 ctype 14041->14040 14290 405a6c 14041->14290 14294 401f02 14041->14294 14044 40218d 30 API calls 14043->14044 14045 4014c3 14044->14045 14046 4052cf 14045->14046 14047 4052d9 __EH_prolog 14046->14047 14048 40536a 43 API calls 14047->14048 14049 4052e4 14048->14049 14050 4014d4 14049->14050 14051 40218d 30 API calls 14049->14051 14050->13554 14050->13555 14052 4052ff 14051->14052 14333 4050ee 14052->14333 14055 40530e 14057 403a63 ctype 29 API calls 14055->14057 14057->14050 14061 403a63 ctype 29 API calls 14061->14055 14063 407f98 __EH_prolog 14062->14063 14064 404349 ctype 34 API calls 14063->14064 14065 407fa7 14064->14065 14067 401d50 30 API calls 14065->14067 14071 401525 14065->14071 14476 40802f 14065->14476 14479 407d8d 14065->14479 14506 4080cf 14065->14506 14514 4020af 14065->14514 14067->14065 14071->13585 14071->13586 14073 40218d 30 API calls 14072->14073 14074 40154c 14073->14074 14074->13598 14076 402f08 __EH_prolog 14075->14076 14592 40335f 14076->14592 14079 401daf 30 API calls 14080 402f3c 14079->14080 14081 401daf 30 API calls 14080->14081 14082 402f4a 14081->14082 14083 403a3d 30 API calls 14082->14083 14084 402f54 14083->14084 14086 402f67 14084->14086 14630 4034cc 14084->14630 14087 403020 14086->14087 14088 402f83 14086->14088 14644 4030fc 14087->14644 14600 412ff0 14088->14600 14091 402fab 14093 402fb1 14091->14093 14094 402fbe 14091->14094 14092 40301e 14095 401daf 30 API calls 14092->14095 14096 412fb0 ctype 2 API calls 14093->14096 14097 40218d 30 API calls 14094->14097 14098 403039 14095->14098 14099 402fb9 14096->14099 14100 402fd1 14097->14100 14098->14099 14102 401daf 30 API calls 14098->14102 14620 403473 14099->14620 14101 405ed1 33 API calls 14100->14101 14103 402fe0 14101->14103 14102->14099 14105 401daf 30 API calls 14103->14105 14107 402fed 14105->14107 14108 403a63 ctype 29 API calls 14107->14108 14109 402ff9 14108->14109 14606 403086 14109->14606 14111 40300a 14112 403a63 ctype 29 API calls 14111->14112 14113 403012 14112->14113 14114 412fb0 ctype 2 API calls 14113->14114 14114->14092 14116 404f7a __EH_prolog 14115->14116 14117 404f97 GetCurrentDirectoryA 14116->14117 14118 404fee GetCurrentDirectoryW 14116->14118 14120 403bdf 30 API calls 14117->14120 14119 401d50 30 API calls 14118->14119 14122 401611 14119->14122 14121 404fc0 14120->14121 14123 403bca 31 API calls 14121->14123 14130 404f2c 14122->14130 14124 404fce 14123->14124 14125 401daf 30 API calls 14124->14125 14126 404fda 14125->14126 14127 403a63 ctype 29 API calls 14126->14127 14128 404fe2 14127->14128 14129 403a63 ctype 29 API calls 14128->14129 14129->14122 14131 404f61 SetCurrentDirectoryW 14130->14131 14132 404f3b 14130->14132 14131->13647 14133 403b85 31 API calls 14132->14133 14134 404f46 SetCurrentDirectoryA 14133->14134 14135 403a63 ctype 29 API calls 14134->14135 14136 404f5b 14135->14136 14136->13647 14138 401803 14137->14138 14139 405bb8 14137->14139 14138->13693 14139->14138 14140 401ded 30 API calls 14139->14140 14140->14138 14142 401820 14141->14142 14143 401e9e 14141->14143 14142->13722 14143->14142 16158 4023b6 14143->16158 14159 40222b 30 API calls 14158->14159 14160 401132 14159->14160 14161 401daf 14160->14161 14162 40113b 14161->14162 14163 401dbb 14161->14163 14162->13526 14164 40218d 30 API calls 14163->14164 14164->14162 14165->13527 14167 403dee __EH_prolog 14166->14167 14168 404349 ctype 34 API calls 14167->14168 14172 403dff 14168->14172 14169 4011ee 14169->13551 14169->13552 14170 401c9d 30 API calls 14170->14172 14172->14169 14172->14170 14173 403f76 14172->14173 14179 40245b 30 API calls 14172->14179 14180 403f93 14172->14180 14182 4041a9 30 API calls 14172->14182 14189 403a63 29 API calls ctype 14172->14189 14190 401f02 30 API calls 14172->14190 16166 403fc6 14172->16166 16176 404148 14172->16176 16186 40215c 14172->16186 14174 403a63 ctype 29 API calls 14173->14174 14175 403f7e 14174->14175 14176 403a63 ctype 29 API calls 14175->14176 14177 403f86 14176->14177 14178 403a63 ctype 29 API calls 14177->14178 14178->14169 14179->14172 14181 403a63 ctype 29 API calls 14180->14181 14183 403f9b 14181->14183 14182->14172 14184 403a63 ctype 29 API calls 14183->14184 14185 403fa3 14184->14185 14187 403a63 ctype 29 API calls 14185->14187 14188 403fab 14187->14188 14191 403a63 ctype 29 API calls 14188->14191 14189->14172 14190->14172 14191->14169 14193->13729 14195 404115 14194->14195 14196 404119 14195->14196 14197 40412f 14195->14197 14198 40218d 30 API calls 14196->14198 14199 401d16 30 API calls 14197->14199 14200 40122a 14198->14200 14199->14200 14200->13574 14201->13607 14202->13607 16191 405e00 14203->16191 14207 4021e1 30 API calls 14206->14207 14208 401e28 14207->14208 14208->13671 14209->13695 14216 401d6d 14215->14216 14217 40218d 30 API calls 14216->14217 14218 4017c6 14217->14218 14219 4057af 14218->14219 14220 4057b9 __EH_prolog 14219->14220 14221 404d82 30 API calls 14220->14221 14222 4057c8 14221->14222 14223 405620 37 API calls 14222->14223 14224 4057d5 14223->14224 14225 403a63 ctype 29 API calls 14224->14225 14240 403bf6 14239->14240 14240->14240 14241 40245b 30 API calls 14240->14241 14242 403c05 14241->14242 14243 403bca 14242->14243 14246 403c26 14243->14246 14247 403c30 __EH_prolog 14246->14247 14248 40218d 30 API calls 14247->14248 14249 403c53 14248->14249 14250 403c9a 14249->14250 14251 403c6b MultiByteToWideChar 14249->14251 14253 40218d 30 API calls 14249->14253 14252 401d16 30 API calls 14250->14252 14251->14250 14254 403c85 14251->14254 14255 403cb0 14252->14255 14253->14251 14259 413b0d RaiseException 14254->14259 14257 403a63 ctype 29 API calls 14255->14257 14258 403bda 14257->14258 14258->14011 14259->14250 14261 4025d1 __EH_prolog 14260->14261 14262 40218d 30 API calls 14261->14262 14263 4025ed 14262->14263 14264 401ded 30 API calls 14263->14264 14265 4025fa 14264->14265 14266 401ded 30 API calls 14265->14266 14267 402604 14266->14267 14268 401ded 30 API calls 14267->14268 14269 40260e 14268->14269 14270 401d16 30 API calls 14269->14270 14271 40261a 14270->14271 14272 403a63 ctype 29 API calls 14271->14272 14273 402622 14272->14273 14273->14020 14276 402235 __EH_prolog 14274->14276 14275 402269 14278 40218d 30 API calls 14275->14278 14276->14275 14277 40225e 14276->14277 14279 401d16 30 API calls 14277->14279 14280 40227c 14278->14280 14282 4010ff 14279->14282 14281 40218d 30 API calls 14280->14281 14283 402289 14281->14283 14282->14032 14284 401d16 30 API calls 14283->14284 14285 4022bd 14284->14285 14286 403a63 ctype 29 API calls 14285->14286 14286->14282 14297 4059ee 14287->14297 14293 405a79 14290->14293 14292 405aa5 14292->14041 14293->14292 14324 405a4a 14293->14324 14329 4024a9 14294->14329 14300 4059d1 14297->14300 14303 405892 14300->14303 14313 405905 14303->14313 14306 4058f7 14306->14041 14307 4058de CreateFileW 14307->14306 14308 4058af 14316 403b85 14308->14316 14311 403a63 ctype 29 API calls 14312 4058db 14311->14312 14312->14306 14314 40590f FindCloseChangeNotification 14313->14314 14315 4058a0 14313->14315 14314->14315 14315->14306 14315->14307 14315->14308 14317 403b8f __EH_prolog 14316->14317 14318 401cb5 30 API calls 14317->14318 14319 403ba2 14318->14319 14320 403d8e 31 API calls 14319->14320 14321 403bb2 14320->14321 14322 403a63 ctype 29 API calls 14321->14322 14323 403bba CreateFileA 14322->14323 14323->14311 14325 405a57 14324->14325 14328 405a1d ReadFile 14325->14328 14327 405a68 14327->14293 14328->14327 14330 401f0c 14329->14330 14331 4024bd 14329->14331 14330->14041 14332 40245b 30 API calls 14331->14332 14332->14330 14334 4050f8 __EH_prolog 14333->14334 14335 405115 GetTempPathA 14334->14335 14336 40516c GetTempPathW 14334->14336 14337 403bdf 30 API calls 14335->14337 14338 401d50 30 API calls 14336->14338 14339 40513e 14337->14339 14341 405168 14338->14341 14340 403bca 31 API calls 14339->14340 14342 40514c 14340->14342 14341->14055 14348 40485a 14341->14348 14343 401daf 30 API calls 14342->14343 14344 405158 14343->14344 14345 403a63 ctype 29 API calls 14344->14345 14346 405160 14345->14346 14347 403a63 ctype 29 API calls 14346->14347 14347->14341 14349 404864 __EH_prolog 14348->14349 14350 401d16 30 API calls 14349->14350 14351 404877 14350->14351 14372 4048ab 14351->14372 14354 401d16 30 API calls 14355 404891 14354->14355 14356 403a63 ctype 29 API calls 14355->14356 14357 404899 14356->14357 14358 4051b7 GetCurrentThreadId GetTickCount GetCurrentProcessId 14357->14358 14368 4051ea 14358->14368 14359 401d50 30 API calls 14359->14368 14360 4048ab 30 API calls 14360->14368 14362 40526e SetLastError 14362->14368 14363 401ded 30 API calls 14371 40522c 14363->14371 14365 4048ab 30 API calls 14369 405240 GetTickCount 14365->14369 14366 4052b8 14366->14061 14368->14359 14368->14360 14368->14362 14368->14366 14370 405299 GetLastError 14368->14370 14368->14371 14380 405800 14368->14380 14388 4049f4 14368->14388 14396 405ae5 14368->14396 14369->14371 14370->14368 14371->14363 14371->14365 14371->14368 14373 4048c0 14372->14373 14376 4021e1 14373->14376 14377 402225 14376->14377 14378 4021f5 14376->14378 14377->14354 14379 40218d 30 API calls 14378->14379 14379->14377 14381 40580a __EH_prolog 14380->14381 14399 404d82 14381->14399 14386 403a63 ctype 29 API calls 14387 405830 14386->14387 14387->14368 14389 404a03 14388->14389 14390 404a29 CreateDirectoryW 14388->14390 14392 403b85 31 API calls 14389->14392 14391 404a34 14390->14391 14391->14368 14393 404a0e CreateDirectoryA 14392->14393 14394 403a63 ctype 29 API calls 14393->14394 14395 404a23 14394->14395 14395->14391 14470 405ace 14396->14470 14400 40218d 30 API calls 14399->14400 14401 404d99 14400->14401 14402 405620 14401->14402 14403 40562a __EH_prolog 14402->14403 14437 405434 14403->14437 14406 405653 GetLastError 14408 405661 14406->14408 14407 405414 FindClose 14436 405773 14407->14436 14409 401cb5 30 API calls 14408->14409 14415 40564c 14408->14415 14410 4056d3 14409->14410 14411 405788 14410->14411 14412 401cb5 30 API calls 14410->14412 14413 403a63 ctype 29 API calls 14411->14413 14414 4056f0 14412->14414 14413->14415 14416 405705 14414->14416 14417 401ded 30 API calls 14414->14417 14415->14407 14418 401ded 30 API calls 14416->14418 14417->14416 14419 40570f 14418->14419 14420 405434 35 API calls 14419->14420 14421 40571e 14420->14421 14422 405777 SetLastError 14421->14422 14424 405736 14421->14424 14423 403a63 ctype 29 API calls 14422->14423 14423->14411 14425 40222b 30 API calls 14424->14425 14426 405744 14425->14426 14427 401daf 30 API calls 14426->14427 14428 405750 14427->14428 14429 403a63 ctype 29 API calls 14428->14429 14430 405758 14429->14430 14431 403a63 ctype 29 API calls 14430->14431 14432 405760 14431->14432 14433 403a63 ctype 29 API calls 14432->14433 14434 405768 14433->14434 14451 405414 14434->14451 14436->14386 14438 405414 FindClose 14437->14438 14439 405445 14438->14439 14440 4054a4 14439->14440 14441 405452 14439->14441 14442 40548d FindFirstFileW 14439->14442 14440->14406 14440->14415 14443 403b85 31 API calls 14441->14443 14442->14440 14444 4054a8 14442->14444 14445 40545d FindFirstFileA 14443->14445 14466 4054bd 14444->14466 14447 403a63 ctype 29 API calls 14445->14447 14448 405477 14447->14448 14448->14440 14454 40551c 14448->14454 14452 40541e FindClose 14451->14452 14453 405429 14451->14453 14452->14453 14453->14436 14455 405526 __EH_prolog 14454->14455 14456 403bdf 30 API calls 14455->14456 14457 405584 14456->14457 14458 403bca 31 API calls 14457->14458 14459 405592 14458->14459 14460 401daf 30 API calls 14459->14460 14461 40559f 14460->14461 14462 403a63 ctype 29 API calls 14461->14462 14463 4055a7 14462->14463 14464 403a63 ctype 29 API calls 14463->14464 14465 40548b 14464->14465 14465->14440 14467 4054fb 14466->14467 14468 401d50 30 API calls 14467->14468 14469 405518 14468->14469 14469->14440 14473 405ab1 14470->14473 14474 405892 34 API calls 14473->14474 14475 405acb 14474->14475 14475->14368 14477 40218d 30 API calls 14476->14477 14478 40804f 14477->14478 14478->14065 14480 407d97 __EH_prolog 14479->14480 14481 401cb5 30 API calls 14480->14481 14495 407dee 14480->14495 14482 407dd3 14481->14482 14522 407ee9 14482->14522 14483 401cb5 30 API calls 14487 407dff 14483->14487 14484 407e9f 14486 404349 ctype 34 API calls 14484->14486 14490 407eae 14486->14490 14491 407ee9 35 API calls 14487->14491 14488 401c9d 30 API calls 14505 407e1a 14488->14505 14493 404320 ctype 34 API calls 14490->14493 14494 407e0e 14491->14494 14492 403a63 ctype 29 API calls 14492->14495 14496 407eba 14493->14496 14497 403a63 ctype 29 API calls 14494->14497 14495->14483 14495->14505 14498 404349 ctype 34 API calls 14496->14498 14497->14505 14500 407ecc 14498->14500 14499 401daf 30 API calls 14499->14505 14501 404320 ctype 34 API calls 14500->14501 14502 407ed8 14501->14502 14502->14065 14504 403a63 29 API calls ctype 14504->14505 14505->14484 14505->14488 14505->14499 14505->14504 14535 40806e 14505->14535 14507 4080d9 __EH_prolog 14506->14507 14508 403a3d 30 API calls 14507->14508 14509 4080e4 14508->14509 14510 4080fb 14509->14510 14575 408116 14509->14575 14511 40a528 30 API calls 14510->14511 14513 408107 14511->14513 14513->14065 14515 4020b9 __EH_prolog 14514->14515 14516 404349 ctype 34 API calls 14515->14516 14517 4020dd 14516->14517 14518 404320 ctype 34 API calls 14517->14518 14519 4020e8 14518->14519 14520 403a63 ctype 29 API calls 14519->14520 14521 4020f0 14520->14521 14521->14065 14523 407ef3 __EH_prolog 14522->14523 14524 404349 ctype 34 API calls 14523->14524 14525 407f05 14524->14525 14526 40218d 30 API calls 14525->14526 14531 407f1a 14526->14531 14527 407f76 14528 403a63 ctype 29 API calls 14527->14528 14530 407de2 14528->14530 14529 407f65 14529->14527 14533 403981 30 API calls 14529->14533 14530->14492 14531->14527 14531->14529 14532 401ded 30 API calls 14531->14532 14545 403981 14531->14545 14532->14531 14533->14527 14536 408078 __EH_prolog 14535->14536 14537 403a3d 30 API calls 14536->14537 14538 408084 14537->14538 14539 4080ae 14538->14539 14540 401d16 30 API calls 14538->14540 14541 40a528 30 API calls 14539->14541 14542 40809e 14540->14542 14543 4080bf 14541->14543 14544 401d16 30 API calls 14542->14544 14543->14505 14544->14539 14546 40398b __EH_prolog 14545->14546 14547 403a3d 30 API calls 14546->14547 14548 403996 14547->14548 14549 4039ad 14548->14549 14550 401d16 30 API calls 14548->14550 14553 40a528 14549->14553 14550->14549 14556 404372 14553->14556 14557 4039b9 14556->14557 14558 40437a 14556->14558 14557->14531 14560 40439a 14558->14560 14561 40443e 14560->14561 14562 4043ae 14560->14562 14561->14557 14563 4043cb 14562->14563 14572 413b0d RaiseException 14562->14572 14565 4043f2 14563->14565 14573 413b0d RaiseException 14563->14573 14568 403a3d 30 API calls 14565->14568 14571 40441a 14565->14571 14567 403a63 ctype 29 API calls 14567->14561 14569 4043fe 14568->14569 14569->14571 14574 413b0d RaiseException 14569->14574 14571->14567 14572->14563 14573->14565 14574->14571 14576 408120 __EH_prolog 14575->14576 14577 401d16 30 API calls 14576->14577 14578 408147 14577->14578 14581 40816f 14578->14581 14582 408179 __EH_prolog 14581->14582 14583 404349 ctype 34 API calls 14582->14583 14584 4081a0 14583->14584 14587 4081bb 14584->14587 14588 40439a 30 API calls 14587->14588 14591 4081d3 14588->14591 14589 408157 14589->14510 14590 40806e 30 API calls 14590->14591 14591->14589 14591->14590 14593 403369 __EH_prolog 14592->14593 14594 40218d 30 API calls 14593->14594 14595 403385 14594->14595 14596 40218d 30 API calls 14595->14596 14597 40339a 14596->14597 14598 40218d 30 API calls 14597->14598 14599 402f27 14598->14599 14599->14079 14692 41468e 14600->14692 14603 413013 14603->14091 14604 413018 GetLastError 14605 413022 14604->14605 14605->14091 14607 403090 __EH_prolog 14606->14607 14608 401daf 30 API calls 14607->14608 14609 4030a5 14608->14609 14764 4060e5 14609->14764 14613 4030bd 14614 405ed1 33 API calls 14613->14614 14615 4030c8 14614->14615 14616 405eeb 33 API calls 14615->14616 14617 4030d6 14616->14617 14618 403a63 ctype 29 API calls 14617->14618 14619 4030de ShowWindow 14618->14619 14619->14111 14621 40347d __EH_prolog 14620->14621 14622 403a63 ctype 29 API calls 14621->14622 14623 403493 14622->14623 14788 403405 14623->14788 14626 403a63 ctype 29 API calls 14627 4034b5 14626->14627 14628 403a63 ctype 29 API calls 14627->14628 14629 401580 14628->14629 14629->13609 14629->13610 14631 4034d6 __EH_prolog 14630->14631 14632 40218d 30 API calls 14631->14632 14633 403508 14632->14633 14634 40218d 30 API calls 14633->14634 14635 40351e 14634->14635 14636 40218d 30 API calls 14635->14636 14637 403534 14636->14637 14638 40218d 30 API calls 14637->14638 14639 40354d 14638->14639 14798 40358f 14639->14798 14642 40218d 30 API calls 14643 403572 14642->14643 14643->14086 14645 403106 __EH_prolog 14644->14645 14646 401c9d 30 API calls 14645->14646 14647 403116 14646->14647 14648 405620 37 API calls 14647->14648 14649 403126 14648->14649 14650 40312a 14649->14650 14653 403141 14649->14653 14651 401d50 30 API calls 14650->14651 14652 403138 14651->14652 14654 403a63 ctype 29 API calls 14652->14654 14817 408d5e 14653->14817 14687 4031aa 14654->14687 14657 404320 ctype 34 API calls 14658 40318f 14657->14658 14659 403194 14658->14659 14660 4031af 14658->14660 14662 401d50 30 API calls 14659->14662 14661 401d16 30 API calls 14660->14661 14663 4031bb 14661->14663 14662->14652 14664 405bad 30 API calls 14663->14664 14665 4031c7 14664->14665 14852 404a3e 14665->14852 14668 403213 14670 401cb5 30 API calls 14668->14670 14669 4031d3 14979 4092e6 14669->14979 14672 403220 14670->14672 14887 402686 14672->14887 14678 403a63 ctype 29 API calls 14680 403252 14678->14680 14894 40b98f 14680->14894 14943 40bff7 14680->14943 14683 40326d 14687->14092 14693 416ccc 30 API calls 14692->14693 14694 41469e 14693->14694 14695 4146e1 14694->14695 14697 4146ac CreateThread 14694->14697 14696 413d6f ctype 29 API calls 14695->14696 14699 4146e7 14696->14699 14698 413009 14697->14698 14700 4146d9 GetLastError 14697->14700 14722 4146f9 TlsGetValue 14697->14722 14698->14603 14698->14604 14699->14698 14702 416c47 14699->14702 14700->14695 14719 416cc3 14702->14719 14705 416c80 14706 416cba 35 API calls 14705->14706 14708 416c85 14706->14708 14707 416c69 14709 416c90 14707->14709 14711 416c73 14707->14711 14708->14698 14710 416cad 14709->14710 14713 416ca0 14709->14713 14714 416cba 35 API calls 14710->14714 14712 416cba 35 API calls 14711->14712 14715 416c78 14712->14715 14716 416cba 35 API calls 14713->14716 14717 416cb2 14714->14717 14715->14698 14718 416ca5 14716->14718 14717->14698 14718->14698 14720 4152f3 35 API calls 14719->14720 14721 416c4d 14720->14721 14721->14705 14721->14707 14723 414731 14722->14723 14724 414746 TlsSetValue 14722->14724 14742 41535a 14723->14742 14727 414765 GetCurrentThreadId 14724->14727 14728 41475d 14724->14728 14730 414776 14727->14730 14729 4149dc ctype 7 API calls 14728->14729 14731 414764 14729->14731 14734 4147bf 14730->14734 14731->14727 14735 4147c8 14734->14735 14736 4152f3 35 API calls 14735->14736 14737 4147d0 14736->14737 14738 4147dd 14737->14738 14739 4149dc ctype 7 API calls 14737->14739 14740 41535a 31 API calls 14738->14740 14739->14738 14741 4147e4 ExitThread 14740->14741 14743 4153f9 14742->14743 14744 415368 14742->14744 14743->14724 14745 415371 TlsGetValue 14744->14745 14746 41537e 14744->14746 14745->14746 14747 4153ea TlsSetValue 14745->14747 14748 41538b 14746->14748 14749 413d6f ctype 29 API calls 14746->14749 14747->14743 14750 413d6f ctype 29 API calls 14748->14750 14752 415399 14748->14752 14749->14748 14750->14752 14751 4153a7 14754 413d6f ctype 29 API calls 14751->14754 14756 4153b5 14751->14756 14752->14751 14753 413d6f ctype 29 API calls 14752->14753 14753->14751 14754->14756 14755 4153c3 14758 4153d1 14755->14758 14759 413d6f ctype 29 API calls 14755->14759 14756->14755 14757 413d6f ctype 29 API calls 14756->14757 14757->14755 14760 4153e2 14758->14760 14762 413d6f ctype 29 API calls 14758->14762 14759->14758 14761 413d6f ctype 29 API calls 14760->14761 14763 4153e9 14761->14763 14762->14760 14763->14747 14765 4060ef __EH_prolog 14764->14765 14766 406100 DialogBoxParamW 14765->14766 14767 40611a 14765->14767 14773 4030b3 14766->14773 14768 40245b 30 API calls 14767->14768 14769 40612d 14768->14769 14770 406174 DialogBoxParamA 14769->14770 14772 401cb5 30 API calls 14769->14772 14771 403a63 ctype 29 API calls 14770->14771 14771->14773 14774 406143 14772->14774 14783 412fe0 WaitForSingleObject 14773->14783 14775 401a66 31 API calls 14774->14775 14776 406152 14775->14776 14784 405f5d 14776->14784 14779 403a63 ctype 29 API calls 14780 406167 14779->14780 14781 403a63 ctype 29 API calls 14780->14781 14782 40616f 14781->14782 14782->14770 14783->14613 14785 405f69 14784->14785 14787 405f7a 14784->14787 14786 40245b 30 API calls 14785->14786 14786->14787 14787->14779 14789 40340f __EH_prolog 14788->14789 14790 404349 ctype 34 API calls 14789->14790 14791 40343b 14790->14791 14792 404320 ctype 34 API calls 14791->14792 14793 403446 14792->14793 14794 404349 ctype 34 API calls 14793->14794 14795 40345a 14794->14795 14796 404320 ctype 34 API calls 14795->14796 14797 403465 14796->14797 14797->14626 14799 403599 __EH_prolog 14798->14799 14800 40218d 30 API calls 14799->14800 14801 4035c6 14800->14801 14808 40364c 14801->14808 14805 4035fd 14806 403559 14805->14806 14815 413b0d RaiseException 14805->14815 14806->14642 14816 4130e0 InitializeCriticalSection 14808->14816 14810 4035da 14811 413070 CreateEventA 14810->14811 14812 413091 GetLastError 14811->14812 14813 41308e 14811->14813 14814 41309b 14812->14814 14813->14805 14814->14805 14815->14806 14816->14810 14818 408d68 __EH_prolog 14817->14818 14819 403a3d 30 API calls 14818->14819 14820 408d82 14819->14820 14821 408d94 14820->14821 15045 408f0b 14820->15045 14823 40218d 30 API calls 14821->14823 14824 408dcb 14823->14824 14825 40218d 30 API calls 14824->14825 14826 408de2 14825->14826 14834 408e11 14826->14834 14987 405039 14826->14987 14832 408e65 14836 402635 30 API calls 14832->14836 14833 408e3e 14835 403a63 ctype 29 API calls 14833->14835 15019 40888f 14834->15019 14837 408e46 14835->14837 14838 408e74 14836->14838 14839 403a63 ctype 29 API calls 14837->14839 14840 403981 30 API calls 14838->14840 14850 403181 14839->14850 14841 408e81 14840->14841 14842 403a63 ctype 29 API calls 14841->14842 14846 408e8d 14842->14846 14843 408ec6 14845 403a63 ctype 29 API calls 14843->14845 14844 402635 30 API calls 14844->14846 14847 408ee0 14845->14847 14846->14843 14846->14844 14848 403981 30 API calls 14846->14848 14851 403a63 ctype 29 API calls 14846->14851 14849 403a63 ctype 29 API calls 14847->14849 14848->14846 14849->14850 14850->14657 14851->14846 14853 404a48 __EH_prolog 14852->14853 14854 401cb5 30 API calls 14853->14854 14857 404a56 14854->14857 14855 401d16 30 API calls 14880 404ab4 14855->14880 14856 4049f4 33 API calls 14856->14880 14857->14855 14861 404a96 14857->14861 14858 404acb GetLastError 14862 404b47 14858->14862 14858->14880 14859 404b9e 14860 401daf 30 API calls 14859->14860 14878 404bab 14860->14878 14866 403a63 ctype 29 API calls 14861->14866 14864 401c9d 30 API calls 14862->14864 14863 404c00 14867 403a63 ctype 29 API calls 14863->14867 14865 404b4f 14864->14865 14868 405620 37 API calls 14865->14868 14869 4031cf 14866->14869 14867->14861 14870 404b5e 14868->14870 14869->14668 14869->14669 14871 404b62 14870->14871 14872 404b92 14870->14872 14873 403a63 ctype 29 API calls 14871->14873 14875 403a63 ctype 29 API calls 14872->14875 14876 404b7a 14873->14876 14874 401e6f 30 API calls 14874->14878 14875->14859 14879 403a63 ctype 29 API calls 14876->14879 14877 401e6f 30 API calls 14877->14880 14878->14863 14878->14874 14881 4049f4 33 API calls 14878->14881 14885 403a63 ctype 29 API calls 14878->14885 14882 404b82 14879->14882 14880->14856 14880->14858 14880->14859 14880->14863 14880->14877 14883 401daf 30 API calls 14880->14883 14886 403a63 ctype 29 API calls 14880->14886 14881->14878 14884 403a63 ctype 29 API calls 14882->14884 14883->14880 14884->14869 14885->14878 14886->14880 14888 401daf 30 API calls 14887->14888 14889 4026ad 14888->14889 14890 401daf 30 API calls 14889->14890 14891 4026d9 14890->14891 14892 405bad 30 API calls 14891->14892 14893 4026e0 14892->14893 14893->14678 14906 40b999 __EH_prolog 14894->14906 14895 40bb14 14897 40bb56 14895->14897 14898 40bb29 14895->14898 14900 40c233 35 API calls 14900->14906 14904 404320 34 API calls ctype 14904->14906 14906->14895 14906->14900 14906->14904 14920 40b9e9 14906->14920 15664 40c0d4 14906->15664 15670 40c047 14906->15670 15674 40c1d9 14906->15674 14920->14683 14959 40bbbd 14943->14959 14944 40bbe2 14946 40c146 34 API calls 14944->14946 14945 40bc3e 14949 40c146 34 API calls 14945->14949 14947 403a3d 30 API calls 14947->14959 14953 40c3ae 30 API calls 14953->14959 14956 40bc21 14956->14683 14957 40c50e 60 API calls 14957->14959 14958 40bd0b 14960 40c146 34 API calls 14958->14960 14959->14944 14959->14945 14959->14947 14959->14953 14959->14956 14959->14957 14959->14958 14962 40ab05 94 API calls 14959->14962 14966 40beb9 14959->14966 14967 40be1f 14959->14967 14968 40be7b 14959->14968 14969 40c820 60 API calls 14959->14969 14972 40bf1c 14959->14972 14962->14959 14970 40c146 34 API calls 14966->14970 14973 40c146 34 API calls 14967->14973 14974 40c146 34 API calls 14968->14974 14969->14959 14980 4092f0 __EH_prolog 14979->14980 14981 405ed1 33 API calls 14980->14981 14982 409302 14981->14982 16144 409273 14982->16144 14988 405043 __EH_prolog 14987->14988 15053 404e2e 14988->15053 14991 405066 14993 401e6f 30 API calls 14991->14993 15004 4050d9 14991->15004 14992 401d50 30 API calls 14992->14991 14994 40509d 14993->14994 14995 401daf 30 API calls 14994->14995 14996 4050a9 14995->14996 14997 403a63 ctype 29 API calls 14996->14997 14998 4050b5 14997->14998 14999 401e4e 30 API calls 14998->14999 15000 4050c2 14999->15000 15001 401daf 30 API calls 15000->15001 15002 4050d1 15001->15002 15003 403a63 ctype 29 API calls 15002->15003 15003->15004 15005 409070 15004->15005 15006 40907a __EH_prolog 15005->15006 15007 401daf 30 API calls 15006->15007 15008 40908f 15007->15008 15009 402635 30 API calls 15008->15009 15010 40909c 15009->15010 15011 405620 37 API calls 15010->15011 15012 4090ab 15011->15012 15013 403a63 ctype 29 API calls 15012->15013 15014 4090bf 15013->15014 15015 4090d9 15014->15015 15073 413b0d RaiseException 15014->15073 15017 404349 ctype 34 API calls 15015->15017 15018 4090e1 15017->15018 15018->14834 15042 408899 __EH_prolog 15019->15042 15020 408cf4 30 API calls 15020->15042 15021 408b4f 15024 405cd6 VariantClear 15021->15024 15022 401daf 30 API calls 15022->15042 15023 408cc9 15026 405cd6 VariantClear 15023->15026 15034 4088b5 15024->15034 15026->15034 15027 408b3c 15184 4038ab 15027->15184 15029 409177 30 API calls 15029->15042 15032 408b62 15033 4038ab 29 API calls 15032->15033 15033->15034 15034->14832 15034->14833 15036 408ba9 15039 4038ab 29 API calls 15036->15039 15037 408c02 15040 4038ab 29 API calls 15037->15040 15039->15034 15040->15034 15041 408c5a 15043 4038ab 29 API calls 15041->15043 15042->15020 15042->15021 15042->15022 15042->15023 15042->15027 15042->15029 15042->15032 15042->15034 15042->15036 15042->15037 15042->15041 15044 4038ab 29 API calls 15042->15044 15074 408755 15042->15074 15087 405cd6 15042->15087 15091 4081f4 15042->15091 15116 4083ab 15042->15116 15180 408313 15042->15180 15043->15034 15044->15042 15046 408f15 __EH_prolog 15045->15046 15047 40218d 30 API calls 15046->15047 15048 408f48 15047->15048 15049 404d82 30 API calls 15048->15049 15050 408f53 15049->15050 15051 40218d 30 API calls 15050->15051 15052 408f69 15051->15052 15052->14821 15054 404e38 __EH_prolog 15053->15054 15055 404e59 15054->15055 15056 404edd GetFullPathNameW 15054->15056 15057 403b85 31 API calls 15055->15057 15058 404f02 15056->15058 15059 404ed9 15056->15059 15060 404e6c GetFullPathNameA 15057->15060 15058->15059 15062 401d50 30 API calls 15058->15062 15059->14991 15059->14992 15061 403a63 ctype 29 API calls 15060->15061 15063 404e8f 15061->15063 15062->15059 15063->15059 15064 403bdf 30 API calls 15063->15064 15065 404eaf 15064->15065 15066 403bca 31 API calls 15065->15066 15067 404ebd 15066->15067 15068 401daf 30 API calls 15067->15068 15069 404ec9 15068->15069 15070 403a63 ctype 29 API calls 15069->15070 15071 404ed1 15070->15071 15072 403a63 ctype 29 API calls 15071->15072 15072->15059 15073->15015 15075 40875f __EH_prolog 15074->15075 15076 40877a 15075->15076 15077 40879e 15075->15077 15078 403a3d 30 API calls 15076->15078 15079 408781 15077->15079 15081 403a3d 30 API calls 15077->15081 15078->15079 15080 4083ab 99 API calls 15079->15080 15082 40880c 15080->15082 15083 4087aa 15081->15083 15082->15042 15084 405a0f 34 API calls 15083->15084 15085 4087e4 15084->15085 15085->15079 15086 4087e8 GetLastError 15085->15086 15086->15082 15090 405cdb 15087->15090 15088 405d13 15088->15042 15089 405cfc VariantClear 15089->15042 15090->15088 15090->15089 15092 4081fe __EH_prolog 15091->15092 15093 40822a 15092->15093 15094 40823d 15092->15094 15095 405cd6 VariantClear 15093->15095 15096 408253 15094->15096 15097 408244 15094->15097 15114 408236 15095->15114 15099 4082f1 15096->15099 15100 408251 15096->15100 15098 401d50 30 API calls 15097->15098 15098->15100 15101 405cd6 VariantClear 15099->15101 15102 405cd6 VariantClear 15100->15102 15101->15114 15103 408274 15102->15103 15104 401daf 30 API calls 15103->15104 15103->15114 15105 408284 15104->15105 15106 4082a8 15105->15106 15107 4082b3 15105->15107 15108 4082d6 15105->15108 15111 405cd6 VariantClear 15106->15111 15109 401ded 30 API calls 15107->15109 15108->15106 15110 4082c6 15108->15110 15112 4082bc 15109->15112 15113 405cd6 VariantClear 15110->15113 15111->15114 15115 4048ab 30 API calls 15112->15115 15113->15114 15114->15042 15115->15110 15118 4083b5 __EH_prolog 15116->15118 15191 4045d0 15118->15191 15120 40218d 30 API calls 15122 4083f7 15120->15122 15121 40844b 15123 408466 15121->15123 15135 408476 15121->15135 15122->15121 15127 401e4e 30 API calls 15122->15127 15125 40a528 30 API calls 15123->15125 15124 4084c3 15130 40435e ctype 34 API calls 15124->15130 15142 408471 15124->15142 15171 4084cf 15124->15171 15125->15142 15128 408432 15127->15128 15129 401daf 30 API calls 15128->15129 15132 40843f 15129->15132 15130->15142 15136 403a63 ctype 29 API calls 15132->15136 15133 40a528 30 API calls 15133->15135 15134 404320 ctype 34 API calls 15137 4085c9 15134->15137 15135->15124 15135->15133 15229 407d59 15135->15229 15233 40447a 15135->15233 15136->15121 15138 403a63 ctype 29 API calls 15137->15138 15139 4085d1 15138->15139 15140 403a63 ctype 29 API calls 15139->15140 15141 4085d9 15140->15141 15141->15042 15143 4085f2 15142->15143 15147 408628 15142->15147 15142->15171 15195 40647d 15142->15195 15201 40dd29 15142->15201 15209 40cf82 15142->15209 15144 404320 ctype 34 API calls 15143->15144 15145 40860f 15144->15145 15146 403a63 ctype 29 API calls 15145->15146 15149 408617 15146->15149 15148 40867f 15147->15148 15152 401d50 30 API calls 15147->15152 15147->15171 15150 405cd6 VariantClear 15148->15150 15151 403a63 ctype 29 API calls 15149->15151 15153 40868b 15150->15153 15151->15141 15152->15148 15154 408700 15153->15154 15155 4086a4 15153->15155 15156 407d59 5 API calls 15154->15156 15157 401cb5 30 API calls 15155->15157 15158 40870b 15156->15158 15159 4086b2 15157->15159 15161 407bd5 35 API calls 15158->15161 15160 401cb5 30 API calls 15159->15160 15162 4086bf 15160->15162 15163 408727 15161->15163 15236 407bd5 15162->15236 15165 401daf 30 API calls 15163->15165 15167 408734 15165->15167 15169 403a63 ctype 29 API calls 15167->15169 15169->15171 15171->15134 15181 40831d __EH_prolog 15180->15181 15182 405cd6 VariantClear 15181->15182 15183 408398 15182->15183 15183->15042 15185 403a63 ctype 29 API calls 15184->15185 15186 4038b6 15185->15186 15187 403a63 ctype 29 API calls 15186->15187 15188 4038be 15187->15188 15189 403a63 ctype 29 API calls 15188->15189 15190 4038c6 15189->15190 15190->15034 15192 4045e0 15191->15192 15193 401e4e 30 API calls 15192->15193 15194 404605 15193->15194 15194->15120 15196 406486 15195->15196 15197 40648d 15195->15197 15196->15142 15246 405970 SetFilePointer 15197->15246 15202 40dd3b 15201->15202 15207 40647d 3 API calls 15202->15207 15203 40dd4f 15204 40dd86 15203->15204 15208 40647d 3 API calls 15203->15208 15204->15142 15205 40dd63 15205->15204 15253 40db62 15205->15253 15207->15203 15208->15205 15210 40cf8c __EH_prolog 15209->15210 15211 40dd29 34 API calls 15210->15211 15212 40cfdf 15211->15212 15213 40cfe5 15212->15213 15214 40d006 15212->15214 15289 40d0a6 15213->15289 15285 40f6e0 15214->15285 15228 40cff1 15228->15142 15231 407d81 15229->15231 15232 407d64 15229->15232 15230 403b38 ctype 5 API calls 15230->15232 15231->15135 15232->15230 15232->15231 15234 404372 30 API calls 15233->15234 15235 404482 15234->15235 15235->15135 15237 407bdf __EH_prolog 15236->15237 15518 407c28 15237->15518 15240 40237b 30 API calls 15241 407c03 15240->15241 15242 401d16 30 API calls 15241->15242 15243 407c0e 15242->15243 15244 403a63 ctype 29 API calls 15243->15244 15245 407c16 15244->15245 15247 4059a3 15246->15247 15248 405999 GetLastError 15246->15248 15249 4063ff 15247->15249 15248->15247 15250 406403 15249->15250 15251 406406 GetLastError 15249->15251 15250->15196 15252 406410 15251->15252 15252->15196 15254 40db6c __EH_prolog 15253->15254 15267 407689 15254->15267 15256 40db98 15256->15204 15257 40db83 15257->15256 15270 4075ef 15257->15270 15259 40dc78 15260 403a63 ctype 29 API calls 15259->15260 15260->15256 15261 40dc8d 15262 403a63 ctype 29 API calls 15261->15262 15262->15256 15263 40dbbc ctype 15263->15259 15263->15261 15264 40dc90 15263->15264 15276 4063d0 15263->15276 15265 40647d 3 API calls 15264->15265 15265->15261 15281 40763d 15267->15281 15271 407630 15270->15271 15272 4075fc 15270->15272 15271->15263 15273 403a3d 30 API calls 15272->15273 15275 407607 ctype 15272->15275 15273->15275 15274 403a63 ctype 29 API calls 15274->15271 15275->15274 15277 405a4a ReadFile 15276->15277 15278 4063e8 15277->15278 15279 4063ff GetLastError 15278->15279 15280 4063fb 15279->15280 15280->15263 15283 407651 15281->15283 15282 407680 15282->15257 15283->15282 15284 4063d0 ReadFile GetLastError 15283->15284 15284->15283 15286 40f6ea __EH_prolog 15285->15286 15321 40f449 15286->15321 15290 40d0b0 __EH_prolog 15289->15290 15291 404349 ctype 34 API calls 15290->15291 15292 40d0d4 15291->15292 15293 404320 ctype 34 API calls 15292->15293 15294 40d0df 15293->15294 15294->15228 15322 40f453 __EH_prolog 15321->15322 15361 40d14e 15322->15361 15326 40f495 15327 40d91e RaiseException 15326->15327 15329 40f4ca 15326->15329 15327->15329 15362 40d1a9 34 API calls 15361->15362 15363 40d156 15362->15363 15364 404349 ctype 34 API calls 15363->15364 15365 40d161 15364->15365 15366 404349 ctype 34 API calls 15365->15366 15367 40d16c 15366->15367 15368 404349 ctype 34 API calls 15367->15368 15369 40d177 15368->15369 15370 404349 ctype 34 API calls 15369->15370 15371 40d182 15370->15371 15372 404349 ctype 34 API calls 15371->15372 15373 40d18d 15372->15373 15373->15326 15510 40d91e 15373->15510 15511 413b0d RaiseException 15510->15511 15520 407c32 __EH_prolog 15518->15520 15519 407d08 15521 407d11 15519->15521 15522 407d22 15519->15522 15523 401e4e 30 API calls 15520->15523 15525 407cb6 15520->15525 15524 40485a 30 API calls 15521->15524 15526 402635 30 API calls 15522->15526 15527 407c6e 15523->15527 15542 407bf7 15524->15542 15525->15519 15529 407ce1 15525->15529 15526->15542 15528 403b38 ctype 5 API calls 15527->15528 15530 407c7b 15528->15530 15531 401e6f 30 API calls 15529->15531 15532 403a63 ctype 29 API calls 15530->15532 15533 407ced 15531->15533 15534 407c8c 15532->15534 15535 402635 30 API calls 15533->15535 15534->15525 15536 407c91 15534->15536 15538 407cb1 15535->15538 15537 401e6f 30 API calls 15536->15537 15539 407c9d 15537->15539 15540 403a63 ctype 29 API calls 15538->15540 15541 402635 30 API calls 15539->15541 15540->15542 15541->15538 15542->15240 15665 40c0de __EH_prolog 15664->15665 15671 40c056 15670->15671 15673 40c05c 15670->15673 15671->14906 15673->15671 15675 404372 30 API calls 15674->15675 16145 40927d __EH_prolog 16144->16145 16146 401d16 30 API calls 16145->16146 16147 409290 16146->16147 16148 401cb5 30 API calls 16147->16148 16149 4092a1 16148->16149 16150 401e8b 30 API calls 16149->16150 16151 4092b4 16150->16151 16152 403a63 ctype 29 API calls 16151->16152 16153 4092c0 16152->16153 16154 401d16 30 API calls 16153->16154 16159 4023c5 16158->16159 16167 403fd0 __EH_prolog 16166->16167 16168 40245b 30 API calls 16167->16168 16169 403ff3 16168->16169 16170 404024 16169->16170 16172 401f02 30 API calls 16169->16172 16171 403dae 30 API calls 16170->16171 16173 404030 16171->16173 16172->16169 16174 403a63 ctype 29 API calls 16173->16174 16175 404038 16174->16175 16175->14172 16177 404152 __EH_prolog 16176->16177 16178 403a3d 30 API calls 16177->16178 16179 40415e 16178->16179 16180 401d16 30 API calls 16179->16180 16185 404188 16179->16185 16181 404178 16180->16181 16183 401d16 30 API calls 16181->16183 16182 40a528 30 API calls 16184 404199 16182->16184 16183->16185 16184->14172 16185->16182 16187 403a63 ctype 29 API calls 16186->16187 16188 402167 16187->16188 16189 403a63 ctype 29 API calls 16188->16189 16190 40216e 16189->16190 16190->14172 16192 405e0a __EH_prolog 16191->16192 16193 405e21 16192->16193 16194 405e9a 16192->16194 16196 40218d 30 API calls 16193->16196 16207 405d5e 16194->16207 16198 405e35 16196->16198 16201 405e54 LoadStringW 16198->16201 16202 40218d 30 API calls 16198->16202 16200 405e95 16204 403a63 ctype 29 API calls 16200->16204 16201->16198 16203 405e6d 16201->16203 16202->16201 16205 401d16 30 API calls 16203->16205 16206 4015a1 16204->16206 16205->16200 16206->13632 16208 405d68 __EH_prolog 16207->16208 16209 40245b 30 API calls 16208->16209 16210 405d8b 16209->16210 16211 405daa LoadStringA 16210->16211 16212 40245b 30 API calls 16210->16212 16211->16210 16213 405dc3 16211->16213 16212->16211 16214 403dae 30 API calls 16213->16214 16215 405de4 16214->16215 16216 403a63 ctype 29 API calls 16215->16216 16217 405dec 16216->16217 16218 404845 16217->16218 16219 403c26 31 API calls 16218->16219 16220 404855 16219->16220 16220->16200 16349 416b2d 16340->16349 16343 416a99 GetCurrentProcess TerminateProcess 16344 416aaa 16343->16344 16345 416b14 16344->16345 16346 416b1b ExitProcess 16344->16346 16352 416b36 16345->16352 16350 4154da ctype 29 API calls 16349->16350 16351 416a8e 16350->16351 16351->16343 16351->16344 16355 41553b LeaveCriticalSection 16352->16355 16354 4149bd 16354->13837 16355->16354 16356 4032ca 16359 4032d8 16356->16359 16360 4032e2 __EH_prolog 16359->16360 16361 4030fc 105 API calls 16360->16361 16362 403304 16361->16362 16365 40332e 16362->16365 16364 4032d3 16370 412fe0 WaitForSingleObject 16365->16370 16367 403339 16368 403340 PostMessageA 16367->16368 16369 403352 16367->16369 16368->16364 16369->16364 16370->16367 16371 41561a SetUnhandledExceptionFilter 16372 40c90c 16373 40c919 16372->16373 16374 40c92a 16372->16374 16373->16374 16378 40c931 16373->16378 16377 403a63 ctype 29 API calls 16377->16374 16379 40c93b __EH_prolog 16378->16379 16382 40c96c 16379->16382 16383 40c976 __EH_prolog 16382->16383 16384 404320 ctype 34 API calls 16383->16384 16385 40c98f 16384->16385 16386 404320 ctype 34 API calls 16385->16386 16387 40c99e 16386->16387 16388 404320 ctype 34 API calls 16387->16388 16389 40c9ad 16388->16389 16390 404320 ctype 34 API calls 16389->16390 16391 40c9bc 16390->16391 16392 404320 ctype 34 API calls 16391->16392 16393 40c9cb 16392->16393 16396 40c9e3 16393->16396 16397 40c9ed __EH_prolog 16396->16397 16398 404320 ctype 34 API calls 16397->16398 16399 40ca08 16398->16399 16400 404320 ctype 34 API calls 16399->16400 16401 40ca1d 16400->16401 16402 404320 ctype 34 API calls 16401->16402 16403 40ca28 16402->16403 16404 404320 ctype 34 API calls 16403->16404 16405 40ca3d 16404->16405 16406 404320 ctype 34 API calls 16405->16406 16407 40ca48 16406->16407 16408 404320 ctype 34 API calls 16407->16408 16409 40ca5d 16408->16409 16410 404320 ctype 34 API calls 16409->16410 16411 40ca68 16410->16411 16412 404320 ctype 34 API calls 16411->16412 16413 40ca7a 16412->16413 16414 404320 ctype 34 API calls 16413->16414 16415 40ca85 16414->16415 16416 404349 ctype 34 API calls 16415->16416 16417 40ca9c 16416->16417 16418 404320 ctype 34 API calls 16417->16418 16419 40caa7 16418->16419 16420 404320 ctype 34 API calls 16419->16420 16421 40cab3 16420->16421 16422 404349 ctype 34 API calls 16421->16422 16423 40caca 16422->16423 16424 404320 ctype 34 API calls 16423->16424 16425 40cad5 16424->16425 16426 404320 ctype 34 API calls 16425->16426 16427 40cae1 16426->16427 16428 404320 ctype 34 API calls 16427->16428 16429 40caed 16428->16429 16430 404320 ctype 34 API calls 16429->16430 16431 40c924 16430->16431 16431->16377 16432 4068fd 16433 40690a 16432->16433 16434 40691b 16432->16434 16433->16434 16438 406922 16433->16438 16437 403a63 ctype 29 API calls 16437->16434 16439 40692c __EH_prolog 16438->16439 16442 410f60 16439->16442 16443 406915 16442->16443 16444 410f64 VirtualFree 16442->16444 16443->16437 16444->16443 16445 40961f 16446 40962c KillTimer 16445->16446 16447 409642 16445->16447 16446->16447 16448 40965b 16446->16448 16452 405f95 16447->16452 16456 40972b EndDialog 16448->16456 16450 409659 16453 405fb8 16452->16453 16454 405fa0 16452->16454 16453->16450 16454->16453 16457 409504 16454->16457 16456->16450 16458 40950e __EH_prolog 16457->16458 16481 40935a EnterCriticalSection LeaveCriticalSection 16458->16481 16460 409522 16461 409526 16460->16461 16462 40970a PostMessageA 16460->16462 16461->16453 16463 409535 EnterCriticalSection LeaveCriticalSection 16462->16463 16464 409565 16463->16464 16465 40955d 16463->16465 16486 409418 16464->16486 16465->16464 16466 409570 16465->16466 16482 40948b 16466->16482 16469 40957d __aulldiv 16469->16461 16470 401cb5 30 API calls 16469->16470 16471 4095ca 16470->16471 16472 4048ab 30 API calls 16471->16472 16473 4095da 16472->16473 16474 402635 30 API calls 16473->16474 16475 4095e9 16474->16475 16476 405eeb 33 API calls 16475->16476 16477 4095f7 16476->16477 16478 403a63 ctype 29 API calls 16477->16478 16479 4095ff 16478->16479 16480 403a63 ctype 29 API calls 16479->16480 16480->16461 16481->16460 16485 4094a0 16482->16485 16483 4094e8 SendMessageA 16484 4094fd 16483->16484 16484->16469 16485->16483 16485->16484 16487 409443 16486->16487 16488 409474 SendMessageA 16487->16488 16488->16466

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 004148D4, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                    			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				unsigned int _t15;
				signed int _t27;
				intOrPtr _t29;
				signed int _t35;
				intOrPtr _t52;

				_t47 = __edi;
				_push(0xffffffff);
				_push(0x41b9e8);
				_push(E004147FC);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t52;
				_push(__edi);
				_v28 = _t52 - 0x58;
				_t15 = GetVersion();
				 *0x4233f0 = 0;
				_t35 = _t15 & 0x000000ff;
				 *0x4233ec = _t35;
				 *0x4233e8 = _t35 << 8;
				 *0x4233e4 = _t15 >> 0x10;
				if(E004157C8(_t35 << 8, 1) == 0) {
					E00414A01(0x1c);
				}
				if(E0041528C() == 0) {
					E00414A01(0x10);
				}
				_v8 = 0;
				E00417411();
				 *0x425a5c = GetCommandLineA();
				 *0x423360 = E004172DF();
				E00417092();
				E00416FD9();
				E00416A39();
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				_v104 = E00416F81();
				_t56 = _v96.dwFlags & 0x00000001;
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t27 = 0xa;
				} else {
					_t27 = _v96.wShowWindow & 0x0000ffff;
				}
				_t29 = E00401014(_t56, GetModuleHandleA(0), 0, _v104, _t27); // executed
				_v100 = _t29;
				E00416A66(_t29);
				_v108 =  *((intOrPtr*)( *_v24));
				return E00416E09(_t47, _t56,  *((intOrPtr*)( *_v24)), _v24);
			}















                                                                                                                                                                    0x004148d4
                                                                                                                                                                    0x004148d7
                                                                                                                                                                    0x004148d9
                                                                                                                                                                    0x004148de
                                                                                                                                                                    0x004148e9
                                                                                                                                                                    0x004148ea
                                                                                                                                                                    0x004148f6
                                                                                                                                                                    0x004148f7
                                                                                                                                                                    0x004148fa
                                                                                                                                                                    0x00414904
                                                                                                                                                                    0x0041490c
                                                                                                                                                                    0x00414912
                                                                                                                                                                    0x0041491d
                                                                                                                                                                    0x00414926
                                                                                                                                                                    0x00414935
                                                                                                                                                                    0x00414939
                                                                                                                                                                    0x0041493e
                                                                                                                                                                    0x00414946
                                                                                                                                                                    0x0041494a
                                                                                                                                                                    0x0041494f
                                                                                                                                                                    0x00414952
                                                                                                                                                                    0x00414955
                                                                                                                                                                    0x00414960
                                                                                                                                                                    0x0041496a
                                                                                                                                                                    0x0041496f
                                                                                                                                                                    0x00414974
                                                                                                                                                                    0x00414979
                                                                                                                                                                    0x0041497e
                                                                                                                                                                    0x00414985
                                                                                                                                                                    0x00414990
                                                                                                                                                                    0x00414993
                                                                                                                                                                    0x00414997
                                                                                                                                                                    0x004149a1
                                                                                                                                                                    0x00414999
                                                                                                                                                                    0x00414999
                                                                                                                                                                    0x00414999
                                                                                                                                                                    0x004149af
                                                                                                                                                                    0x004149b4
                                                                                                                                                                    0x004149b8
                                                                                                                                                                    0x004149c4
                                                                                                                                                                    0x004149d0

                                                                                                                                                                    APIs
                                                                                                                                                                    • GetVersion.KERNEL32 ref: 004148FA
                                                                                                                                                                      • Part of subcall function 004157C8: HeapCreate.KERNELBASE(00000000,00001000,00000000,00414932,00000001), ref: 004157D9
                                                                                                                                                                      • Part of subcall function 004157C8: HeapDestroy.KERNEL32 ref: 00415818
                                                                                                                                                                    • GetCommandLineA.KERNEL32 ref: 0041495A
                                                                                                                                                                    • GetStartupInfoA.KERNEL32(?), ref: 00414985
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004149A8
                                                                                                                                                                      • Part of subcall function 00414A01: ExitProcess.KERNEL32 ref: 00414A1E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                                                                                                                                                                    • String ID: `&
                                                                                                                                                                    • API String ID: 2057626494-1405188806
                                                                                                                                                                    • Opcode ID: d0b0bc6d91067fd433c2cc4b1856fc531dfd5f25a3beb9f48f66dbad23e013fe
                                                                                                                                                                    • Instruction ID: fb65514f2d73941f5fb5fe300876562abb5c146ee9b99336205dd39c2cb12ef3
                                                                                                                                                                    • Opcode Fuzzy Hash: d0b0bc6d91067fd433c2cc4b1856fc531dfd5f25a3beb9f48f66dbad23e013fe
                                                                                                                                                                    • Instruction Fuzzy Hash: BD219EB19407159FDB14EFB6DC46AEE7BB8EF44704F10412FF910AB291DB3C89818A58
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00405434, Relevance: 3.0, APIs: 2, Instructions: 44fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00405434(void** __ecx, void* __eflags, WCHAR* _a4, intOrPtr _a8) {
				char _v16;
				struct _WIN32_FIND_DATAA _v336;
				struct _WIN32_FIND_DATAW _v608;
				void* __ebp;
				void* _t14;
				void** _t31;

				_t31 = __ecx;
				if(E00405414(__ecx) == 0) {
					L5:
					return 0;
				}
				if( *0x423168 != 0) {
					_t14 = FindFirstFileW(_a4,  &_v608); // executed
					__eflags = _t14 - 0xffffffff;
					 *_t31 = _t14;
					if(__eflags != 0) {
						E004054BD( &_v608, _a8, __eflags);
						L7:
						return 1;
					}
					goto L5;
				}
				 *_t31 = FindFirstFileA( *(E00403B85( &_v16, _a4)),  &_v336);
				E00403A63(_v16);
				_t35 =  *_t31 - 0xffffffff;
				if( *_t31 == 0xffffffff) {
					goto L5;
				}
				E0040551C( &_v336, _a8, _t35);
				goto L7;
			}









                                                                                                                                                                    0x0040543e
                                                                                                                                                                    0x00405447
                                                                                                                                                                    0x004054a4
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004054a4
                                                                                                                                                                    0x00405450
                                                                                                                                                                    0x00405497
                                                                                                                                                                    0x0040549d
                                                                                                                                                                    0x004054a0
                                                                                                                                                                    0x004054a2
                                                                                                                                                                    0x004054b1
                                                                                                                                                                    0x004054b6
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004054b6
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004054a2
                                                                                                                                                                    0x00405470
                                                                                                                                                                    0x00405472
                                                                                                                                                                    0x00405477
                                                                                                                                                                    0x0040547b
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00405486
                                                                                                                                                                    0x00000000

                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00405414: FindClose.KERNELBASE(?,000000FF,00405445,000000FF), ref: 0040541F
                                                                                                                                                                    • FindFirstFileW.KERNELBASE(?,?,000000FF), ref: 00405497
                                                                                                                                                                      • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,000000FF), ref: 00405467
                                                                                                                                                                      • Part of subcall function 0040551C: __EH_prolog.LIBCMT ref: 00405521
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Find$FileFirstH_prolog$Close
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3335342080-0
                                                                                                                                                                    • Opcode ID: 01ff4a9bc94c78cd279a0d863a54892268cf469c718bfc53d66ce16def007dff
                                                                                                                                                                    • Instruction ID: 44fa9ff84b7e7cb6f1e8d7f9ea47a8a098aa0700a3472251c04f15a334366322
                                                                                                                                                                    • Opcode Fuzzy Hash: 01ff4a9bc94c78cd279a0d863a54892268cf469c718bfc53d66ce16def007dff
                                                                                                                                                                    • Instruction Fuzzy Hash: 33014830401505ABCF20AF64DC456EE7779DF51329F20827AE855672D1D73C9A85CF98
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0041561A, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E0041561A() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E004155D4); // executed
				 *0x4233d0 = _t1;
				return _t1;
			}




                                                                                                                                                                    0x0041561f
                                                                                                                                                                    0x00415625
                                                                                                                                                                    0x0041562a

                                                                                                                                                                    APIs
                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNELBASE(Function_000155D4), ref: 0041561F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                    • Opcode ID: c73d5215fbd9f9fa44ce3c8db65af6300706d886bcb472667e49ab47f89b2735
                                                                                                                                                                    • Instruction ID: 5929198a1c1d143ebb6d47ac1dc9c369120d6613942f0ebcbf50c4dd8c3cbf29
                                                                                                                                                                    • Opcode Fuzzy Hash: c73d5215fbd9f9fa44ce3c8db65af6300706d886bcb472667e49ab47f89b2735
                                                                                                                                                                    • Instruction Fuzzy Hash: 57A001B5A41605DA8A209F60A8095C5BE62A689B42B608166A811E5268DFB812419A69
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00401014, Relevance: 48.0, APIs: 8, Strings: 19, Instructions: 715windowsynchronizationCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 0 401014-40111e call 401a7b call 40218d * 4 GetCommandLineW call 401cb5 call 4038d7 call 403a63 call 40218d call 40460b call 40237b call 402340 call 401cb5 call 401e6f call 403b38 call 403a63 * 2 35 401120-40114f call 401e4e call 401daf call 403a63 call 40237b call 402340 0->35 36 401154-40117e call 40245b call 401b11 0->36 35->36 45 401180-401183 36->45 46 401199-4011c5 call 401cb5 call 40218d 36->46 48 401191-401194 45->48 49 401185-40118c call 410ec0 45->49 62 4014b2-4014d6 call 401c9d call 4052cf 46->62 63 4011cb-4011f0 call 402172 call 403de4 46->63 53 401a27-401a5a call 403a63 * 6 48->53 49->48 113 401a5d 53->113 80 4014f1-4014fd call 403a3d 62->80 81 4014d8-4014db 62->81 77 4011f2-4011f5 63->77 78 40120b-40129a call 401cb5 call 4040fd call 403a63 call 401cb5 call 4040fd call 403a63 call 401cb5 call 4040fd call 403a63 call 403b38 63->78 82 401203-401206 77->82 83 4011f7-4011fe call 410ec0 77->83 192 4012a2-4012ca call 401cb5 call 4040cb call 403a63 78->192 193 40129c 78->193 100 401512 80->100 101 4014ff-401510 call 401f2a 80->101 85 4014e9-4014ec 81->85 86 4014dd-4014e4 call 410ec0 81->86 90 40132c-401395 call 404349 call 404320 call 403a63 * 8 82->90 83->82 94 4019fb-401a24 call 40536a call 403a63 * 3 85->94 86->85 90->113 94->53 103 401514-401516 100->103 101->103 109 401518-40151a 103->109 110 40151e-401527 call 407f8e 103->110 109->110 126 401529-401535 call 410ec0 110->126 127 40153a-401582 call 401d16 call 40218d call 402efe 110->127 118 401a5f-401a63 113->118 141 40163d-40163f 126->141 154 401584-401587 127->154 155 4015f8-40161e call 403a63 call 401c9d call 404f70 call 404f2c 127->155 141->85 145 401645-40164b 141->145 145->85 159 4015f0-4015f3 154->159 160 401589-40158c 154->160 209 401650-401653 155->209 210 401620-40163c call 404f2c call 403a63 * 2 155->210 164 40191f-401933 call 403a63 * 2 159->164 165 401593-4015b6 call 405ed1 call 401daf call 403a63 160->165 166 40158e-401591 160->166 196 401935-401937 164->196 197 40193b-40199d call 40536a call 403a63 * 9 164->197 170 4015bb-4015c0 165->170 166->165 166->170 170->159 179 4015c2-4015c5 170->179 179->159 186 4015c7-4015ef call 405ed1 MessageBoxW call 403a63 179->186 186->159 229 4012e4-4012e7 192->229 230 4012cc-4012df call 401daf 192->230 193->192 196->197 197->118 213 4017b4-4017b7 209->213 214 401659-401690 call 401a66 209->214 210->141 220 4017b9-4017d0 call 401d50 call 4057af 213->220 221 4017ec-40185e call 401d16 call 405bad call 401cb5 call 401e8b call 403a63 * 2 call 401cb5 call 401e8b call 403a63 213->221 233 401692-401699 call 401e18 214->233 234 40169e-4016e2 call 401a66 ShellExecuteExA 214->234 220->221 254 4017d2-4017d5 220->254 340 401860-401871 call 401ded call 401e18 221->340 341 401876-4018f6 call 402635 call 401a66 call 403a63 CreateProcessA 221->341 240 40139a-4014ad call 401cb5 call 4040fd call 401daf call 403a63 * 2 call 401cb5 call 4040fd call 401daf call 403a63 * 2 call 401cb5 call 4040fd call 402635 call 401daf call 403a63 * 6 call 404349 call 404320 229->240 241 4012ed-4012f0 229->241 230->229 233->234 252 401798-4017af call 403a63 * 2 234->252 253 4016e8-4016eb 234->253 240->62 241->240 249 4012f6-401308 MessageBoxW 241->249 249->240 256 40130e-401329 call 403a63 * 3 249->256 295 4019bf-4019c2 252->295 259 4016f9-40172a call 403a63 * 2 call 404f2c call 403a63 * 2 253->259 260 4016ed-4016f4 call 410ec0 253->260 261 401914-40191c call 404f2c 254->261 262 4017db-4017e7 call 410ec0 254->262 256->90 329 401732-401793 call 40536a call 403a63 * 9 259->329 330 40172c-40172e 259->330 260->259 261->164 262->261 301 4019d4-4019f3 call 404f2c call 403a63 * 2 295->301 302 4019c4-4019ce WaitForSingleObject CloseHandle 295->302 301->94 335 4019f5-4019f7 301->335 302->301 329->118 330->329 335->94 340->341 363 4019a2-4019ba CloseHandle call 403a63 341->363 364 4018fc-4018ff 341->364 363->295 367 401901-401903 call 410ef6 364->367 368 401908-401913 call 403a63 364->368 367->368 368->261
                                                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                                                    			E00401014(void* __eflags, intOrPtr _a4, signed int _a7) {
				signed int _v5;
				char _v20;
				struct HWND__* _v24;
				struct HWND__* _v28;
				char _v32;
				struct HWND__* _v36;
				signed int _v40;
				signed int _v44;
				struct HWND__* _v48;
				struct HWND__* _v52;
				char _v56;
				WCHAR* _v68;
				struct HWND__* _v72;
				struct HWND__* _v76;
				char _v80;
				struct HWND__* _v84;
				struct HWND__* _v88;
				char _v92;
				struct HWND__* _v96;
				struct HWND__* _v100;
				char _v104;
				struct HWND__* _v108;
				struct HWND__* _v112;
				char _v116;
				char _v128;
				char _v140;
				char _v144;
				struct HWND__* _v148;
				struct HWND__* _v152;
				char _v156;
				intOrPtr _v164;
				char _v176;
				char _v188;
				char _v200;
				char _v204;
				CHAR* _v216;
				char _v228;
				struct _PROCESS_INFORMATION _v244;
				struct _STARTUPINFOA _v312;
				void* __ebp;
				char _t285;
				intOrPtr* _t299;
				void* _t302;
				void* _t307;
				signed int _t311;
				signed int _t313;
				signed int _t320;
				signed int _t324;
				signed int _t345;
				void* _t380;
				signed int _t388;
				signed int _t439;
				signed int _t452;
				int _t482;
				void* _t639;
				void* _t640;
				void* _t655;
				void* _t656;
				intOrPtr _t657;
				signed int _t660;
				signed int _t661;
				char** _t662;

				 *0x423164 = _a4;
				_t285 = E00401A7B();
				_t655 = 3;
				 *0x423168 = _t285;
				_v156 = 0;
				_v152 = 0;
				_v148 = 0;
				E0040218D( &_v156, _t655);
				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				E0040218D( &_v32, _t655);
				_v80 = 0;
				_v76 = 0;
				_v72 = 0;
				E0040218D( &_v80, _t655);
				_v116 = 0;
				_v112 = 0;
				_v108 = 0;
				E0040218D( &_v116, _t655);
				E00401CB5( &_v68, GetCommandLineW());
				_push( &_v32);
				E004038D7( &_v68,  &_v156);
				E00403A63(_v68);
				_v104 = 0;
				_v100 = 0;
				_v96 = 0;
				E0040218D( &_v104, _t655);
				E0040460B( &_v104);
				E0040237B( &_v32);
				E00402340( &_v32,  &_v156);
				_a7 = 0;
				_t299 = E00401CB5( &_v68, L"-y");
				E00401E6F( &_v32,  &_v20, 2);
				_t630 =  *_t299;
				_t302 = E00403B38( *_t299);
				E00403A63(_v20);
				E00403A63(_v68);
				_t668 = _t302;
				if(_t302 == 0) {
					_a7 = 1;
					E00401DAF( &_v32, E00401E4E( &_v32,  &_v20, 2));
					E00403A63(_v20);
					E0040237B( &_v32);
					E00402340( &_v32, _t630);
				}
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				E0040245B( &_v92, _t655);
				_push( &_v92);
				_push(";!@InstallEnd@!");
				_t307 = E00401B11(_v104, ";!@Install@!UTF-8!", _t668); // executed
				if(_t307 != 0) {
					E00401CB5( &_v200, L".\\");
					_v56 = 0;
					_v52 = 0;
					_v48 = 0;
					E0040218D( &_v56, _t655);
					__eflags = _v88;
					_v204 = 1;
					if(_v88 == 0) {
						L21:
						_v144 = 0;
						E00401C9D( &_v140);
						_push( *0x420060);
						_t311 = E004052CF( &_v144, __eflags); // executed
						__eflags = _t311;
						if(_t311 != 0) {
							_push(0x1c);
							_t660 = E00403A3D();
							__eflags = _t660;
							if(_t660 == 0) {
								_t660 = 0;
								__eflags = 0;
							} else {
								_t139 = _t660 + 8; // 0x8
								 *((intOrPtr*)(_t660 + 4)) = 0;
								E00401F2A(_t139);
								 *_t660 = 0x41b330;
							}
							__eflags = _t660;
							if(_t660 != 0) {
								 *((intOrPtr*)( *_t660 + 4))(_t660);
							}
							_t313 = E00407F8E(_t660);
							__eflags = _t313;
							if(_t313 == 0) {
								E00401D16( &_v188,  &_v140);
								_v5 = 0;
								_v44 = 0;
								_v40 = 0;
								_v36 = 0;
								E0040218D( &_v44, _t655);
								_push( &_v44);
								_push( &_v5);
								_push(_v204);
								_push( &_v188); // executed
								_t320 = E00402EFE(_t660,  &_v104, __eflags); // executed
								__eflags = _t320;
								if(_t320 == 0) {
									E00403A63(_v44);
									E00401C9D( &_v128);
									E00404F70( &_v128);
									_t324 = E00404F2C(_v140); // executed
									__eflags = _t324;
									if(_t324 != 0) {
										__eflags = _v76;
										if(_v76 == 0) {
											__eflags = _v52;
											if(_v52 != 0) {
												L59:
												E00401D16( &_v68,  &_v188);
												E00405BAD( &_v68);
												E00401CB5( &_v20, L"%%T\\");
												E00401E8B( &_v56,  &_v20,  &_v68);
												E00403A63(_v20);
												E00403A63(_v68);
												E00401CB5( &_v20, L"%%T");
												E00401E8B( &_v56,  &_v20,  &_v188);
												E00403A63(_v20);
												__eflags = _v28;
												if(_v28 != 0) {
													E00401DED( &_v56, 0x20);
													E00401E18( &_v56,  &_v32);
												}
												_push( &_v56);
												_v312.cb = 0x44;
												_v312.lpReserved = 0;
												_v312.lpDesktop.cbSize = 0;
												_v312.lpTitle = 0;
												_v312.dwFlags = 0;
												_v312.cbReserved2 = 0;
												_v312.lpReserved2 = 0;
												E00402635( &_v228,  &_v200);
												E00401A66();
												E00403A63(_v228);
												_t345 = CreateProcessA(0, _v216, 0, 0, 0, 0, 0, 0,  &_v312,  &_v244); // executed
												__eflags = _t345;
												if(_t345 != 0) {
													CloseHandle(_v244.hThread);
													_t656 = _v244.hProcess;
													E00403A63(_v216);
													L70:
													__eflags = _t656;
													if(_t656 != 0) {
														WaitForSingleObject(_t656, 0xffffffff);
														CloseHandle(_t656);
													}
													E00404F2C(_v128);
													E00403A63(_v128);
													E00403A63(_v188);
													__eflags = _t660;
													if(_t660 != 0) {
														 *((intOrPtr*)( *_t660 + 8))(_t660);
													}
													goto L74;
												} else {
													__eflags = _a7;
													if(_a7 == 0) {
														__eflags = 0;
														E00410EF6(0, 0);
													}
													E00403A63(_v216);
													L65:
													E00404F2C(_v128);
													_push(_v128);
													L66:
													E00403A63();
													E00403A63(_v188);
													__eflags = _t660;
													if(_t660 != 0) {
														 *((intOrPtr*)( *_t660 + 8))(_t660);
													}
													E0040536A( &_v144);
													E00403A63(_v140);
													E00403A63(_v56);
													E00403A63(_v200);
													E00403A63(_v92);
													E00403A63(_v104);
													E00403A63(_v116);
													E00403A63(_v80);
													E00403A63(_v32);
													E00403A63(_v156);
													_t380 = 1;
													return _t380;
												}
											}
											E00401D50( &_v56, L"setup.exe");
											_t388 = E004057AF(_v56, __eflags);
											__eflags = _t388;
											if(_t388 != 0) {
												goto L59;
											}
											__eflags = _a7;
											if(_a7 == 0) {
												E00410EC0(0, L"Can not find setup.exe");
											}
											goto L65;
										}
										E00401A66();
										__eflags = _v28;
										_v312.lpDesktop.cbSize = 0x3c;
										_v312.lpTitle = 0x140;
										_v312.dwX = 0;
										_v312.dwY = 0;
										_v312.dwXSize = _v68;
										if(_v28 != 0) {
											E00401E18( &_v116,  &_v32);
										}
										E00401A66();
										asm("sbb eax, eax");
										_t657 = 1;
										_v312.dwXCountChars = 0;
										_v312.dwYCountChars = _t657;
										_v312.hStdError = 0;
										_v312.dwYSize =  ~_v40 & _v44;
										ShellExecuteExA( &(_v312.lpDesktop));
										__eflags = _v312.dwFillAttribute - 0x20;
										if(_v312.dwFillAttribute > 0x20) {
											_t656 = _v312.hStdError;
											E00403A63(_v44);
											E00403A63(_v68);
											goto L70;
										} else {
											__eflags = _a7;
											if(_a7 == 0) {
												__eflags = 0;
												E00410EC0(0, L"Can not open file");
											}
											E00403A63(_v44);
											E00403A63(_v68);
											E00404F2C(_v128);
											E00403A63(_v128);
											E00403A63(_v188);
											__eflags = _t660;
											if(_t660 != 0) {
												 *((intOrPtr*)( *_t660 + 8))(_t660);
											}
											E0040536A( &_v144);
											E00403A63(_v140);
											E00403A63(_v56);
											E00403A63(_v200);
											E00403A63(_v92);
											E00403A63(_v104);
											E00403A63(_v116);
											E00403A63(_v80);
											E00403A63(_v32);
											E00403A63(_v156);
											return _t657;
										}
									}
									E00404F2C(_v128);
									E00403A63(_v128);
									E00403A63(_v188);
									goto L43;
								}
								__eflags = _a7;
								if(_a7 != 0) {
									L40:
									_push(_v44);
									goto L66;
								}
								__eflags = _t320 - 1;
								if(_t320 == 1) {
									L36:
									_t639 = 8;
									E00401DAF( &_v44, E00405ED1(_t639));
									E00403A63(_v228);
									_t320 = 0x80004005;
									L37:
									__eflags = _t320 - 0x80004004;
									if(_t320 != 0x80004004) {
										__eflags = _v40;
										if(_v40 != 0) {
											_t640 = 7;
											MessageBoxW(0, _v44,  *(E00405ED1(_t640)), 0x10);
											E00403A63(_v228);
										}
									}
									goto L40;
								}
								__eflags = _v5;
								if(_v5 == 0) {
									goto L37;
								}
								goto L36;
							} else {
								E00410EC0(0, L"Can not load codecs");
								L43:
								__eflags = _t660;
								if(_t660 != 0) {
									 *((intOrPtr*)( *_t660 + 8))(_t660);
								}
								L24:
								_push(1);
								_pop(0);
								L74:
								E0040536A( &_v144);
								E00403A63(_v140);
								E00403A63(_v56);
								E00403A63(_v200);
								_t662 =  &(_t662[3]);
								goto L75;
							}
						}
						__eflags = _a7;
						if(_a7 == 0) {
							__eflags = 0;
							E00410EC0(0, L"Can not create temp folder archive");
						}
						goto L24;
					}
					E00402172( &_v176);
					_v176 = 0x41b33c;
					_t439 = E00403DE4( &_v92,  &_v176);
					__eflags = _t439;
					if(_t439 != 0) {
						E00401CB5( &_v20, L"Title");
						E004040FD( &_v68,  &_v176,  &_v20);
						E00403A63(_v20);
						 *_t662 = L"BeginPrompt";
						E00401CB5( &_v20);
						E004040FD( &_v44,  &_v176,  &_v20);
						E00403A63(_v20);
						 *_t662 = L"Progress";
						E00401CB5( &_v20);
						E004040FD( &_v216,  &_v176,  &_v20);
						E00403A63(_v20);
						_t452 = E00403B38(L"no");
						__eflags = _t452;
						if(_t452 == 0) {
							_v204 = 0;
						}
						E00401CB5( &_v20, L"Directory");
						_t661 = E004040CB( &_v176,  &_v20);
						E00403A63(_v20);
						__eflags = _t661;
						if(_t661 >= 0) {
							__eflags =  *((intOrPtr*)(_v164 + _t661 * 4)) + 0xc;
							E00401DAF( &_v200,  *((intOrPtr*)(_v164 + _t661 * 4)) + 0xc);
						}
						__eflags = _v40;
						if(_v40 == 0) {
							L20:
							E00401CB5( &_v20, L"RunProgram");
							E00401DAF( &_v56, E004040FD( &(_v244.hThread),  &_v176,  &_v20));
							E00403A63(_v244.hThread);
							E00403A63(_v20);
							E00401CB5( &_v20, L"ExecuteFile");
							E00401DAF( &_v80, E004040FD( &(_v244.hThread),  &_v176,  &_v20));
							E00403A63(_v244.hThread);
							E00403A63(_v20);
							E00401CB5( &_v20, L"ExecuteParameters");
							_push( &_v32);
							E00401DAF( &_v116, E00402635( &(_v244.hThread), E004040FD( &_v228,  &_v176,  &_v20)));
							E00403A63(_v244.hThread);
							E00403A63(_v228);
							E00403A63(_v20);
							E00403A63(_v216);
							E00403A63(_v44);
							E00403A63(_v68);
							_t662 =  &(_t662[6]);
							_v176 = 0x41b33c;
							E00404349();
							E00404320( &_v176);
							goto L21;
						} else {
							__eflags = _a7;
							if(_a7 != 0) {
								goto L20;
							}
							_t482 = MessageBoxW(0, _v44, _v68, 0x24);
							__eflags = _t482 - 6;
							if(_t482 == 6) {
								goto L20;
							}
							E00403A63(_v216);
							E00403A63(_v44);
							E00403A63(_v68);
							_t662 =  &(_t662[3]);
							L19:
							_v176 = 0x41b33c;
							E00404349();
							E00404320( &_v176);
							E00403A63(_v56);
							E00403A63(_v200);
							E00403A63(_v92);
							E00403A63(_v104);
							E00403A63(_v116);
							E00403A63(_v80);
							E00403A63(_v32);
							E00403A63(_v156);
							goto L76;
						}
					}
					__eflags = _a7;
					if(_a7 == 0) {
						__eflags = 0;
						E00410EC0(0, L"Config failed");
					}
					_push(1);
					_pop(0);
					goto L19;
				} else {
					if(_a7 == 0) {
						E00410EC0(0, L"Can\'t load config info");
					}
					_push(1);
					_pop(0);
					L75:
					E00403A63(_v92);
					E00403A63(_v104);
					E00403A63(_v116);
					E00403A63(_v80);
					E00403A63(_v32);
					E00403A63(_v156);
					L76:
					return 0;
				}
			}

































































                                                                                                                                                                    0x00401023
                                                                                                                                                                    0x00401028
                                                                                                                                                                    0x00401031
                                                                                                                                                                    0x00401039
                                                                                                                                                                    0x0040103e
                                                                                                                                                                    0x00401044
                                                                                                                                                                    0x0040104a
                                                                                                                                                                    0x00401050
                                                                                                                                                                    0x00401059
                                                                                                                                                                    0x0040105c
                                                                                                                                                                    0x0040105f
                                                                                                                                                                    0x00401062
                                                                                                                                                                    0x0040106b
                                                                                                                                                                    0x0040106e
                                                                                                                                                                    0x00401071
                                                                                                                                                                    0x00401074
                                                                                                                                                                    0x0040107d
                                                                                                                                                                    0x00401080
                                                                                                                                                                    0x00401083
                                                                                                                                                                    0x00401086
                                                                                                                                                                    0x00401095
                                                                                                                                                                    0x004010a3
                                                                                                                                                                    0x004010a7
                                                                                                                                                                    0x004010af
                                                                                                                                                                    0x004010b5
                                                                                                                                                                    0x004010bc
                                                                                                                                                                    0x004010bf
                                                                                                                                                                    0x004010c2
                                                                                                                                                                    0x004010ca
                                                                                                                                                                    0x004010d2
                                                                                                                                                                    0x004010da
                                                                                                                                                                    0x004010e7
                                                                                                                                                                    0x004010ea
                                                                                                                                                                    0x004010fa
                                                                                                                                                                    0x004010ff
                                                                                                                                                                    0x00401103
                                                                                                                                                                    0x0040110d
                                                                                                                                                                    0x00401115
                                                                                                                                                                    0x0040111b
                                                                                                                                                                    0x0040111e
                                                                                                                                                                    0x00401129
                                                                                                                                                                    0x00401136
                                                                                                                                                                    0x0040113e
                                                                                                                                                                    0x00401147
                                                                                                                                                                    0x0040114f
                                                                                                                                                                    0x0040114f
                                                                                                                                                                    0x00401158
                                                                                                                                                                    0x0040115b
                                                                                                                                                                    0x0040115e
                                                                                                                                                                    0x00401161
                                                                                                                                                                    0x0040116c
                                                                                                                                                                    0x0040116d
                                                                                                                                                                    0x00401177
                                                                                                                                                                    0x0040117e
                                                                                                                                                                    0x004011a4
                                                                                                                                                                    0x004011ad
                                                                                                                                                                    0x004011b0
                                                                                                                                                                    0x004011b3
                                                                                                                                                                    0x004011b6
                                                                                                                                                                    0x004011bb
                                                                                                                                                                    0x004011be
                                                                                                                                                                    0x004011c5
                                                                                                                                                                    0x004014b2
                                                                                                                                                                    0x004014b8
                                                                                                                                                                    0x004014be
                                                                                                                                                                    0x004014c3
                                                                                                                                                                    0x004014cf
                                                                                                                                                                    0x004014d4
                                                                                                                                                                    0x004014d6
                                                                                                                                                                    0x004014f1
                                                                                                                                                                    0x004014f8
                                                                                                                                                                    0x004014fb
                                                                                                                                                                    0x004014fd
                                                                                                                                                                    0x00401512
                                                                                                                                                                    0x00401512
                                                                                                                                                                    0x004014ff
                                                                                                                                                                    0x004014ff
                                                                                                                                                                    0x00401502
                                                                                                                                                                    0x00401505
                                                                                                                                                                    0x0040150a
                                                                                                                                                                    0x0040150a
                                                                                                                                                                    0x00401514
                                                                                                                                                                    0x00401516
                                                                                                                                                                    0x0040151b
                                                                                                                                                                    0x0040151b
                                                                                                                                                                    0x00401520
                                                                                                                                                                    0x00401525
                                                                                                                                                                    0x00401527
                                                                                                                                                                    0x00401547
                                                                                                                                                                    0x00401550
                                                                                                                                                                    0x00401553
                                                                                                                                                                    0x00401556
                                                                                                                                                                    0x00401559
                                                                                                                                                                    0x0040155c
                                                                                                                                                                    0x00401567
                                                                                                                                                                    0x0040156b
                                                                                                                                                                    0x00401572
                                                                                                                                                                    0x0040157a
                                                                                                                                                                    0x0040157b
                                                                                                                                                                    0x00401580
                                                                                                                                                                    0x00401582
                                                                                                                                                                    0x004015fb
                                                                                                                                                                    0x00401604
                                                                                                                                                                    0x0040160c
                                                                                                                                                                    0x00401617
                                                                                                                                                                    0x0040161c
                                                                                                                                                                    0x0040161e
                                                                                                                                                                    0x00401650
                                                                                                                                                                    0x00401653
                                                                                                                                                                    0x004017b4
                                                                                                                                                                    0x004017b7
                                                                                                                                                                    0x004017ec
                                                                                                                                                                    0x004017f6
                                                                                                                                                                    0x004017fe
                                                                                                                                                                    0x0040180b
                                                                                                                                                                    0x0040181b
                                                                                                                                                                    0x00401823
                                                                                                                                                                    0x0040182b
                                                                                                                                                                    0x0040183a
                                                                                                                                                                    0x0040184d
                                                                                                                                                                    0x00401855
                                                                                                                                                                    0x0040185a
                                                                                                                                                                    0x0040185e
                                                                                                                                                                    0x00401865
                                                                                                                                                                    0x00401871
                                                                                                                                                                    0x00401871
                                                                                                                                                                    0x0040187f
                                                                                                                                                                    0x00401886
                                                                                                                                                                    0x00401890
                                                                                                                                                                    0x00401896
                                                                                                                                                                    0x0040189c
                                                                                                                                                                    0x004018a2
                                                                                                                                                                    0x004018a8
                                                                                                                                                                    0x004018af
                                                                                                                                                                    0x004018b5
                                                                                                                                                                    0x004018c2
                                                                                                                                                                    0x004018cd
                                                                                                                                                                    0x004018ee
                                                                                                                                                                    0x004018f4
                                                                                                                                                                    0x004018f6
                                                                                                                                                                    0x004019a8
                                                                                                                                                                    0x004019b4
                                                                                                                                                                    0x004019ba
                                                                                                                                                                    0x004019bf
                                                                                                                                                                    0x004019bf
                                                                                                                                                                    0x004019c2
                                                                                                                                                                    0x004019c7
                                                                                                                                                                    0x004019ce
                                                                                                                                                                    0x004019ce
                                                                                                                                                                    0x004019d7
                                                                                                                                                                    0x004019df
                                                                                                                                                                    0x004019ea
                                                                                                                                                                    0x004019f0
                                                                                                                                                                    0x004019f3
                                                                                                                                                                    0x004019f8
                                                                                                                                                                    0x004019f8
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004018fc
                                                                                                                                                                    0x004018fc
                                                                                                                                                                    0x004018ff
                                                                                                                                                                    0x00401901
                                                                                                                                                                    0x00401903
                                                                                                                                                                    0x00401903
                                                                                                                                                                    0x0040190e
                                                                                                                                                                    0x00401914
                                                                                                                                                                    0x00401917
                                                                                                                                                                    0x0040191c
                                                                                                                                                                    0x0040191f
                                                                                                                                                                    0x0040191f
                                                                                                                                                                    0x0040192a
                                                                                                                                                                    0x00401930
                                                                                                                                                                    0x00401933
                                                                                                                                                                    0x00401938
                                                                                                                                                                    0x00401938
                                                                                                                                                                    0x00401941
                                                                                                                                                                    0x0040194c
                                                                                                                                                                    0x00401954
                                                                                                                                                                    0x0040195f
                                                                                                                                                                    0x00401967
                                                                                                                                                                    0x0040196f
                                                                                                                                                                    0x00401977
                                                                                                                                                                    0x0040197f
                                                                                                                                                                    0x00401987
                                                                                                                                                                    0x00401992
                                                                                                                                                                    0x0040199c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040199c
                                                                                                                                                                    0x004018f6
                                                                                                                                                                    0x004017c1
                                                                                                                                                                    0x004017c9
                                                                                                                                                                    0x004017ce
                                                                                                                                                                    0x004017d0
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004017d2
                                                                                                                                                                    0x004017d5
                                                                                                                                                                    0x004017e2
                                                                                                                                                                    0x004017e2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004017d5
                                                                                                                                                                    0x0040165f
                                                                                                                                                                    0x00401667
                                                                                                                                                                    0x0040166a
                                                                                                                                                                    0x00401674
                                                                                                                                                                    0x0040167e
                                                                                                                                                                    0x00401684
                                                                                                                                                                    0x0040168a
                                                                                                                                                                    0x00401690
                                                                                                                                                                    0x00401699
                                                                                                                                                                    0x00401699
                                                                                                                                                                    0x004016a4
                                                                                                                                                                    0x004016b0
                                                                                                                                                                    0x004016b2
                                                                                                                                                                    0x004016b6
                                                                                                                                                                    0x004016bc
                                                                                                                                                                    0x004016c2
                                                                                                                                                                    0x004016c8
                                                                                                                                                                    0x004016d5
                                                                                                                                                                    0x004016db
                                                                                                                                                                    0x004016e2
                                                                                                                                                                    0x0040179b
                                                                                                                                                                    0x004017a1
                                                                                                                                                                    0x004017a9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004016e8
                                                                                                                                                                    0x004016e8
                                                                                                                                                                    0x004016eb
                                                                                                                                                                    0x004016f2
                                                                                                                                                                    0x004016f4
                                                                                                                                                                    0x004016f4
                                                                                                                                                                    0x004016fc
                                                                                                                                                                    0x00401704
                                                                                                                                                                    0x0040170e
                                                                                                                                                                    0x00401716
                                                                                                                                                                    0x00401721
                                                                                                                                                                    0x00401727
                                                                                                                                                                    0x0040172a
                                                                                                                                                                    0x0040172f
                                                                                                                                                                    0x0040172f
                                                                                                                                                                    0x00401738
                                                                                                                                                                    0x00401743
                                                                                                                                                                    0x0040174b
                                                                                                                                                                    0x00401756
                                                                                                                                                                    0x0040175e
                                                                                                                                                                    0x00401766
                                                                                                                                                                    0x0040176e
                                                                                                                                                                    0x00401776
                                                                                                                                                                    0x0040177e
                                                                                                                                                                    0x00401789
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401791
                                                                                                                                                                    0x004016e2
                                                                                                                                                                    0x00401623
                                                                                                                                                                    0x0040162b
                                                                                                                                                                    0x00401636
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040163c
                                                                                                                                                                    0x00401584
                                                                                                                                                                    0x00401587
                                                                                                                                                                    0x004015f0
                                                                                                                                                                    0x004015f0
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004015f0
                                                                                                                                                                    0x00401589
                                                                                                                                                                    0x0040158c
                                                                                                                                                                    0x00401593
                                                                                                                                                                    0x0040159b
                                                                                                                                                                    0x004015a5
                                                                                                                                                                    0x004015b0
                                                                                                                                                                    0x004015b6
                                                                                                                                                                    0x004015bb
                                                                                                                                                                    0x004015bb
                                                                                                                                                                    0x004015c0
                                                                                                                                                                    0x004015c2
                                                                                                                                                                    0x004015c5
                                                                                                                                                                    0x004015cf
                                                                                                                                                                    0x004015de
                                                                                                                                                                    0x004015ea
                                                                                                                                                                    0x004015ef
                                                                                                                                                                    0x004015c5
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004015c0
                                                                                                                                                                    0x0040158e
                                                                                                                                                                    0x00401591
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401529
                                                                                                                                                                    0x00401530
                                                                                                                                                                    0x0040163d
                                                                                                                                                                    0x0040163d
                                                                                                                                                                    0x0040163f
                                                                                                                                                                    0x00401648
                                                                                                                                                                    0x00401648
                                                                                                                                                                    0x004014e9
                                                                                                                                                                    0x004014e9
                                                                                                                                                                    0x004014eb
                                                                                                                                                                    0x004019fb
                                                                                                                                                                    0x00401a01
                                                                                                                                                                    0x00401a0c
                                                                                                                                                                    0x00401a14
                                                                                                                                                                    0x00401a1f
                                                                                                                                                                    0x00401a24
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401a24
                                                                                                                                                                    0x00401527
                                                                                                                                                                    0x004014d8
                                                                                                                                                                    0x004014db
                                                                                                                                                                    0x004014e2
                                                                                                                                                                    0x004014e4
                                                                                                                                                                    0x004014e4
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004014db
                                                                                                                                                                    0x004011d1
                                                                                                                                                                    0x004011df
                                                                                                                                                                    0x004011e9
                                                                                                                                                                    0x004011ee
                                                                                                                                                                    0x004011f0
                                                                                                                                                                    0x00401213
                                                                                                                                                                    0x00401225
                                                                                                                                                                    0x0040122d
                                                                                                                                                                    0x00401235
                                                                                                                                                                    0x0040123c
                                                                                                                                                                    0x0040124e
                                                                                                                                                                    0x00401256
                                                                                                                                                                    0x0040125e
                                                                                                                                                                    0x00401265
                                                                                                                                                                    0x0040127a
                                                                                                                                                                    0x00401282
                                                                                                                                                                    0x00401293
                                                                                                                                                                    0x00401298
                                                                                                                                                                    0x0040129a
                                                                                                                                                                    0x0040129c
                                                                                                                                                                    0x0040129c
                                                                                                                                                                    0x004012aa
                                                                                                                                                                    0x004012c0
                                                                                                                                                                    0x004012c2
                                                                                                                                                                    0x004012c7
                                                                                                                                                                    0x004012ca
                                                                                                                                                                    0x004012db
                                                                                                                                                                    0x004012df
                                                                                                                                                                    0x004012df
                                                                                                                                                                    0x004012e4
                                                                                                                                                                    0x004012e7
                                                                                                                                                                    0x0040139a
                                                                                                                                                                    0x004013a2
                                                                                                                                                                    0x004013c0
                                                                                                                                                                    0x004013cb
                                                                                                                                                                    0x004013d3
                                                                                                                                                                    0x004013e2
                                                                                                                                                                    0x00401400
                                                                                                                                                                    0x0040140b
                                                                                                                                                                    0x00401413
                                                                                                                                                                    0x00401422
                                                                                                                                                                    0x00401430
                                                                                                                                                                    0x00401451
                                                                                                                                                                    0x0040145c
                                                                                                                                                                    0x00401467
                                                                                                                                                                    0x0040146f
                                                                                                                                                                    0x0040147a
                                                                                                                                                                    0x00401482
                                                                                                                                                                    0x0040148a
                                                                                                                                                                    0x0040148f
                                                                                                                                                                    0x00401498
                                                                                                                                                                    0x004014a2
                                                                                                                                                                    0x004014ad
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004012ed
                                                                                                                                                                    0x004012ed
                                                                                                                                                                    0x004012f0
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004012ff
                                                                                                                                                                    0x00401305
                                                                                                                                                                    0x00401308
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401314
                                                                                                                                                                    0x0040131c
                                                                                                                                                                    0x00401324
                                                                                                                                                                    0x00401329
                                                                                                                                                                    0x0040132c
                                                                                                                                                                    0x00401332
                                                                                                                                                                    0x0040133c
                                                                                                                                                                    0x00401347
                                                                                                                                                                    0x0040134f
                                                                                                                                                                    0x0040135a
                                                                                                                                                                    0x00401362
                                                                                                                                                                    0x0040136a
                                                                                                                                                                    0x00401372
                                                                                                                                                                    0x0040137a
                                                                                                                                                                    0x00401382
                                                                                                                                                                    0x0040138d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401392
                                                                                                                                                                    0x004012e7
                                                                                                                                                                    0x004011f2
                                                                                                                                                                    0x004011f5
                                                                                                                                                                    0x004011fc
                                                                                                                                                                    0x004011fe
                                                                                                                                                                    0x004011fe
                                                                                                                                                                    0x00401203
                                                                                                                                                                    0x00401205
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401180
                                                                                                                                                                    0x00401183
                                                                                                                                                                    0x0040118c
                                                                                                                                                                    0x0040118c
                                                                                                                                                                    0x00401191
                                                                                                                                                                    0x00401193
                                                                                                                                                                    0x00401a27
                                                                                                                                                                    0x00401a2a
                                                                                                                                                                    0x00401a32
                                                                                                                                                                    0x00401a3a
                                                                                                                                                                    0x00401a42
                                                                                                                                                                    0x00401a4a
                                                                                                                                                                    0x00401a55
                                                                                                                                                                    0x00401a5d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401a5d

                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00401A7B: GetVersionExA.KERNEL32(?), ref: 00401A95
                                                                                                                                                                    • GetCommandLineW.KERNEL32(00000003,00000003,00000003,00000003,?,00000000), ref: 0040108B
                                                                                                                                                                      • Part of subcall function 004038D7: __EH_prolog.LIBCMT ref: 004038DC
                                                                                                                                                                      • Part of subcall function 0040460B: __EH_prolog.LIBCMT ref: 00404610
                                                                                                                                                                      • Part of subcall function 0040460B: GetModuleFileNameA.KERNEL32(00400000,?,00000105,00000000,00000000), ref: 00404649
                                                                                                                                                                      • Part of subcall function 0040237B: __EH_prolog.LIBCMT ref: 00402380
                                                                                                                                                                      • Part of subcall function 00402340: __EH_prolog.LIBCMT ref: 00402345
                                                                                                                                                                      • Part of subcall function 00403DE4: __EH_prolog.LIBCMT ref: 00403DE9
                                                                                                                                                                    • MessageBoxW.USER32(00000000,?,?,00000010), ref: 004015DE
                                                                                                                                                                    • ShellExecuteExA.SHELL32(0000003C,?,00000001,?,?,00000003,?,00000003,00420240,;!@InstallEnd@!,?,00000003,00000000,00000002,00420278,00000003), ref: 004016D5
                                                                                                                                                                    • MessageBoxW.USER32(00000000,?,?,00000024), ref: 004012FF
                                                                                                                                                                      • Part of subcall function 00410EC0: MessageBoxW.USER32(00000000,?,7-Zip,00000010), ref: 00410EC9
                                                                                                                                                                      • Part of subcall function 00402EFE: __EH_prolog.LIBCMT ref: 00402F03
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000000), ref: 004019A8
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000), ref: 004019C7
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000000), ref: 004019CE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog$Message$CloseHandle$CommandExecuteFileLineModuleNameObjectShellSingleVersionWait
                                                                                                                                                                    • String ID: $%%T$%%T\$;!@Install@!UTF-8!$;!@InstallEnd@!$<$Can not create temp folder archive$Can not find setup.exe$Can not load codecs$Can not open file$Can't load config info$Config failed$D$Directory$ExecuteFile$ExecuteParameters$RunProgram$Title$setup.exe
                                                                                                                                                                    • API String ID: 785510900-2114487665
                                                                                                                                                                    • Opcode ID: b600714a671df9a3d5fc716cc4c9e3c9a4f8f064de660c7cce450a41e6d9557d
                                                                                                                                                                    • Instruction ID: f92d1a5b025e5f1856d93d01be2b226abe75c3e6546c85d9ed47549f0c040395
                                                                                                                                                                    • Opcode Fuzzy Hash: b600714a671df9a3d5fc716cc4c9e3c9a4f8f064de660c7cce450a41e6d9557d
                                                                                                                                                                    • Instruction Fuzzy Hash: 485228719002199ACF25EFA5DC82AEDBB75AF04308F1040BFE156721F2DA395B86CF58
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040AB05, Relevance: 14.2, APIs: 9, Instructions: 682COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 404 40ab05-40ab29 call 413724 call 40d5a3 409 40b0c3-40b0c8 404->409 410 40ab2f-40ab65 call 402172 call 4130e0 call 4062e7 404->410 411 40b3f1-40b3ff 409->411 418 40ab6b 410->418 419 40ac4c-40ac83 call 40aab0 call 40b761 call 40b402 410->419 420 40ab6e-40ab78 call 403a3d 418->420 434 40aca2-40acb2 call 404349 419->434 435 40ac85-40ac9c call 40b519 419->435 427 40ab88 420->427 428 40ab7a-40ab86 420->428 430 40ab8a-40ab8f 427->430 428->430 432 40ab91-40ab93 430->432 433 40ab97-40abc2 call 403a3d 430->433 432->433 442 40abc4-40abd4 433->442 443 40abd6 433->443 445 40acb4-40acba 434->445 446 40acbd-40acc1 434->446 435->434 444 40ae5d-40ae73 435->444 447 40abd8-40abdd 442->447 443->447 458 40ae79-40ae7c 444->458 459 40b2ab-40b2cd call 40a1fc 444->459 445->446 450 40acc3-40acd7 call 403a3d 446->450 451 40ad04-40ad16 446->451 448 40abe5-40ac1e call 4062e7 call 40a3de 447->448 449 40abdf-40abe1 447->449 481 40ac20-40ac22 448->481 482 40ac26-40ac2c 448->482 449->448 461 40ace2 450->461 462 40acd9-40ace0 call 40b626 450->462 466 40ad18-40ad5a call 404320 call 409739 DeleteCriticalSection call 40a594 451->466 467 40ad5f-40ad65 451->467 465 40ae7f-40aeb4 458->465 477 40b2d8-40b2db 459->477 478 40b2cf-40b2d5 459->478 471 40ace4-40acf8 call 4062e7 461->471 462->471 493 40aeb6-40aebf 465->493 494 40aedf-40aee5 465->494 537 40b321-40b335 call 404349 call 404320 466->537 473 40ae4b-40ae5a call 40b735 467->473 474 40ad6b-40ad8f call 406297 467->474 502 40acfa-40acfd 471->502 503 40acff 471->503 473->444 490 40ad94-40ad98 474->490 486 40b33a-40b36a call 403291 call 40439a 477->486 487 40b2dd-40b31f call 404320 call 409739 DeleteCriticalSection call 40a594 477->487 478->477 481->482 491 40ac34-40ac43 482->491 492 40ac2e-40ac30 482->492 552 40b385-40b3a4 486->552 553 40b36c-40b383 call 40a528 486->553 487->537 504 40af83-40af8c 490->504 505 40ad9e-40ada9 490->505 491->420 506 40ac49 491->506 492->491 495 40aec5-40aed6 493->495 496 40b16e-40b174 493->496 499 40aee7-40aee9 494->499 500 40aeed-40af35 call 403291 * 2 call 40439a * 2 494->500 530 40b1c5-40b1ce 495->530 531 40aedc 495->531 512 40b176-40b178 496->512 513 40b17c-40b1c3 call 404320 call 409739 DeleteCriticalSection call 40a594 496->513 499->500 608 40af37-40af4d call 40a528 500->608 609 40af4f-40af55 500->609 509 40ad01 502->509 503->509 514 40af94-40af9d 504->514 515 40af8e-40af90 504->515 516 40add7-40addb 505->516 517 40adab-40adaf 505->517 506->419 509->451 512->513 593 40b218-40b22e call 404349 call 404320 513->593 527 40afa5-40afe9 call 404320 call 409739 DeleteCriticalSection call 40a594 514->527 528 40af9f-40afa1 514->528 515->514 519 40ade1-40adf0 call 4062e7 516->519 520 40b05c-40b065 516->520 517->516 525 40adb1-40adb6 517->525 558 40adf2-40adf8 call 409ed8 519->558 559 40adfd-40ae12 call 40b876 519->559 535 40b067-40b069 520->535 536 40b06d-40b0be call 404320 call 409739 DeleteCriticalSection call 40a594 call 404349 call 404320 520->536 539 40adbc-40adc8 call 4062e7 525->539 540 40afee-40aff7 525->540 527->537 528->527 544 40b1d0-40b1d2 530->544 545 40b1d6-40b211 call 404320 call 409739 DeleteCriticalSection call 40a594 530->545 531->494 535->536 536->409 600 40b3ef 537->600 539->559 569 40adca-40add5 call 409eb3 539->569 547 40b002-40b008 540->547 548 40aff9-40afff 540->548 544->545 545->593 561 40b010-40b057 call 404320 call 409739 DeleteCriticalSection call 40a594 547->561 562 40b00a-40b00c 547->562 548->547 674 40b3a5 call 412ff0 552->674 675 40b3a5 call 409ab3 552->675 553->552 558->559 596 40ae14-40ae16 559->596 597 40ae1a-40ae23 559->597 561->537 562->561 569->559 581 40b3a8-40b3ea call 404320 * 2 call 409739 call 40b60b call 40a3a6 581->600 593->411 596->597 606 40ae25-40ae27 597->606 607 40ae2b-40ae34 597->607 600->411 606->607 616 40ae36-40ae38 607->616 617 40ae3c-40ae45 607->617 608->609 619 40b126-40b15a call 404320 * 2 609->619 620 40af5b 609->620 616->617 617->473 617->474 619->465 659 40b160-40b165 619->659 627 40af5e-40af65 620->627 632 40b0d1 627->632 633 40af6b 627->633 635 40b0d4-40b0d6 632->635 637 40af6e-40af70 633->637 639 40b0e4-40b0eb 635->639 640 40b0d8-40b0e2 635->640 642 40af76-40af7c 637->642 643 40b0cd-40b0cf 637->643 646 40b0fc 639->646 647 40b0ed 639->647 645 40b10a-40b120 call 40a528 640->645 642->637 649 40af7e 642->649 643->635 645->619 645->627 651 40b0ff-40b101 646->651 650 40b0f0-40b0f2 647->650 649->632 654 40b0f4-40b0fa 650->654 655 40b16a-40b16c 650->655 656 40b233-40b2a6 call 404320 * 3 call 409739 DeleteCriticalSection call 40a594 call 404349 call 404320 651->656 657 40b107 651->657 654->646 654->650 655->651 656->411 657->645 659->459 674->581 675->581
                                                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                                                    			E0040AB05(char* __ecx, void* __eflags) {
				signed int _t373;
				signed int _t382;
				intOrPtr* _t417;
				signed int _t419;
				signed int _t423;
				signed int _t429;
				signed int _t430;
				intOrPtr* _t440;
				intOrPtr* _t441;
				signed int _t453;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t471;
				signed int _t482;
				signed int _t483;
				signed int _t484;
				signed int _t490;
				signed int _t504;
				signed int _t505;
				intOrPtr _t507;
				signed int _t508;
				signed char _t510;
				char _t512;
				intOrPtr* _t513;
				signed int _t518;
				signed int _t523;
				signed int _t535;
				signed int _t537;
				signed int _t538;
				signed int _t539;
				intOrPtr* _t540;
				signed int _t580;
				signed int _t581;
				intOrPtr _t589;
				signed int _t595;
				signed int _t626;
				signed int _t652;
				signed int _t653;
				char* _t658;
				signed int _t660;
				signed int _t661;
				intOrPtr* _t662;
				signed int _t664;
				signed int* _t667;
				signed int _t668;
				signed int _t669;
				signed int _t670;
				intOrPtr _t671;
				signed int _t672;
				signed int _t673;
				signed int _t674;
				intOrPtr _t675;
				intOrPtr* _t676;
				signed int _t677;
				void* _t678;

				E00413724(E00419F1A, _t678);
				_t664 =  *(_t678 + 0x18);
				_t658 = __ecx;
				 *((intOrPtr*)(_t678 - 0x30)) = __ecx;
				if(E0040D5A3(_t664) == 0) {
					L81:
					_t373 = 0x80004001;
					L114:
					 *[fs:0x0] =  *((intOrPtr*)(_t678 - 0xc));
					return _t373;
				}
				E00402172(_t678 - 0x2c);
				 *((intOrPtr*)(_t678 - 0x2c)) = 0x41b6d0;
				 *(_t678 - 4) = 0;
				 *((intOrPtr*)(_t678 - 0x50)) = 0;
				E004130E0(_t678 - 0x4c);
				 *(_t678 - 4) = 1;
				E004062E7(_t678 - 0x50,  *(_t678 + 8));
				 *(_t678 + 8) = 0;
				if( *((intOrPtr*)(_t664 + 0x30)) <= 0) {
					L19:
					_t535 =  *( *(_t678 + 0x18) + 8);
					 *(_t678 - 0x18) = _t535;
					E0040AAB0(_t678 - 0xf8);
					 *(_t678 - 4) = 4;
					E0040B761(_t678 - 0xa8);
					 *(_t678 - 4) = 5;
					E0040B402( *(_t678 + 0x18), _t678 - 0xf8);
					if( *_t658 == 0) {
						L21:
						E00404349();
						_t382 =  *(_t658 + 0x74);
						_t667 = _t658 + 0x74;
						if(_t382 != 0) {
							 *((intOrPtr*)( *_t382 + 8))(_t382);
							 *_t667 =  *_t667 & 0x00000000;
						}
						if( *((char*)(_t658 + 0x68)) != 0) {
							_push(0x88);
							_t504 = E00403A3D();
							 *(_t678 + 8) = _t504;
							 *(_t678 - 4) = 6;
							if(_t504 == 0) {
								_t505 = 0;
								__eflags = 0;
							} else {
								_t505 = E0040B626(_t504);
							}
							 *(_t678 - 4) = 5;
							 *((intOrPtr*)(_t658 + 0x6c)) = _t505;
							E004062E7(_t667, _t505);
							_t507 =  *((intOrPtr*)(_t658 + 0x6c));
							if(_t507 == 0) {
								_t508 = 0;
								__eflags = 0;
							} else {
								_t508 = _t507 + 4;
							}
							 *((intOrPtr*)(_t658 + 0x70)) = _t508;
						}
						_t668 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t658 + 0x70))))))(_t678 - 0xf8);
						_t700 = _t668;
						if(_t668 == 0) {
							 *(_t678 - 0x10) =  *(_t678 - 0x10) & 0x00000000;
							__eflags = _t535;
							if(__eflags <= 0) {
								L50:
								E0040B735(_t658 + 4, __eflags, _t678 - 0xf8);
								 *_t658 = 1;
								L51:
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t658 + 0x70)))) + 4))();
								_t669 = 0;
								__eflags =  *(_t678 - 0x18);
								 *((intOrPtr*)(_t678 - 0x34)) = 0;
								 *(_t678 + 0x10) = 0;
								 *(_t678 - 0x14) = 0;
								if( *(_t678 - 0x18) <= 0) {
									L105:
									E0040A1FC(_t678 - 0xf8,  *((intOrPtr*)( *((intOrPtr*)(_t678 - 0xb0)))), _t678 - 0x58, _t678 - 0xfc);
									__eflags =  *((char*)(_t658 + 0x68));
									if( *((char*)(_t658 + 0x68)) != 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_t658 + 0x6c)) + 0x70)) =  *((intOrPtr*)(_t678 - 0x58));
									}
									__eflags =  *(_t678 - 0x18) - _t669;
									if( *(_t678 - 0x18) != _t669) {
										E00403291(_t678 - 0x94, 4);
										 *((intOrPtr*)(_t678 - 0x94)) = 0x41b6c0;
										 *(_t678 - 4) = 0x1d;
										E0040439A(_t678 - 0x94,  *(_t678 - 0x24));
										_t670 = 0;
										__eflags =  *(_t678 - 0x24);
										if( *(_t678 - 0x24) <= 0) {
											L112:
											_t660 =  *(_t658 + 0x74);
											 *((intOrPtr*)(_t678 - 0x54)) =  *((intOrPtr*)(_t678 + 0x1c));
											_t668 =  *((intOrPtr*)( *_t660 + 0xc))(_t660,  *((intOrPtr*)(_t678 - 0x88)), 0,  *(_t678 - 0x24), _t678 - 0x54, 0, 1,  *((intOrPtr*)(_t678 + 0x20)));
											 *(_t678 - 4) = 5;
											E00404320(_t678 - 0x94);
											 *(_t678 - 4) = 0x1e;
											E00404320(_t678 - 0xa8);
											 *(_t678 - 4) = 1;
											E00409739(_t678 - 0xf8, __eflags);
											 *(_t678 - 4) =  *(_t678 - 4) & 0x00000000;
											E0040B60B(_t678 - 0x50);
											_t366 = _t678 - 4;
											 *_t366 =  *(_t678 - 4) | 0xffffffff;
											__eflags =  *_t366;
											E0040A3A6(_t678 - 0x2c);
											goto L113;
										} else {
											goto L111;
										}
										do {
											L111:
											E0040A528(_t678 - 0x94,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t678 - 0x20)) + _t670 * 4)))));
											_t670 = _t670 + 1;
											__eflags = _t670 -  *(_t678 - 0x24);
										} while (_t670 <  *(_t678 - 0x24));
										goto L112;
									} else {
										 *(_t678 - 4) = 0x1b;
										E00404320(_t678 - 0xa8);
										 *(_t678 - 4) = 1;
										E00409739(_t678 - 0xf8, __eflags);
										 *(_t678 - 4) =  *(_t678 - 4) & 0x00000000;
										DeleteCriticalSection(_t678 - 0x4c);
										E0040A594(_t678 - 0x50);
										 *((intOrPtr*)(_t678 - 0x2c)) = 0x41b6d0;
										 *(_t678 - 4) = 0x1c;
										_t668 = 0;
										__eflags = 0;
										goto L109;
									}
								}
								_t661 =  *(_t678 + 0x18);
								 *(_t678 + 8) = 0;
								do {
									 *(_t678 + 0x18) =  *(_t678 + 0x18) & 0x00000000;
									_t671 =  *((intOrPtr*)( *((intOrPtr*)(_t661 + 0xc)) +  *(_t678 - 0x14) * 4));
									_t417 =  *((intOrPtr*)( *((intOrPtr*)( *(_t678 + 8) +  *((intOrPtr*)( *((intOrPtr*)(_t678 - 0x30)) + 0x84))))));
									 *(_t678 - 4) = 0x12;
									 *((intOrPtr*)( *_t417))(_t417, 0x41b2a0, _t678 + 0x18);
									_t419 =  *(_t678 + 0x18);
									__eflags = _t419;
									if(_t419 == 0) {
										L57:
										__eflags = _t419;
										 *(_t678 - 4) = 5;
										if(_t419 != 0) {
											 *((intOrPtr*)( *_t419 + 8))(_t419);
										}
										_t537 =  *(_t671 + 0x14);
										 *(_t678 + 8) =  *(_t678 + 8) + 4;
										_t672 =  *(_t671 + 0x18);
										E00403291(_t678 - 0x6c, 4);
										 *((intOrPtr*)(_t678 - 0x6c)) = 0x41b694;
										 *(_t678 - 4) = 0x17;
										E00403291(_t678 - 0x80, 4);
										 *((intOrPtr*)(_t678 - 0x80)) = 0x41b694;
										 *(_t678 - 4) = 0x18;
										E0040439A(_t678 - 0x6c, _t537);
										_t423 = E0040439A(_t678 - 0x80, _t672);
										__eflags = _t672;
										if(_t672 <= 0) {
											L61:
											 *(_t678 - 0x10) =  *(_t678 - 0x10) & 0x00000000;
											__eflags = _t537;
											if(_t537 <= 0) {
												goto L94;
											}
											_t675 =  *((intOrPtr*)(_t678 - 0x34));
											do {
												_t580 =  *(_t661 + 0x1c);
												_t652 = 0;
												__eflags = _t580;
												if(_t580 <= 0) {
													L83:
													_t429 = _t423 | 0xffffffff;
													__eflags = _t429;
													L84:
													__eflags = _t429;
													if(_t429 < 0) {
														_t581 =  *(_t661 + 0x30);
														_t653 = 0;
														__eflags = _t581;
														if(_t581 <= 0) {
															L90:
															_t430 = _t429 | 0xffffffff;
															__eflags = _t430;
															L91:
															__eflags = _t430;
															if(_t430 < 0) {
																 *(_t678 - 4) = 0x17;
																E00404320(_t678 - 0x80);
																 *(_t678 - 4) = 5;
																E00404320(_t678 - 0x6c);
																 *(_t678 - 4) = 0x19;
																E00404320(_t678 - 0xa8);
																 *(_t678 - 4) = 1;
																E00409739(_t678 - 0xf8, __eflags);
																 *(_t678 - 4) =  *(_t678 - 4) & 0x00000000;
																DeleteCriticalSection(_t678 - 0x4c);
																E0040A594(_t678 - 0x50);
																 *((intOrPtr*)(_t678 - 0x2c)) = 0x41b6d0;
																 *(_t678 - 4) = 0x1a;
																E00404349();
																 *(_t678 - 4) =  *(_t678 - 4) | 0xffffffff;
																E00404320(_t678 - 0x2c);
																_t373 = 0x80004005;
																goto L114;
															}
															_t589 =  *((intOrPtr*)(_t678 + 0x14));
															goto L93;
														}
														_t441 =  *((intOrPtr*)(_t661 + 0x34));
														while(1) {
															__eflags =  *_t441 - _t675;
															if( *_t441 == _t675) {
																break;
															}
															_t653 = _t653 + 1;
															_t441 = _t441 + 4;
															__eflags = _t653 - _t581;
															if(_t653 < _t581) {
																continue;
															}
															goto L90;
														}
														_t430 = _t653;
														goto L91;
													}
													_t430 =  *( *((intOrPtr*)(_t661 + 0x20)) + 4 + _t429 * 8);
													_t589 =  *((intOrPtr*)(_t661 + 0x48));
													goto L93;
												}
												_t440 =  *((intOrPtr*)(_t661 + 0x20));
												while(1) {
													__eflags =  *_t440 - _t675;
													if( *_t440 == _t675) {
														break;
													}
													_t652 = _t652 + 1;
													_t440 = _t440 + 8;
													__eflags = _t652 - _t580;
													if(_t652 < _t580) {
														continue;
													}
													goto L83;
												}
												_t429 = _t652;
												goto L84;
												L93:
												_t423 = E0040A528(_t678 - 0x6c, _t589 + _t430 * 8);
												 *(_t678 - 0x10) =  *(_t678 - 0x10) + 1;
												_t675 = _t675 + 1;
												__eflags =  *(_t678 - 0x10) - _t537;
												 *((intOrPtr*)(_t678 - 0x34)) = _t675;
											} while ( *(_t678 - 0x10) < _t537);
											goto L94;
										} else {
											do {
												_t423 = E0040A528(_t678 - 0x80,  *((intOrPtr*)(_t661 + 0x48)) +  *(_t678 + 0x10) * 8);
												 *(_t678 + 0x10) =  *(_t678 + 0x10) + 1;
												_t672 = _t672 - 1;
												__eflags = _t672;
											} while (_t672 != 0);
											goto L61;
										}
									}
									_t595 =  *(_t671 + 0xc);
									__eflags = _t595 - 0xffffffff;
									 *(_t678 - 0x10) = _t595;
									if(_t595 > 0xffffffff) {
										__eflags = _t419;
										 *(_t678 - 4) = 5;
										if(_t419 != 0) {
											 *((intOrPtr*)( *_t419 + 8))(_t419);
										}
										 *(_t678 - 4) = 0x13;
										E00404320(_t678 - 0xa8);
										 *(_t678 - 4) = 1;
										E00409739(_t678 - 0xf8, __eflags);
										 *(_t678 - 4) =  *(_t678 - 4) & 0x00000000;
										DeleteCriticalSection(_t678 - 0x4c);
										E0040A594(_t678 - 0x50);
										 *((intOrPtr*)(_t678 - 0x2c)) = 0x41b6d0;
										 *(_t678 - 4) = 0x14;
										_t538 = 0x80004001;
										L103:
										E00404349();
										 *(_t678 - 4) =  *(_t678 - 4) | 0xffffffff;
										E00404320(_t678 - 0x2c);
										_t373 = _t538;
										goto L114;
									}
									_t538 =  *((intOrPtr*)( *_t419 + 0xc))(_t419,  *((intOrPtr*)(_t671 + 0x10)),  *(_t678 - 0x10));
									__eflags = _t538;
									if(_t538 != 0) {
										_t453 =  *(_t678 + 0x18);
										 *(_t678 - 4) = 5;
										__eflags = _t453;
										if(_t453 != 0) {
											 *((intOrPtr*)( *_t453 + 8))(_t453);
										}
										 *(_t678 - 4) = 0x15;
										E00404320(_t678 - 0xa8);
										 *(_t678 - 4) = 1;
										E00409739(_t678 - 0xf8, __eflags);
										_t287 = _t678 - 4;
										 *_t287 =  *(_t678 - 4) & 0x00000000;
										__eflags =  *_t287;
										DeleteCriticalSection(_t678 - 0x4c);
										E0040A594(_t678 - 0x50);
										 *((intOrPtr*)(_t678 - 0x2c)) = 0x41b6d0;
										 *(_t678 - 4) = 0x16;
										goto L103;
									}
									_t419 =  *(_t678 + 0x18);
									goto L57;
									L94:
									_t673 =  *(_t678 - 0x14);
									 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t678 - 0x30)) + 0x70)))) + 8))(_t673,  *((intOrPtr*)(_t678 - 0x60)),  *((intOrPtr*)(_t678 - 0x74)));
									 *(_t678 - 4) = 0x17;
									E00404320(_t678 - 0x80);
									 *(_t678 - 4) = 5;
									E00404320(_t678 - 0x6c);
									_t674 = _t673 + 1;
									__eflags = _t674 -  *(_t678 - 0x18);
									 *(_t678 - 0x14) = _t674;
								} while (_t674 <  *(_t678 - 0x18));
								_t658 =  *((intOrPtr*)(_t678 - 0x30));
								_t669 = 0;
								goto L105;
							} else {
								goto L34;
							}
							while(1) {
								L34:
								_t676 =  *((intOrPtr*)( *((intOrPtr*)( *(_t678 + 0x18) + 0xc)) +  *(_t678 - 0x10) * 4));
								 *(_t678 + 0x10) = 0;
								 *(_t678 + 8) = 0;
								_push(0);
								_push( *((intOrPtr*)(_t676 + 4)));
								 *(_t678 - 4) = 0xa;
								_push( *_t676); // executed
								_t462 = E00406297(_t678 + 0x10, _t678 + 8, __eflags); // executed
								_t539 = _t462;
								__eflags = _t539;
								if(_t539 != 0) {
									break;
								}
								 *(_t678 - 0x14) =  *(_t678 - 0x14) & _t462;
								__eflags =  *((intOrPtr*)(_t676 + 0x14)) - 1;
								 *(_t678 - 4) = 0xd;
								if( *((intOrPtr*)(_t676 + 0x14)) != 1) {
									L40:
									__eflags =  *(_t678 + 8);
									if( *(_t678 + 8) == 0) {
										_t471 =  *(_t678 + 0x10);
										 *(_t678 - 4) = 5;
										__eflags = _t471;
										if(_t471 != 0) {
											 *((intOrPtr*)( *_t471 + 8))(_t471);
										}
										 *(_t678 - 4) = 0x10;
										E00404320(_t678 - 0xa8);
										 *(_t678 - 4) = 1;
										E00409739(_t678 - 0xf8, __eflags);
										 *(_t678 - 4) =  *(_t678 - 4) & 0x00000000;
										DeleteCriticalSection(_t678 - 0x4c);
										E0040A594(_t678 - 0x50);
										 *((intOrPtr*)(_t678 - 0x2c)) = 0x41b6d0;
										 *(_t678 - 4) = 0x11;
										E00404349();
										_t237 = _t678 - 4;
										 *_t237 =  *(_t678 - 4) | 0xffffffff;
										__eflags =  *_t237;
										E00404320(_t678 - 0x2c);
										goto L81;
									}
									E004062E7(_t678 - 0x14,  *(_t678 + 8));
									__eflags =  *((char*)(_t658 + 0x68));
									if(__eflags != 0) {
										E00409ED8( *((intOrPtr*)(_t658 + 0x6c)), _t678, __eflags,  *(_t678 + 8));
									}
									L43:
									_push(_t678 - 0x14);
									E0040B876(_t658 + 0x78);
									_t482 =  *(_t678 - 0x14);
									 *(_t678 - 4) = 0xa;
									__eflags = _t482;
									if(_t482 != 0) {
										 *((intOrPtr*)( *_t482 + 8))(_t482);
									}
									_t483 =  *(_t678 + 8);
									 *(_t678 - 4) = 9;
									__eflags = _t483;
									if(_t483 != 0) {
										 *((intOrPtr*)( *_t483 + 8))(_t483);
									}
									_t484 =  *(_t678 + 0x10);
									 *(_t678 - 4) = 5;
									__eflags = _t484;
									if(_t484 != 0) {
										 *((intOrPtr*)( *_t484 + 8))(_t484);
									}
									 *(_t678 - 0x10) =  *(_t678 - 0x10) + 1;
									__eflags =  *(_t678 - 0x10) -  *(_t678 - 0x18);
									if(__eflags < 0) {
										continue;
									} else {
										goto L50;
									}
								}
								__eflags =  *((intOrPtr*)(_t676 + 0x18)) - 1;
								if( *((intOrPtr*)(_t676 + 0x18)) != 1) {
									goto L40;
								}
								_t626 =  *(_t678 + 0x10);
								__eflags = _t626;
								if(_t626 == 0) {
									_t490 =  *(_t678 + 8);
									 *(_t678 - 4) = 9;
									__eflags = _t490;
									if(_t490 != 0) {
										 *((intOrPtr*)( *_t490 + 8))(_t490);
										_t626 =  *(_t678 + 0x10);
									}
									__eflags = _t626;
									 *(_t678 - 4) = 5;
									if(_t626 != 0) {
										 *((intOrPtr*)( *_t626 + 8))(_t626);
									}
									 *(_t678 - 4) = 0xe;
									E00404320(_t678 - 0xa8);
									 *(_t678 - 4) = 1;
									E00409739(_t678 - 0xf8, __eflags);
									 *(_t678 - 4) =  *(_t678 - 4) & 0x00000000;
									DeleteCriticalSection(_t678 - 0x4c);
									E0040A594(_t678 - 0x50);
									 *((intOrPtr*)(_t678 - 0x2c)) = 0x41b6d0;
									 *(_t678 - 4) = 0xf;
									_t668 = 0x80004001;
									goto L109;
								}
								E004062E7(_t678 - 0x14, _t626);
								__eflags =  *((intOrPtr*)(_t658 + 0x68)) - _t539;
								if(__eflags != 0) {
									E00409EB3( *((intOrPtr*)(_t658 + 0x6c)), _t678, __eflags,  *(_t678 + 0x10));
								}
								goto L43;
							}
							_t463 =  *(_t678 + 8);
							 *(_t678 - 4) = 9;
							__eflags = _t463;
							if(_t463 != 0) {
								 *((intOrPtr*)( *_t463 + 8))(_t463);
							}
							_t464 =  *(_t678 + 0x10);
							 *(_t678 - 4) = 5;
							__eflags = _t464;
							if(_t464 != 0) {
								 *((intOrPtr*)( *_t464 + 8))(_t464);
							}
							 *(_t678 - 4) = 0xb;
							E00404320(_t678 - 0xa8);
							 *(_t678 - 4) = 1;
							E00409739(_t678 - 0xf8, __eflags);
							 *(_t678 - 4) =  *(_t678 - 4) & 0x00000000;
							DeleteCriticalSection(_t678 - 0x4c);
							E0040A594(_t678 - 0x50);
							 *((intOrPtr*)(_t678 - 0x2c)) = 0x41b6d0;
							 *(_t678 - 4) = 0xc;
							_t668 = _t539;
							goto L109;
						} else {
							 *(_t678 - 4) = 7;
							E00404320(_t678 - 0xa8);
							 *(_t678 - 4) = 1;
							E00409739(_t678 - 0xf8, _t700);
							 *(_t678 - 4) =  *(_t678 - 4) & 0x00000000;
							DeleteCriticalSection(_t678 - 0x4c);
							E0040A594(_t678 - 0x50);
							 *((intOrPtr*)(_t678 - 0x2c)) = 0x41b6d0;
							 *(_t678 - 4) = 8;
							L109:
							E00404349();
							 *(_t678 - 4) =  *(_t678 - 4) | 0xffffffff;
							E00404320(_t678 - 0x2c);
							L113:
							_t373 = _t668;
							goto L114;
						}
					}
					_t510 = E0040B519(_t678 - 0xf8, _t658 + 4);
					asm("sbb al, al");
					_t512 =  ~_t510 + 1;
					 *((char*)(_t678 + 0xb)) = _t512;
					if(_t512 == 0) {
						goto L51;
					}
					goto L21;
				} else {
					_t540 =  *((intOrPtr*)(_t678 + 0x14));
					do {
						_push(0x18);
						_t513 = E00403A3D();
						if(_t513 == 0) {
							_t662 = 0;
							__eflags = 0;
						} else {
							 *(_t513 + 4) =  *(_t513 + 4) & 0x00000000;
							 *_t513 = 0x41b6f4;
							_t662 = _t513;
						}
						 *((intOrPtr*)(_t678 - 0x34)) = _t662;
						if(_t662 != 0) {
							 *((intOrPtr*)( *_t662 + 4))(_t662);
						}
						_push(0x28);
						 *((intOrPtr*)(_t662 + 8)) = _t678 - 0x50;
						 *((intOrPtr*)(_t662 + 0x10)) =  *((intOrPtr*)(_t678 + 0xc));
						 *(_t662 + 0x14) =  *(_t678 + 0x10);
						 *((intOrPtr*)(_t678 + 0xc)) =  *((intOrPtr*)(_t678 + 0xc)) +  *_t540;
						 *(_t678 - 4) = 2;
						asm("adc [ebp+0x10], ecx");
						_t518 = E00403A3D();
						if(_t518 == 0) {
							_t677 = 0;
							__eflags = 0;
						} else {
							 *(_t518 + 4) =  *(_t518 + 4) & 0x00000000;
							 *(_t518 + 8) =  *(_t518 + 8) & 0x00000000;
							 *_t518 = 0x41b6e4;
							_t677 = _t518;
						}
						 *(_t678 - 0x18) = _t677;
						if(_t677 != 0) {
							 *((intOrPtr*)( *_t677 + 4))(_t677);
						}
						_t34 = _t677 + 8; // 0x8
						 *(_t678 - 4) = 3;
						E004062E7(_t34, _t662);
						 *(_t677 + 0x18) =  *(_t677 + 0x18) & 0x00000000;
						 *(_t677 + 0x1c) =  *(_t677 + 0x1c) & 0x00000000;
						 *(_t677 + 0x20) =  *(_t677 + 0x20) & 0x00000000;
						 *((intOrPtr*)(_t677 + 0x10)) =  *_t540;
						 *((intOrPtr*)(_t677 + 0x14)) =  *((intOrPtr*)(_t540 + 4));
						_push(_t678 - 0x18);
						E0040A3DE(_t678 - 0x2c);
						_t523 =  *(_t678 - 0x18);
						 *(_t678 - 4) = 2;
						if(_t523 != 0) {
							 *((intOrPtr*)( *_t523 + 8))(_t523);
						}
						 *(_t678 - 4) = 1;
						if(_t662 != 0) {
							 *((intOrPtr*)( *_t662 + 8))(_t662);
						}
						 *(_t678 + 8) =  *(_t678 + 8) + 1;
						_t540 = _t540 + 8;
					} while ( *(_t678 + 8) <  *((intOrPtr*)( *(_t678 + 0x18) + 0x30)));
					_t658 =  *((intOrPtr*)(_t678 - 0x30));
					goto L19;
				}
			}



























































                                                                                                                                                                    0x0040ab0a
                                                                                                                                                                    0x0040ab17
                                                                                                                                                                    0x0040ab1b
                                                                                                                                                                    0x0040ab1f
                                                                                                                                                                    0x0040ab29
                                                                                                                                                                    0x0040b0c3
                                                                                                                                                                    0x0040b0c3
                                                                                                                                                                    0x0040b3f1
                                                                                                                                                                    0x0040b3f7
                                                                                                                                                                    0x0040b3ff
                                                                                                                                                                    0x0040b3ff
                                                                                                                                                                    0x0040ab32
                                                                                                                                                                    0x0040ab37
                                                                                                                                                                    0x0040ab43
                                                                                                                                                                    0x0040ab46
                                                                                                                                                                    0x0040ab49
                                                                                                                                                                    0x0040ab54
                                                                                                                                                                    0x0040ab58
                                                                                                                                                                    0x0040ab60
                                                                                                                                                                    0x0040ab65
                                                                                                                                                                    0x0040ac4c
                                                                                                                                                                    0x0040ac55
                                                                                                                                                                    0x0040ac58
                                                                                                                                                                    0x0040ac5b
                                                                                                                                                                    0x0040ac66
                                                                                                                                                                    0x0040ac6a
                                                                                                                                                                    0x0040ac77
                                                                                                                                                                    0x0040ac7b
                                                                                                                                                                    0x0040ac83
                                                                                                                                                                    0x0040aca2
                                                                                                                                                                    0x0040aca5
                                                                                                                                                                    0x0040acaa
                                                                                                                                                                    0x0040acad
                                                                                                                                                                    0x0040acb2
                                                                                                                                                                    0x0040acb7
                                                                                                                                                                    0x0040acba
                                                                                                                                                                    0x0040acba
                                                                                                                                                                    0x0040acc1
                                                                                                                                                                    0x0040acc3
                                                                                                                                                                    0x0040acc8
                                                                                                                                                                    0x0040acce
                                                                                                                                                                    0x0040acd3
                                                                                                                                                                    0x0040acd7
                                                                                                                                                                    0x0040ace2
                                                                                                                                                                    0x0040ace2
                                                                                                                                                                    0x0040acd9
                                                                                                                                                                    0x0040acdb
                                                                                                                                                                    0x0040acdb
                                                                                                                                                                    0x0040ace7
                                                                                                                                                                    0x0040aceb
                                                                                                                                                                    0x0040acee
                                                                                                                                                                    0x0040acf3
                                                                                                                                                                    0x0040acf8
                                                                                                                                                                    0x0040acff
                                                                                                                                                                    0x0040acff
                                                                                                                                                                    0x0040acfa
                                                                                                                                                                    0x0040acfa
                                                                                                                                                                    0x0040acfa
                                                                                                                                                                    0x0040ad01
                                                                                                                                                                    0x0040ad01
                                                                                                                                                                    0x0040ad12
                                                                                                                                                                    0x0040ad14
                                                                                                                                                                    0x0040ad16
                                                                                                                                                                    0x0040ad5f
                                                                                                                                                                    0x0040ad63
                                                                                                                                                                    0x0040ad65
                                                                                                                                                                    0x0040ae4b
                                                                                                                                                                    0x0040ae55
                                                                                                                                                                    0x0040ae5a
                                                                                                                                                                    0x0040ae5d
                                                                                                                                                                    0x0040ae62
                                                                                                                                                                    0x0040ae65
                                                                                                                                                                    0x0040ae67
                                                                                                                                                                    0x0040ae6a
                                                                                                                                                                    0x0040ae6d
                                                                                                                                                                    0x0040ae70
                                                                                                                                                                    0x0040ae73
                                                                                                                                                                    0x0040b2ab
                                                                                                                                                                    0x0040b2c4
                                                                                                                                                                    0x0040b2c9
                                                                                                                                                                    0x0040b2cd
                                                                                                                                                                    0x0040b2d5
                                                                                                                                                                    0x0040b2d5
                                                                                                                                                                    0x0040b2d8
                                                                                                                                                                    0x0040b2db
                                                                                                                                                                    0x0040b342
                                                                                                                                                                    0x0040b347
                                                                                                                                                                    0x0040b35a
                                                                                                                                                                    0x0040b35e
                                                                                                                                                                    0x0040b365
                                                                                                                                                                    0x0040b367
                                                                                                                                                                    0x0040b36a
                                                                                                                                                                    0x0040b385
                                                                                                                                                                    0x0040b38b
                                                                                                                                                                    0x0040b395
                                                                                                                                                                    0x0040b3ae
                                                                                                                                                                    0x0040b3b0
                                                                                                                                                                    0x0040b3b4
                                                                                                                                                                    0x0040b3bf
                                                                                                                                                                    0x0040b3c3
                                                                                                                                                                    0x0040b3ce
                                                                                                                                                                    0x0040b3d2
                                                                                                                                                                    0x0040b3d7
                                                                                                                                                                    0x0040b3de
                                                                                                                                                                    0x0040b3e3
                                                                                                                                                                    0x0040b3e3
                                                                                                                                                                    0x0040b3e3
                                                                                                                                                                    0x0040b3ea
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b36c
                                                                                                                                                                    0x0040b36c
                                                                                                                                                                    0x0040b37a
                                                                                                                                                                    0x0040b37f
                                                                                                                                                                    0x0040b380
                                                                                                                                                                    0x0040b380
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b2dd
                                                                                                                                                                    0x0040b2e3
                                                                                                                                                                    0x0040b2e7
                                                                                                                                                                    0x0040b2f2
                                                                                                                                                                    0x0040b2f6
                                                                                                                                                                    0x0040b2fb
                                                                                                                                                                    0x0040b303
                                                                                                                                                                    0x0040b30c
                                                                                                                                                                    0x0040b311
                                                                                                                                                                    0x0040b318
                                                                                                                                                                    0x0040b31f
                                                                                                                                                                    0x0040b31f
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b31f
                                                                                                                                                                    0x0040b2db
                                                                                                                                                                    0x0040ae79
                                                                                                                                                                    0x0040ae7c
                                                                                                                                                                    0x0040ae7f
                                                                                                                                                                    0x0040ae85
                                                                                                                                                                    0x0040ae89
                                                                                                                                                                    0x0040ae9b
                                                                                                                                                                    0x0040aea9
                                                                                                                                                                    0x0040aead
                                                                                                                                                                    0x0040aeaf
                                                                                                                                                                    0x0040aeb2
                                                                                                                                                                    0x0040aeb4
                                                                                                                                                                    0x0040aedf
                                                                                                                                                                    0x0040aedf
                                                                                                                                                                    0x0040aee1
                                                                                                                                                                    0x0040aee5
                                                                                                                                                                    0x0040aeea
                                                                                                                                                                    0x0040aeea
                                                                                                                                                                    0x0040aeed
                                                                                                                                                                    0x0040aef0
                                                                                                                                                                    0x0040aef4
                                                                                                                                                                    0x0040aefc
                                                                                                                                                                    0x0040af01
                                                                                                                                                                    0x0040af0d
                                                                                                                                                                    0x0040af11
                                                                                                                                                                    0x0040af16
                                                                                                                                                                    0x0040af21
                                                                                                                                                                    0x0040af25
                                                                                                                                                                    0x0040af2e
                                                                                                                                                                    0x0040af33
                                                                                                                                                                    0x0040af35
                                                                                                                                                                    0x0040af4f
                                                                                                                                                                    0x0040af4f
                                                                                                                                                                    0x0040af53
                                                                                                                                                                    0x0040af55
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040af5b
                                                                                                                                                                    0x0040af5e
                                                                                                                                                                    0x0040af5e
                                                                                                                                                                    0x0040af61
                                                                                                                                                                    0x0040af63
                                                                                                                                                                    0x0040af65
                                                                                                                                                                    0x0040b0d1
                                                                                                                                                                    0x0040b0d1
                                                                                                                                                                    0x0040b0d1
                                                                                                                                                                    0x0040b0d4
                                                                                                                                                                    0x0040b0d4
                                                                                                                                                                    0x0040b0d6
                                                                                                                                                                    0x0040b0e4
                                                                                                                                                                    0x0040b0e7
                                                                                                                                                                    0x0040b0e9
                                                                                                                                                                    0x0040b0eb
                                                                                                                                                                    0x0040b0fc
                                                                                                                                                                    0x0040b0fc
                                                                                                                                                                    0x0040b0fc
                                                                                                                                                                    0x0040b0ff
                                                                                                                                                                    0x0040b0ff
                                                                                                                                                                    0x0040b101
                                                                                                                                                                    0x0040b236
                                                                                                                                                                    0x0040b23a
                                                                                                                                                                    0x0040b242
                                                                                                                                                                    0x0040b246
                                                                                                                                                                    0x0040b251
                                                                                                                                                                    0x0040b255
                                                                                                                                                                    0x0040b260
                                                                                                                                                                    0x0040b264
                                                                                                                                                                    0x0040b269
                                                                                                                                                                    0x0040b271
                                                                                                                                                                    0x0040b27a
                                                                                                                                                                    0x0040b27f
                                                                                                                                                                    0x0040b289
                                                                                                                                                                    0x0040b290
                                                                                                                                                                    0x0040b295
                                                                                                                                                                    0x0040b29c
                                                                                                                                                                    0x0040b2a1
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b2a1
                                                                                                                                                                    0x0040b107
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b107
                                                                                                                                                                    0x0040b0ed
                                                                                                                                                                    0x0040b0f0
                                                                                                                                                                    0x0040b0f0
                                                                                                                                                                    0x0040b0f2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b0f4
                                                                                                                                                                    0x0040b0f5
                                                                                                                                                                    0x0040b0f8
                                                                                                                                                                    0x0040b0fa
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b0fa
                                                                                                                                                                    0x0040b16a
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b16a
                                                                                                                                                                    0x0040b0db
                                                                                                                                                                    0x0040b0df
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b0df
                                                                                                                                                                    0x0040af6b
                                                                                                                                                                    0x0040af6e
                                                                                                                                                                    0x0040af6e
                                                                                                                                                                    0x0040af70
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040af76
                                                                                                                                                                    0x0040af77
                                                                                                                                                                    0x0040af7a
                                                                                                                                                                    0x0040af7c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040af7e
                                                                                                                                                                    0x0040b0cd
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b10a
                                                                                                                                                                    0x0040b111
                                                                                                                                                                    0x0040b116
                                                                                                                                                                    0x0040b119
                                                                                                                                                                    0x0040b11a
                                                                                                                                                                    0x0040b11d
                                                                                                                                                                    0x0040b11d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040af37
                                                                                                                                                                    0x0040af37
                                                                                                                                                                    0x0040af44
                                                                                                                                                                    0x0040af49
                                                                                                                                                                    0x0040af4c
                                                                                                                                                                    0x0040af4c
                                                                                                                                                                    0x0040af4c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040af37
                                                                                                                                                                    0x0040af35
                                                                                                                                                                    0x0040aeb6
                                                                                                                                                                    0x0040aeb9
                                                                                                                                                                    0x0040aebc
                                                                                                                                                                    0x0040aebf
                                                                                                                                                                    0x0040b16e
                                                                                                                                                                    0x0040b170
                                                                                                                                                                    0x0040b174
                                                                                                                                                                    0x0040b179
                                                                                                                                                                    0x0040b179
                                                                                                                                                                    0x0040b182
                                                                                                                                                                    0x0040b186
                                                                                                                                                                    0x0040b191
                                                                                                                                                                    0x0040b195
                                                                                                                                                                    0x0040b19a
                                                                                                                                                                    0x0040b1a2
                                                                                                                                                                    0x0040b1ab
                                                                                                                                                                    0x0040b1b0
                                                                                                                                                                    0x0040b1b7
                                                                                                                                                                    0x0040b1be
                                                                                                                                                                    0x0040b218
                                                                                                                                                                    0x0040b21b
                                                                                                                                                                    0x0040b220
                                                                                                                                                                    0x0040b227
                                                                                                                                                                    0x0040b22c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b22c
                                                                                                                                                                    0x0040aed2
                                                                                                                                                                    0x0040aed4
                                                                                                                                                                    0x0040aed6
                                                                                                                                                                    0x0040b1c5
                                                                                                                                                                    0x0040b1c8
                                                                                                                                                                    0x0040b1cc
                                                                                                                                                                    0x0040b1ce
                                                                                                                                                                    0x0040b1d3
                                                                                                                                                                    0x0040b1d3
                                                                                                                                                                    0x0040b1dc
                                                                                                                                                                    0x0040b1e0
                                                                                                                                                                    0x0040b1eb
                                                                                                                                                                    0x0040b1ef
                                                                                                                                                                    0x0040b1f4
                                                                                                                                                                    0x0040b1f4
                                                                                                                                                                    0x0040b1f4
                                                                                                                                                                    0x0040b1fc
                                                                                                                                                                    0x0040b205
                                                                                                                                                                    0x0040b20a
                                                                                                                                                                    0x0040b211
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b211
                                                                                                                                                                    0x0040aedc
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b126
                                                                                                                                                                    0x0040b12c
                                                                                                                                                                    0x0040b138
                                                                                                                                                                    0x0040b13e
                                                                                                                                                                    0x0040b142
                                                                                                                                                                    0x0040b14a
                                                                                                                                                                    0x0040b14e
                                                                                                                                                                    0x0040b153
                                                                                                                                                                    0x0040b154
                                                                                                                                                                    0x0040b157
                                                                                                                                                                    0x0040b157
                                                                                                                                                                    0x0040b160
                                                                                                                                                                    0x0040b163
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ad6b
                                                                                                                                                                    0x0040ad6b
                                                                                                                                                                    0x0040ad74
                                                                                                                                                                    0x0040ad79
                                                                                                                                                                    0x0040ad7c
                                                                                                                                                                    0x0040ad7f
                                                                                                                                                                    0x0040ad83
                                                                                                                                                                    0x0040ad89
                                                                                                                                                                    0x0040ad8d
                                                                                                                                                                    0x0040ad8f
                                                                                                                                                                    0x0040ad94
                                                                                                                                                                    0x0040ad96
                                                                                                                                                                    0x0040ad98
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ad9e
                                                                                                                                                                    0x0040ada1
                                                                                                                                                                    0x0040ada5
                                                                                                                                                                    0x0040ada9
                                                                                                                                                                    0x0040add7
                                                                                                                                                                    0x0040add7
                                                                                                                                                                    0x0040addb
                                                                                                                                                                    0x0040b05c
                                                                                                                                                                    0x0040b05f
                                                                                                                                                                    0x0040b063
                                                                                                                                                                    0x0040b065
                                                                                                                                                                    0x0040b06a
                                                                                                                                                                    0x0040b06a
                                                                                                                                                                    0x0040b073
                                                                                                                                                                    0x0040b077
                                                                                                                                                                    0x0040b082
                                                                                                                                                                    0x0040b086
                                                                                                                                                                    0x0040b08b
                                                                                                                                                                    0x0040b093
                                                                                                                                                                    0x0040b09c
                                                                                                                                                                    0x0040b0a1
                                                                                                                                                                    0x0040b0ab
                                                                                                                                                                    0x0040b0b2
                                                                                                                                                                    0x0040b0b7
                                                                                                                                                                    0x0040b0b7
                                                                                                                                                                    0x0040b0b7
                                                                                                                                                                    0x0040b0be
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b0be
                                                                                                                                                                    0x0040ade7
                                                                                                                                                                    0x0040adec
                                                                                                                                                                    0x0040adf0
                                                                                                                                                                    0x0040adf8
                                                                                                                                                                    0x0040adf8
                                                                                                                                                                    0x0040adfd
                                                                                                                                                                    0x0040ae03
                                                                                                                                                                    0x0040ae04
                                                                                                                                                                    0x0040ae09
                                                                                                                                                                    0x0040ae0c
                                                                                                                                                                    0x0040ae10
                                                                                                                                                                    0x0040ae12
                                                                                                                                                                    0x0040ae17
                                                                                                                                                                    0x0040ae17
                                                                                                                                                                    0x0040ae1a
                                                                                                                                                                    0x0040ae1d
                                                                                                                                                                    0x0040ae21
                                                                                                                                                                    0x0040ae23
                                                                                                                                                                    0x0040ae28
                                                                                                                                                                    0x0040ae28
                                                                                                                                                                    0x0040ae2b
                                                                                                                                                                    0x0040ae2e
                                                                                                                                                                    0x0040ae32
                                                                                                                                                                    0x0040ae34
                                                                                                                                                                    0x0040ae39
                                                                                                                                                                    0x0040ae39
                                                                                                                                                                    0x0040ae3c
                                                                                                                                                                    0x0040ae42
                                                                                                                                                                    0x0040ae45
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ae45
                                                                                                                                                                    0x0040adab
                                                                                                                                                                    0x0040adaf
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040adb1
                                                                                                                                                                    0x0040adb4
                                                                                                                                                                    0x0040adb6
                                                                                                                                                                    0x0040afee
                                                                                                                                                                    0x0040aff1
                                                                                                                                                                    0x0040aff5
                                                                                                                                                                    0x0040aff7
                                                                                                                                                                    0x0040affc
                                                                                                                                                                    0x0040afff
                                                                                                                                                                    0x0040afff
                                                                                                                                                                    0x0040b002
                                                                                                                                                                    0x0040b004
                                                                                                                                                                    0x0040b008
                                                                                                                                                                    0x0040b00d
                                                                                                                                                                    0x0040b00d
                                                                                                                                                                    0x0040b016
                                                                                                                                                                    0x0040b01a
                                                                                                                                                                    0x0040b025
                                                                                                                                                                    0x0040b029
                                                                                                                                                                    0x0040b02e
                                                                                                                                                                    0x0040b036
                                                                                                                                                                    0x0040b03f
                                                                                                                                                                    0x0040b044
                                                                                                                                                                    0x0040b04b
                                                                                                                                                                    0x0040b052
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b052
                                                                                                                                                                    0x0040adc0
                                                                                                                                                                    0x0040adc5
                                                                                                                                                                    0x0040adc8
                                                                                                                                                                    0x0040add0
                                                                                                                                                                    0x0040add0
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040adc8
                                                                                                                                                                    0x0040af83
                                                                                                                                                                    0x0040af86
                                                                                                                                                                    0x0040af8a
                                                                                                                                                                    0x0040af8c
                                                                                                                                                                    0x0040af91
                                                                                                                                                                    0x0040af91
                                                                                                                                                                    0x0040af94
                                                                                                                                                                    0x0040af97
                                                                                                                                                                    0x0040af9b
                                                                                                                                                                    0x0040af9d
                                                                                                                                                                    0x0040afa2
                                                                                                                                                                    0x0040afa2
                                                                                                                                                                    0x0040afab
                                                                                                                                                                    0x0040afaf
                                                                                                                                                                    0x0040afba
                                                                                                                                                                    0x0040afbe
                                                                                                                                                                    0x0040afc3
                                                                                                                                                                    0x0040afcb
                                                                                                                                                                    0x0040afd4
                                                                                                                                                                    0x0040afd9
                                                                                                                                                                    0x0040afe0
                                                                                                                                                                    0x0040afe7
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ad18
                                                                                                                                                                    0x0040ad1e
                                                                                                                                                                    0x0040ad22
                                                                                                                                                                    0x0040ad2d
                                                                                                                                                                    0x0040ad31
                                                                                                                                                                    0x0040ad36
                                                                                                                                                                    0x0040ad3e
                                                                                                                                                                    0x0040ad47
                                                                                                                                                                    0x0040ad4c
                                                                                                                                                                    0x0040ad53
                                                                                                                                                                    0x0040b321
                                                                                                                                                                    0x0040b324
                                                                                                                                                                    0x0040b329
                                                                                                                                                                    0x0040b330
                                                                                                                                                                    0x0040b3ef
                                                                                                                                                                    0x0040b3ef
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b3ef
                                                                                                                                                                    0x0040ad16
                                                                                                                                                                    0x0040ac8e
                                                                                                                                                                    0x0040ac95
                                                                                                                                                                    0x0040ac97
                                                                                                                                                                    0x0040ac99
                                                                                                                                                                    0x0040ac9c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ab6b
                                                                                                                                                                    0x0040ab6b
                                                                                                                                                                    0x0040ab6e
                                                                                                                                                                    0x0040ab6e
                                                                                                                                                                    0x0040ab70
                                                                                                                                                                    0x0040ab78
                                                                                                                                                                    0x0040ab88
                                                                                                                                                                    0x0040ab88
                                                                                                                                                                    0x0040ab7a
                                                                                                                                                                    0x0040ab7a
                                                                                                                                                                    0x0040ab7e
                                                                                                                                                                    0x0040ab84
                                                                                                                                                                    0x0040ab84
                                                                                                                                                                    0x0040ab8c
                                                                                                                                                                    0x0040ab8f
                                                                                                                                                                    0x0040ab94
                                                                                                                                                                    0x0040ab94
                                                                                                                                                                    0x0040ab9a
                                                                                                                                                                    0x0040ab9c
                                                                                                                                                                    0x0040aba2
                                                                                                                                                                    0x0040aba8
                                                                                                                                                                    0x0040abad
                                                                                                                                                                    0x0040abb3
                                                                                                                                                                    0x0040abb7
                                                                                                                                                                    0x0040abba
                                                                                                                                                                    0x0040abc2
                                                                                                                                                                    0x0040abd6
                                                                                                                                                                    0x0040abd6
                                                                                                                                                                    0x0040abc4
                                                                                                                                                                    0x0040abc4
                                                                                                                                                                    0x0040abc8
                                                                                                                                                                    0x0040abcc
                                                                                                                                                                    0x0040abd2
                                                                                                                                                                    0x0040abd2
                                                                                                                                                                    0x0040abda
                                                                                                                                                                    0x0040abdd
                                                                                                                                                                    0x0040abe2
                                                                                                                                                                    0x0040abe2
                                                                                                                                                                    0x0040abe6
                                                                                                                                                                    0x0040abe9
                                                                                                                                                                    0x0040abed
                                                                                                                                                                    0x0040abf7
                                                                                                                                                                    0x0040abfb
                                                                                                                                                                    0x0040abff
                                                                                                                                                                    0x0040ac03
                                                                                                                                                                    0x0040ac09
                                                                                                                                                                    0x0040ac0c
                                                                                                                                                                    0x0040ac10
                                                                                                                                                                    0x0040ac15
                                                                                                                                                                    0x0040ac18
                                                                                                                                                                    0x0040ac1e
                                                                                                                                                                    0x0040ac23
                                                                                                                                                                    0x0040ac23
                                                                                                                                                                    0x0040ac28
                                                                                                                                                                    0x0040ac2c
                                                                                                                                                                    0x0040ac31
                                                                                                                                                                    0x0040ac31
                                                                                                                                                                    0x0040ac34
                                                                                                                                                                    0x0040ac3d
                                                                                                                                                                    0x0040ac40
                                                                                                                                                                    0x0040ac49
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ac49

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040AB0A
                                                                                                                                                                      • Part of subcall function 0040D5A3: __EH_prolog.LIBCMT ref: 0040D5A8
                                                                                                                                                                      • Part of subcall function 004130E0: InitializeCriticalSection.KERNEL32(?,?,?,00000000,00000000), ref: 0041310E
                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 0040AD3E
                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 0040AFCB
                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 0040B036
                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 0040B093
                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 0040B1A2
                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 0040B1FC
                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,?,?,00000004,00000004), ref: 0040B271
                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 0040B303
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$Delete$H_prolog$Initialize
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3452124646-0
                                                                                                                                                                    • Opcode ID: 58a9a6b66158963222eea4db635ca3b7292b43df3d4f19167dd952c567d64964
                                                                                                                                                                    • Instruction ID: 4c9a54a47b38b58bbaef36bcc828af5c6ca02983ed7c574d3216c54edcd042c8
                                                                                                                                                                    • Opcode Fuzzy Hash: 58a9a6b66158963222eea4db635ca3b7292b43df3d4f19167dd952c567d64964
                                                                                                                                                                    • Instruction Fuzzy Hash: FC627E7090024ADFDB14DFA5C944BDEBBB4FF14308F1080AEE805B7291DB789A49DB99
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004051B7, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 102threadCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 676 4051b7-4051e6 GetCurrentThreadId GetTickCount GetCurrentProcessId 677 4051ea-4051f6 call 401d50 676->677 680 4051f8-4051ff 677->680 681 40524f-405255 677->681 684 405200-40520b 680->684 682 405263-40526c call 405800 681->682 683 405257-40525e call 4048ab 681->683 691 40527b-405280 682->691 692 40526e-405279 SetLastError 682->692 683->682 687 405212 684->687 688 40520d-405210 684->688 690 405215-40521f 687->690 688->690 690->684 693 405221-40522a 690->693 695 405282-40528c call 405ae5 691->695 696 40528e-405290 call 4049f4 691->696 694 4052ab-4052b2 692->694 697 405235-405248 call 4048ab GetTickCount 693->697 698 40522c-405230 call 401ded 693->698 694->677 702 4052b8-4052c2 694->702 705 405295-405297 695->705 696->705 710 40524a-40524c 697->710 711 40524d 697->711 698->697 707 4052c4-4052c8 702->707 708 405299-4052a2 GetLastError 705->708 709 4052cb-4052cd 705->709 708->694 712 4052a4-4052a9 708->712 709->707 710->711 711->681 712->694 712->702
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E004051B7(intOrPtr __ecx, void* __edx, signed short** _a4, short _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v28;
				char _v44;
				void* __ebp;
				signed int _t18;
				signed int _t19;
				signed int _t20;
				void* _t22;
				short _t23;
				long _t25;
				signed int _t31;
				short _t32;
				void* _t38;
				void* _t40;
				unsigned int _t41;
				short* _t48;
				void* _t53;
				signed short** _t54;
				unsigned int _t59;

				_t40 = __edx;
				_v12 = __ecx;
				_t18 = GetCurrentThreadId();
				_t19 = GetTickCount();
				_t20 = GetCurrentProcessId();
				_t54 = _a4;
				_t59 = (_t18 << 0x00000002 ^ _t19) << 0x0000000c ^ _t20;
				_v8 = _v8 & 0x00000000;
				do {
					E00401D50(_t54, _v12);
					if(_t40 == 0) {
						L12:
						_t67 = _a8;
						_t40 = 1;
						if(_a8 != 0) {
							E004048AB(_t54, _t53, L".tmp");
						}
						_t22 = E00405800( *_t54, _t67); // executed
						if(_t22 == 0) {
							__eflags = _a8;
							if(_a8 == 0) {
								_t23 = E004049F4( *_t54); // executed
							} else {
								_t23 = E00405AE5( *_t54, 0);
							}
							__eflags = _t23;
							if(_t23 != 0) {
								return 1;
							} else {
								_t25 = GetLastError();
								__eflags = _t25 - 0x50;
								if(_t25 == 0x50) {
									goto L22;
								}
								__eflags = _t25 - 0xb7;
								if(_t25 != 0xb7) {
									break;
								}
								goto L22;
							}
						} else {
							SetLastError(0xb7);
							goto L22;
						}
					}
					_t41 = _t59;
					_t48 =  &_v44;
					_t53 = 8;
					do {
						_t31 = _t41 & 0x0000000f;
						_t41 = _t41 >> 4;
						if(_t31 >= 0xa) {
							_t32 = _t31 + 0x37;
							__eflags = _t32;
						} else {
							_t32 = _t31 + 0x30;
						}
						 *_t48 = _t32;
						_t48 = _t48 + 2;
						_t53 = _t53 - 1;
					} while (_t53 != 0);
					_v28 = _v28 & 0x00000000;
					if(_a8 != 0) {
						E00401DED(_t54, 0x2e);
					}
					E004048AB(_t54, _t53,  &_v44);
					_t38 = GetTickCount() + 2;
					if(_t38 == 0) {
						_t38 = 1;
					}
					_t59 = _t59 + _t38;
					goto L12;
					L22:
					_v8 = _v8 + 1;
				} while (_v8 < 0x64);
				_t54[1] = _t54[1] & 0x00000000;
				 *( *_t54) =  *( *_t54) & 0x00000000;
				return 0;
			}























                                                                                                                                                                    0x004051c0
                                                                                                                                                                    0x004051c2
                                                                                                                                                                    0x004051c5
                                                                                                                                                                    0x004051d0
                                                                                                                                                                    0x004051db
                                                                                                                                                                    0x004051e1
                                                                                                                                                                    0x004051e4
                                                                                                                                                                    0x004051e6
                                                                                                                                                                    0x004051ea
                                                                                                                                                                    0x004051ef
                                                                                                                                                                    0x004051f6
                                                                                                                                                                    0x0040524f
                                                                                                                                                                    0x0040524f
                                                                                                                                                                    0x00405253
                                                                                                                                                                    0x00405255
                                                                                                                                                                    0x0040525e
                                                                                                                                                                    0x0040525e
                                                                                                                                                                    0x00405265
                                                                                                                                                                    0x0040526c
                                                                                                                                                                    0x0040527e
                                                                                                                                                                    0x00405280
                                                                                                                                                                    0x00405290
                                                                                                                                                                    0x00405282
                                                                                                                                                                    0x00405287
                                                                                                                                                                    0x00405287
                                                                                                                                                                    0x00405295
                                                                                                                                                                    0x00405297
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00405299
                                                                                                                                                                    0x00405299
                                                                                                                                                                    0x0040529f
                                                                                                                                                                    0x004052a2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004052a4
                                                                                                                                                                    0x004052a9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004052a9
                                                                                                                                                                    0x0040526e
                                                                                                                                                                    0x00405273
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00405273
                                                                                                                                                                    0x0040526c
                                                                                                                                                                    0x004051fa
                                                                                                                                                                    0x004051fc
                                                                                                                                                                    0x004051ff
                                                                                                                                                                    0x00405200
                                                                                                                                                                    0x00405202
                                                                                                                                                                    0x00405205
                                                                                                                                                                    0x0040520b
                                                                                                                                                                    0x00405212
                                                                                                                                                                    0x00405212
                                                                                                                                                                    0x0040520d
                                                                                                                                                                    0x0040520d
                                                                                                                                                                    0x0040520d
                                                                                                                                                                    0x00405219
                                                                                                                                                                    0x0040521d
                                                                                                                                                                    0x0040521e
                                                                                                                                                                    0x0040521e
                                                                                                                                                                    0x00405221
                                                                                                                                                                    0x0040522a
                                                                                                                                                                    0x00405230
                                                                                                                                                                    0x00405230
                                                                                                                                                                    0x0040523b
                                                                                                                                                                    0x00405247
                                                                                                                                                                    0x00405248
                                                                                                                                                                    0x0040524c
                                                                                                                                                                    0x0040524c
                                                                                                                                                                    0x0040524d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004052ab
                                                                                                                                                                    0x004052ab
                                                                                                                                                                    0x004052ae
                                                                                                                                                                    0x004052ba
                                                                                                                                                                    0x004052be
                                                                                                                                                                    0x00000000

                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 004051C5
                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004051D0
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,00000000,?,?,00405334,?,00000000,?,00000003,00000003,00000000,00000000,00000003,?,00000000), ref: 004051DB
                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00405240
                                                                                                                                                                    • SetLastError.KERNEL32(000000B7,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00405273
                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00405299
                                                                                                                                                                      • Part of subcall function 004049F4: CreateDirectoryA.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A13
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CountCurrentErrorLastTick$CreateDirectoryProcessThread
                                                                                                                                                                    • String ID: .tmp$d
                                                                                                                                                                    • API String ID: 3074393274-2797371523
                                                                                                                                                                    • Opcode ID: bcae12d90a6883db488ed7918e89dfc9a5be4d3fc6f172bc230e0f8a85ac3d52
                                                                                                                                                                    • Instruction ID: 4fab17955b769304b7d1cf71853489b42ead9ac2cf2e2055059d54e7646dac87
                                                                                                                                                                    • Opcode Fuzzy Hash: bcae12d90a6883db488ed7918e89dfc9a5be4d3fc6f172bc230e0f8a85ac3d52
                                                                                                                                                                    • Instruction Fuzzy Hash: CC31C1326506009BDB10ABA098897EF7760EFA5315F14807FE902BB2D2D77C9842CF99
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00409504, Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                    			E00409504(void* __ecx, void* __edx) {
				signed int _t48;
				intOrPtr* _t54;
				signed int _t60;
				intOrPtr _t61;
				void* _t76;
				struct _CRITICAL_SECTION* _t80;
				signed int _t81;
				void* _t84;
				void* _t86;

				_t76 = __edx;
				E00413724(E00419A70, _t86);
				_t84 = __ecx;
				_t80 = __ecx + 0x40;
				if(E0040935A(_t80) == 0) {
					E0040970A(__ecx);
					EnterCriticalSection(_t80);
					_t60 =  *(_t80 + 0x20);
					 *(_t86 - 0x10) =  *(_t80 + 0x24);
					 *((intOrPtr*)(_t86 - 0x20)) =  *((intOrPtr*)(_t80 + 0x28));
					 *((intOrPtr*)(_t86 - 0x1c)) =  *((intOrPtr*)(_t80 + 0x2c));
					LeaveCriticalSection(_t80);
					if(_t60 !=  *((intOrPtr*)(_t84 + 0x28)) ||  *(_t86 - 0x10) !=  *((intOrPtr*)(_t84 + 0x2c))) {
						E00409418(_t84, _t60,  *(_t86 - 0x10));
					}
					E0040948B(_t84,  *((intOrPtr*)(_t86 - 0x20)),  *((intOrPtr*)(_t86 - 0x1c))); // executed
					_t81 = 0;
					if((_t60 |  *(_t86 - 0x10)) == 0) {
						 *(_t86 - 0x10) = _t81;
						_t60 = 1;
					}
					_t61 = E00413B50(E00414260( *((intOrPtr*)(_t86 - 0x20)),  *((intOrPtr*)(_t86 - 0x1c)), 0x64, _t81), _t76, _t60,  *(_t86 - 0x10));
					if(_t61 !=  *((intOrPtr*)(_t84 + 0x34))) {
						asm("cdq");
						E004039D2(_t86 - 0xa4, _t76, _t47, _t76);
						E00401CB5(_t86 - 0x18, _t86 - 0xa4);
						 *(_t86 - 4) = _t81;
						E004048AB(_t86 - 0x18, _t76, L"% ");
						_push(_t84 + 0xc);
						_t54 = E00402635(_t86 - 0x24, _t86 - 0x18);
						 *(_t86 - 4) = 1;
						E00405EEB( *((intOrPtr*)(_t84 + 4)),  *_t54); // executed
						E00403A63( *((intOrPtr*)(_t86 - 0x24)));
						 *((intOrPtr*)(_t84 + 0x34)) = _t61;
						E00403A63( *((intOrPtr*)(_t86 - 0x18)));
					}
					_t48 = 1;
				} else {
					_t48 = 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t86 - 0xc));
				return _t48;
			}












                                                                                                                                                                    0x00409504
                                                                                                                                                                    0x00409509
                                                                                                                                                                    0x00409515
                                                                                                                                                                    0x00409518
                                                                                                                                                                    0x00409524
                                                                                                                                                                    0x00409530
                                                                                                                                                                    0x00409536
                                                                                                                                                                    0x0040953f
                                                                                                                                                                    0x00409542
                                                                                                                                                                    0x00409548
                                                                                                                                                                    0x0040954f
                                                                                                                                                                    0x00409552
                                                                                                                                                                    0x0040955b
                                                                                                                                                                    0x0040956b
                                                                                                                                                                    0x0040956b
                                                                                                                                                                    0x00409578
                                                                                                                                                                    0x00409584
                                                                                                                                                                    0x00409585
                                                                                                                                                                    0x00409589
                                                                                                                                                                    0x0040958c
                                                                                                                                                                    0x0040958c
                                                                                                                                                                    0x004095a6
                                                                                                                                                                    0x004095ab
                                                                                                                                                                    0x004095ad
                                                                                                                                                                    0x004095b6
                                                                                                                                                                    0x004095c5
                                                                                                                                                                    0x004095d2
                                                                                                                                                                    0x004095d5
                                                                                                                                                                    0x004095e0
                                                                                                                                                                    0x004095e4
                                                                                                                                                                    0x004095ee
                                                                                                                                                                    0x004095f2
                                                                                                                                                                    0x004095fa
                                                                                                                                                                    0x00409602
                                                                                                                                                                    0x00409605
                                                                                                                                                                    0x0040960b
                                                                                                                                                                    0x0040960c
                                                                                                                                                                    0x00409526
                                                                                                                                                                    0x00409526
                                                                                                                                                                    0x00409526
                                                                                                                                                                    0x00409614
                                                                                                                                                                    0x0040961c

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00409509
                                                                                                                                                                      • Part of subcall function 0040935A: EnterCriticalSection.KERNEL32(?,?,?,00409680), ref: 0040935F
                                                                                                                                                                      • Part of subcall function 0040935A: LeaveCriticalSection.KERNEL32(?,?,?,00409680), ref: 00409369
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00409536
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00409552
                                                                                                                                                                    • __aulldiv.LIBCMT ref: 004095A1
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$H_prolog__aulldiv
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3848147900-0
                                                                                                                                                                    • Opcode ID: 0dc058274b5b21d7d5fed58ce1fb7bb72df780bc2e9d524883bc901e9f385bc5
                                                                                                                                                                    • Instruction ID: 81a485ad15cb22f282f6c018201ee4179c2b1d1cd2674c5f201a60282c37c453
                                                                                                                                                                    • Opcode Fuzzy Hash: 0dc058274b5b21d7d5fed58ce1fb7bb72df780bc2e9d524883bc901e9f385bc5
                                                                                                                                                                    • Instruction Fuzzy Hash: C6315076A00215AFCB11EF65C8819EFBBB5FF88704F00442AE51673692D779AD41CB64
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00409374, Relevance: 6.0, APIs: 4, Instructions: 37windowtimeCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00409374(void* __ecx) {
				int _t20;
				void* _t32;

				_t32 = __ecx;
				 *(__ecx + 0x28) =  *(__ecx + 0x28) | 0xffffffff;
				 *(__ecx + 0x2c) =  *(__ecx + 0x2c) | 0xffffffff;
				 *(__ecx + 0x34) =  *(__ecx + 0x34) | 0xffffffff;
				 *((char*)(__ecx + 0x38)) = 1;
				E00413030(__ecx + 0x3c);
				 *((intOrPtr*)(_t32 + 0x30)) = GetDlgItem( *(__ecx + 4), 0x3e8);
				if( *(_t32 + 0x70) >= 0) {
					SendMessageA( *(_t32 + 4), 0x80, 1, LoadIconA( *0x423164,  *(_t32 + 0x70) & 0x0000ffff)); // executed
				}
				_t20 = SetTimer( *(_t32 + 4), 3, 0x64, 0); // executed
				 *(_t32 + 8) = _t20;
				E00405EEB( *(_t32 + 4),  *((intOrPtr*)(_t32 + 0xc))); // executed
				E0040970A(_t32);
				return 1;
			}





                                                                                                                                                                    0x00409375
                                                                                                                                                                    0x00409377
                                                                                                                                                                    0x0040937b
                                                                                                                                                                    0x0040937f
                                                                                                                                                                    0x00409386
                                                                                                                                                                    0x0040938a
                                                                                                                                                                    0x004093a1
                                                                                                                                                                    0x004093a4
                                                                                                                                                                    0x004093c2
                                                                                                                                                                    0x004093c2
                                                                                                                                                                    0x004093d1
                                                                                                                                                                    0x004093dd
                                                                                                                                                                    0x004093e0
                                                                                                                                                                    0x004093e7
                                                                                                                                                                    0x004093ef

                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00413030: SetEvent.KERNEL32(00000000,0040756D), ref: 00413033
                                                                                                                                                                    • GetDlgItem.USER32 ref: 00409397
                                                                                                                                                                    • LoadIconA.USER32(00000000), ref: 004093B1
                                                                                                                                                                    • SendMessageA.USER32(?,00000080,00000001,00000000), ref: 004093C2
                                                                                                                                                                    • SetTimer.USER32(?,00000003,00000064,00000000), ref: 004093D1
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: EventIconItemLoadMessageSendTimer
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2758541657-0
                                                                                                                                                                    • Opcode ID: d769fe10870f32a294fd153be024a6619bd887de4f13b6f89dce76f0222bd8a1
                                                                                                                                                                    • Instruction ID: 34d2fc59b34559bed7d893ef409eb69d6d7528a9cba69d030baf66432b50efa3
                                                                                                                                                                    • Opcode Fuzzy Hash: d769fe10870f32a294fd153be024a6619bd887de4f13b6f89dce76f0222bd8a1
                                                                                                                                                                    • Instruction Fuzzy Hash: 4D015A30100B00AFD3319F21DD5AB66BBA1FB04721F008A2DF5A7959F0CB75B942CB48
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004083AB, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 328COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 794 4083ab-4083c3 call 413724 797 4083c5-4083cb 794->797 798 4083cd-408400 call 4045d0 call 40218d 794->798 797->798 804 408402-408405 798->804 805 40844c-408464 call 403291 798->805 807 408409-40840d 804->807 812 408476-408480 805->812 813 408466-408474 call 40a528 805->813 809 408417-40841b 807->809 810 40840f-408411 807->810 811 408420-408422 809->811 814 408413-408415 810->814 815 40841d 810->815 811->805 818 408424-40844b call 401e4e call 401daf call 403a63 811->818 816 408482-408493 call 407d59 812->816 817 4084c3-4084c7 812->817 825 4084e5-4084eb 813->825 814->807 815->811 832 4084b4-4084b8 call 40a528 816->832 833 408495-4084b2 call 40447a 816->833 822 4084e3 817->822 823 4084c9-4084cd 817->823 818->805 822->825 828 4084d9-4084de call 40435e 823->828 829 4084cf-4084d4 823->829 830 4084f1-4084f6 825->830 831 4085ba-4085bc 825->831 828->822 835 4085bd-4085dc call 404320 call 403a63 * 2 829->835 837 4084f8-4084ff call 40647d 830->837 838 40850a-408534 call 4062e7 830->838 831->835 845 4084bd-4084c1 832->845 833->845 859 4085dd-4085eb 835->859 848 408502-408504 837->848 857 408536-40853a 838->857 858 40853c-40853f 838->858 845->816 845->817 848->838 852 4085ee-4085f0 848->852 852->835 860 4085ab-4085b4 857->860 861 408541-40854e 858->861 862 408557-408571 858->862 860->830 860->831 925 40854f call 40cf82 861->925 926 40854f call 40dd29 861->926 865 4085f2-4085fb 862->865 866 408573-408588 862->866 864 408552-408555 867 408590-408594 864->867 868 408603-408626 call 404320 call 403a63 * 2 865->868 869 4085fd-4085ff 865->869 866->867 879 40858a-40858c 866->879 870 408628-40862b 867->870 871 40859a-4085a3 867->871 868->859 869->868 872 408646-408665 870->872 873 40862d-408636 870->873 871->860 875 4085a5-4085a7 871->875 883 408667-40866f 872->883 884 40867f-4086a2 call 405cd6 call 4062e7 872->884 877 408638-40863a 873->877 878 40863e-408641 873->878 875->860 877->878 878->835 879->867 886 408671 883->886 887 408676-40867a call 401d50 883->887 895 408700-40870d call 407d59 884->895 896 4086a4-4086fe call 401cb5 * 2 call 407bd5 call 401daf call 403a63 * 3 884->896 886->887 887->884 901 408711-40873c call 407bd5 call 401daf call 403a63 895->901 902 40870f 895->902 916 40873d-408746 896->916 901->916 902->901 918 408748-40874a 916->918 919 40874e-408750 916->919 918->919 919->835 925->864 926->864
                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                    			E004083AB(intOrPtr* __ecx) {
				intOrPtr* _t153;
				signed int _t157;
				intOrPtr _t162;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t172;
				signed int _t178;
				signed int _t179;
				signed int _t185;
				void* _t187;
				signed int _t190;
				void* _t196;
				char* _t201;
				signed int _t203;
				signed int _t205;
				intOrPtr _t210;
				signed int _t220;
				signed int _t222;
				void* _t225;
				signed int _t231;
				intOrPtr _t257;
				intOrPtr _t278;
				signed int* _t289;
				signed int _t292;
				intOrPtr _t293;
				intOrPtr _t295;
				void* _t297;

				E00413724(E004198AC, _t297);
				_t289 = __ecx;
				_t292 = 0;
				_t153 =  *((intOrPtr*)(__ecx));
				if(_t153 != 0) {
					 *((intOrPtr*)( *_t153 + 8))(_t153);
					 *((intOrPtr*)(__ecx)) = 0;
				}
				 *(_t289 + 0x34) = _t292;
				 *( *(_t289 + 0x30)) = _t292;
				E004045D0(_t289 + 4);
				 *(_t297 - 4) = _t292;
				 *(_t297 - 0x20) = _t292;
				 *(_t297 - 0x1c) = _t292;
				 *(_t297 - 0x18) = _t292;
				E0040218D(_t297 - 0x20, 3);
				_t157 =  *(_t297 - 0x28);
				 *(_t297 - 4) = 1;
				if(_t157 == _t292) {
					L11:
					E00403291(_t297 - 0x68, 4);
					 *((intOrPtr*)(_t297 - 0x68)) = 0x41b380;
					__eflags =  *(_t297 + 0xc) - _t292;
					 *(_t297 - 4) = 3;
					if( *(_t297 + 0xc) < _t292) {
						_t231 =  *(_t297 + 8);
						 *(_t297 + 0xc) = _t292;
						__eflags =  *(_t231 + 0x10);
						if( *(_t231 + 0x10) <= 0) {
							L18:
							__eflags =  *(_t297 + 0x10);
							if( *(_t297 + 0x10) != 0) {
								L22:
								_t292 = 0;
								__eflags = 0;
								L23:
								__eflags =  *((intOrPtr*)(_t297 - 0x60)) - _t292;
								 *(_t297 + 0xc) = _t292;
								if( *((intOrPtr*)(_t297 - 0x60)) <= _t292) {
									L37:
									_t293 = 1;
									L38:
									 *(_t297 - 4) = 1;
									E00404320(_t297 - 0x68);
									E00403A63( *(_t297 - 0x20));
									E00403A63( *((intOrPtr*)(_t297 - 0x2c)));
									_t162 = _t293;
									L39:
									 *[fs:0x0] =  *((intOrPtr*)(_t297 - 0xc));
									return _t162;
								} else {
									goto L24;
								}
								do {
									L24:
									_t163 =  *(_t297 + 0x10);
									__eflags = _t163 - _t292;
									if(_t163 == _t292) {
										L26:
										 *(_t297 + 8) = _t292;
										 *(_t297 - 4) = 4;
										_t165 =  *( *((intOrPtr*)(_t297 - 0x5c)) +  *(_t297 + 0xc) * 4);
										 *(_t289 + 0x1c) = _t165;
										E004062E7(_t297 + 8,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t231 + 0x14)) + _t165 * 4)) + 4))());
										_t169 =  *(_t297 + 8);
										__eflags = _t169 - _t292;
										if(_t169 != _t292) {
											__eflags =  *(_t297 + 0x10) - _t292;
											if( *(_t297 + 0x10) == _t292) {
												 *(_t297 - 0x14) = _t292;
												 *(_t297 - 4) = 5;
												 *((intOrPtr*)( *_t169))(_t169, 0x41b200, _t297 - 0x14);
												_t171 =  *(_t297 - 0x14);
												__eflags = _t171 - _t292;
												if(_t171 == _t292) {
													_t172 =  *(_t297 + 8);
													 *(_t297 - 4) = 3;
													__eflags = _t172 - _t292;
													if(_t172 != _t292) {
														 *((intOrPtr*)( *_t172 + 8))(_t172);
													}
													 *(_t297 - 4) = 1;
													E00404320(_t297 - 0x68);
													E00403A63( *(_t297 - 0x20));
													E00403A63( *((intOrPtr*)(_t297 - 0x2c)));
													_t162 = 0x80004001;
													goto L39;
												}
												 *((intOrPtr*)(_t297 - 0x10)) =  *((intOrPtr*)( *_t171 + 0xc))(_t171,  *((intOrPtr*)(_t297 + 0x14)));
												_t178 =  *(_t297 - 0x14);
												__eflags = _t178 - _t292;
												 *(_t297 - 4) = 4;
												if(_t178 != _t292) {
													 *((intOrPtr*)( *_t178 + 8))(_t178);
												}
												L33:
												__eflags =  *((intOrPtr*)(_t297 - 0x10)) - 1;
												if( *((intOrPtr*)(_t297 - 0x10)) != 1) {
													__eflags =  *((intOrPtr*)(_t297 - 0x10)) - _t292;
													if( *((intOrPtr*)(_t297 - 0x10)) == _t292) {
														 *(_t297 - 0x54) = _t292;
														 *(_t297 - 0x52) = _t292;
														_t179 =  *(_t297 + 8);
														 *(_t297 - 4) = 6;
														 *((intOrPtr*)( *_t179 + 0x20))(_t179, 0x37, _t297 - 0x54);
														__eflags =  *(_t297 - 0x54) - _t292;
														if( *(_t297 - 0x54) != _t292) {
															__eflags =  *(_t297 - 0x54) - 8;
															_t201 =  *(_t297 - 0x4c);
															if( *(_t297 - 0x54) != 8) {
																_t201 = L"Unknown error";
															}
															E00401D50(_t289 + 0x30, _t201);
														}
														 *(_t297 - 4) = 4;
														E00405CD6(_t297 - 0x54);
														E004062E7(_t289,  *(_t297 + 8));
														_t295 =  *((intOrPtr*)( *((intOrPtr*)(_t231 + 0x14)) +  *(_t289 + 0x1c) * 4));
														__eflags =  *(_t295 + 0x20);
														if( *(_t295 + 0x20) != 0) {
															_t185 = E00407D59(_t295, _t297 - 0x20);
															__eflags = _t185;
															if(_t185 < 0) {
																_t185 = 0;
																__eflags = 0;
															}
															_t257 =  *((intOrPtr*)(_t295 + 0x24));
															_t143 =  *((intOrPtr*)(_t257 + _t185 * 4)) + 0xc; // 0xc
															_push( *((intOrPtr*)(_t257 + _t185 * 4)));
															_t187 = E00407BD5(_t297 - 0x50, _t297 - 0x2c);
															 *(_t297 - 4) = 0xa;
															E00401DAF(_t289 + 0x10, _t187);
															E00403A63( *((intOrPtr*)(_t297 - 0x50)));
														} else {
															E00401CB5(_t297 - 0x44, 0x423358);
															 *(_t297 - 4) = 7;
															E00401CB5(_t297 - 0x38, 0x423358);
															_push(_t297 - 0x44);
															_push(_t297 - 0x38);
															 *(_t297 - 4) = 8;
															_t196 = E00407BD5(_t297 - 0x50, _t297 - 0x2c);
															 *(_t297 - 4) = 9;
															E00401DAF(_t289 + 0x10, _t196);
															E00403A63( *((intOrPtr*)(_t297 - 0x50)));
															E00403A63( *((intOrPtr*)(_t297 - 0x38)));
															E00403A63( *((intOrPtr*)(_t297 - 0x44)));
														}
														_t190 =  *(_t297 + 8);
														 *(_t297 - 4) = 3;
														__eflags = _t190;
														if(_t190 != 0) {
															 *((intOrPtr*)( *_t190 + 8))(_t190);
														}
														_t293 = 0;
													} else {
														_t203 =  *(_t297 + 8);
														 *(_t297 - 4) = 3;
														__eflags = _t203 - _t292;
														if(_t203 != _t292) {
															 *((intOrPtr*)( *_t203 + 8))(_t203);
														}
														_t293 =  *((intOrPtr*)(_t297 - 0x10));
													}
													goto L38;
												}
												_t205 =  *(_t297 + 8);
												 *(_t297 - 4) = 3;
												__eflags = _t205 - _t292;
												if(_t205 != _t292) {
													 *((intOrPtr*)( *_t205 + 8))(_t205);
												}
												goto L36;
											}
											 *((intOrPtr*)(_t297 - 0x10)) =  *((intOrPtr*)( *_t169 + 0xc))(_t169,  *(_t297 + 0x10), 0x41b600,  *((intOrPtr*)(_t297 + 0x18)));
											goto L33;
										}
										 *(_t297 - 4) = 3;
										goto L36;
									}
									_t210 =  *((intOrPtr*)( *_t163 + 0x10))(_t163, _t292, _t292, _t292, _t292);
									__eflags = _t210 - _t292;
									if(_t210 != _t292) {
										_t293 = _t210;
										goto L38;
									}
									goto L26;
									L36:
									 *(_t297 + 0xc) =  *(_t297 + 0xc) + 1;
									__eflags =  *(_t297 + 0xc) -  *((intOrPtr*)(_t297 - 0x60));
								} while ( *(_t297 + 0xc) <  *((intOrPtr*)(_t297 - 0x60)));
								goto L37;
							}
							__eflags =  *(_t297 + 0xc) - 1;
							if( *(_t297 + 0xc) == 1) {
								E0040435E(_t297 - 0x68, 1);
								goto L22;
							}
							_t293 = 0x80004001;
							goto L38;
						} else {
							goto L14;
						}
						do {
							L14:
							__eflags = E00407D59( *((intOrPtr*)( *((intOrPtr*)(_t231 + 0x14)) + _t292 * 4)), _t297 - 0x20);
							if(__eflags < 0) {
								E0040A528(_t297 - 0x68, _t292);
							} else {
								 *(_t297 + 0xc) =  *(_t297 + 0xc) + 1;
								E0040447A(_t297 - 0x68, __eflags,  *(_t297 + 0xc));
								 *(( *(_t297 + 0xc) << 2) +  *((intOrPtr*)(_t297 - 0x5c))) = _t292;
								_t231 =  *(_t297 + 8);
							}
							_t292 = _t292 + 1;
							__eflags = _t292 -  *(_t231 + 0x10);
						} while (_t292 <  *(_t231 + 0x10));
						goto L18;
					}
					E0040A528(_t297 - 0x68,  *(_t297 + 0xc));
					_t231 =  *(_t297 + 8);
					goto L23;
				} else {
					_t278 =  *((intOrPtr*)(_t297 - 0x2c));
					_t220 = _t278 + _t157 * 2 - 2;
					while( *_t220 != 0x2e) {
						if(_t220 == _t278) {
							_t222 = _t220 | 0xffffffff;
							__eflags = _t222;
							L9:
							__eflags = _t222 - _t292;
							if(_t222 >= _t292) {
								__eflags = _t222 + 1;
								_t225 = E00401E4E(_t297 - 0x2c, _t297 - 0x44, _t222 + 1);
								 *(_t297 - 4) = 2;
								E00401DAF(_t297 - 0x20, _t225);
								 *(_t297 - 4) = 1;
								E00403A63( *((intOrPtr*)(_t297 - 0x44)));
							}
							goto L11;
						} else {
							_t220 = _t220;
							continue;
						}
					}
					_t222 = _t220 - _t278 >> 1;
					goto L9;
				}
			}
































                                                                                                                                                                    0x004083b0
                                                                                                                                                                    0x004083bb
                                                                                                                                                                    0x004083bd
                                                                                                                                                                    0x004083bf
                                                                                                                                                                    0x004083c3
                                                                                                                                                                    0x004083c8
                                                                                                                                                                    0x004083cb
                                                                                                                                                                    0x004083cb
                                                                                                                                                                    0x004083d0
                                                                                                                                                                    0x004083d9
                                                                                                                                                                    0x004083dc
                                                                                                                                                                    0x004083e6
                                                                                                                                                                    0x004083e9
                                                                                                                                                                    0x004083ec
                                                                                                                                                                    0x004083ef
                                                                                                                                                                    0x004083f2
                                                                                                                                                                    0x004083f7
                                                                                                                                                                    0x004083fa
                                                                                                                                                                    0x00408400
                                                                                                                                                                    0x0040844c
                                                                                                                                                                    0x00408451
                                                                                                                                                                    0x00408456
                                                                                                                                                                    0x0040845d
                                                                                                                                                                    0x00408460
                                                                                                                                                                    0x00408464
                                                                                                                                                                    0x00408476
                                                                                                                                                                    0x00408479
                                                                                                                                                                    0x0040847c
                                                                                                                                                                    0x00408480
                                                                                                                                                                    0x004084c3
                                                                                                                                                                    0x004084c3
                                                                                                                                                                    0x004084c7
                                                                                                                                                                    0x004084e3
                                                                                                                                                                    0x004084e3
                                                                                                                                                                    0x004084e3
                                                                                                                                                                    0x004084e5
                                                                                                                                                                    0x004084e5
                                                                                                                                                                    0x004084e8
                                                                                                                                                                    0x004084eb
                                                                                                                                                                    0x004085ba
                                                                                                                                                                    0x004085bc
                                                                                                                                                                    0x004085bd
                                                                                                                                                                    0x004085c0
                                                                                                                                                                    0x004085c4
                                                                                                                                                                    0x004085cc
                                                                                                                                                                    0x004085d4
                                                                                                                                                                    0x004085da
                                                                                                                                                                    0x004085dd
                                                                                                                                                                    0x004085e3
                                                                                                                                                                    0x004085eb
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004084f1
                                                                                                                                                                    0x004084f1
                                                                                                                                                                    0x004084f1
                                                                                                                                                                    0x004084f4
                                                                                                                                                                    0x004084f6
                                                                                                                                                                    0x0040850a
                                                                                                                                                                    0x0040850a
                                                                                                                                                                    0x00408513
                                                                                                                                                                    0x00408517
                                                                                                                                                                    0x0040851a
                                                                                                                                                                    0x0040852a
                                                                                                                                                                    0x0040852f
                                                                                                                                                                    0x00408532
                                                                                                                                                                    0x00408534
                                                                                                                                                                    0x0040853c
                                                                                                                                                                    0x0040853f
                                                                                                                                                                    0x00408557
                                                                                                                                                                    0x00408566
                                                                                                                                                                    0x0040856a
                                                                                                                                                                    0x0040856c
                                                                                                                                                                    0x0040856f
                                                                                                                                                                    0x00408571
                                                                                                                                                                    0x004085f2
                                                                                                                                                                    0x004085f5
                                                                                                                                                                    0x004085f9
                                                                                                                                                                    0x004085fb
                                                                                                                                                                    0x00408600
                                                                                                                                                                    0x00408600
                                                                                                                                                                    0x00408606
                                                                                                                                                                    0x0040860a
                                                                                                                                                                    0x00408612
                                                                                                                                                                    0x0040861a
                                                                                                                                                                    0x00408620
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408625
                                                                                                                                                                    0x0040857c
                                                                                                                                                                    0x0040857f
                                                                                                                                                                    0x00408582
                                                                                                                                                                    0x00408584
                                                                                                                                                                    0x00408588
                                                                                                                                                                    0x0040858d
                                                                                                                                                                    0x0040858d
                                                                                                                                                                    0x00408590
                                                                                                                                                                    0x00408590
                                                                                                                                                                    0x00408594
                                                                                                                                                                    0x00408628
                                                                                                                                                                    0x0040862b
                                                                                                                                                                    0x00408646
                                                                                                                                                                    0x0040864a
                                                                                                                                                                    0x0040864e
                                                                                                                                                                    0x0040865a
                                                                                                                                                                    0x0040865e
                                                                                                                                                                    0x00408661
                                                                                                                                                                    0x00408665
                                                                                                                                                                    0x00408667
                                                                                                                                                                    0x0040866c
                                                                                                                                                                    0x0040866f
                                                                                                                                                                    0x00408671
                                                                                                                                                                    0x00408671
                                                                                                                                                                    0x0040867a
                                                                                                                                                                    0x0040867a
                                                                                                                                                                    0x00408682
                                                                                                                                                                    0x00408686
                                                                                                                                                                    0x00408690
                                                                                                                                                                    0x0040869b
                                                                                                                                                                    0x0040869e
                                                                                                                                                                    0x004086a2
                                                                                                                                                                    0x00408706
                                                                                                                                                                    0x0040870b
                                                                                                                                                                    0x0040870d
                                                                                                                                                                    0x0040870f
                                                                                                                                                                    0x0040870f
                                                                                                                                                                    0x0040870f
                                                                                                                                                                    0x00408711
                                                                                                                                                                    0x0040871a
                                                                                                                                                                    0x0040871e
                                                                                                                                                                    0x00408722
                                                                                                                                                                    0x0040872b
                                                                                                                                                                    0x0040872f
                                                                                                                                                                    0x00408737
                                                                                                                                                                    0x004086a4
                                                                                                                                                                    0x004086ad
                                                                                                                                                                    0x004086b6
                                                                                                                                                                    0x004086ba
                                                                                                                                                                    0x004086c5
                                                                                                                                                                    0x004086c9
                                                                                                                                                                    0x004086cd
                                                                                                                                                                    0x004086d1
                                                                                                                                                                    0x004086da
                                                                                                                                                                    0x004086de
                                                                                                                                                                    0x004086e6
                                                                                                                                                                    0x004086ee
                                                                                                                                                                    0x004086f6
                                                                                                                                                                    0x004086fb
                                                                                                                                                                    0x0040873d
                                                                                                                                                                    0x00408740
                                                                                                                                                                    0x00408744
                                                                                                                                                                    0x00408746
                                                                                                                                                                    0x0040874b
                                                                                                                                                                    0x0040874b
                                                                                                                                                                    0x0040874e
                                                                                                                                                                    0x0040862d
                                                                                                                                                                    0x0040862d
                                                                                                                                                                    0x00408630
                                                                                                                                                                    0x00408634
                                                                                                                                                                    0x00408636
                                                                                                                                                                    0x0040863b
                                                                                                                                                                    0x0040863b
                                                                                                                                                                    0x0040863e
                                                                                                                                                                    0x0040863e
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040862b
                                                                                                                                                                    0x0040859a
                                                                                                                                                                    0x0040859d
                                                                                                                                                                    0x004085a1
                                                                                                                                                                    0x004085a3
                                                                                                                                                                    0x004085a8
                                                                                                                                                                    0x004085a8
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004085a3
                                                                                                                                                                    0x00408552
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408552
                                                                                                                                                                    0x00408536
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408536
                                                                                                                                                                    0x004084ff
                                                                                                                                                                    0x00408502
                                                                                                                                                                    0x00408504
                                                                                                                                                                    0x004085ee
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004085ee
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004085ab
                                                                                                                                                                    0x004085ab
                                                                                                                                                                    0x004085b1
                                                                                                                                                                    0x004085b1
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004084f1
                                                                                                                                                                    0x004084c9
                                                                                                                                                                    0x004084cd
                                                                                                                                                                    0x004084de
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004084de
                                                                                                                                                                    0x004084cf
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408482
                                                                                                                                                                    0x00408482
                                                                                                                                                                    0x00408491
                                                                                                                                                                    0x00408493
                                                                                                                                                                    0x004084b8
                                                                                                                                                                    0x00408495
                                                                                                                                                                    0x004084a1
                                                                                                                                                                    0x004084a4
                                                                                                                                                                    0x004084ac
                                                                                                                                                                    0x004084af
                                                                                                                                                                    0x004084af
                                                                                                                                                                    0x004084bd
                                                                                                                                                                    0x004084be
                                                                                                                                                                    0x004084be
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408482
                                                                                                                                                                    0x0040846c
                                                                                                                                                                    0x00408471
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408402
                                                                                                                                                                    0x00408402
                                                                                                                                                                    0x00408405
                                                                                                                                                                    0x00408409
                                                                                                                                                                    0x00408411
                                                                                                                                                                    0x0040841d
                                                                                                                                                                    0x0040841d
                                                                                                                                                                    0x00408420
                                                                                                                                                                    0x00408420
                                                                                                                                                                    0x00408422
                                                                                                                                                                    0x00408424
                                                                                                                                                                    0x0040842d
                                                                                                                                                                    0x00408436
                                                                                                                                                                    0x0040843a
                                                                                                                                                                    0x00408442
                                                                                                                                                                    0x00408446
                                                                                                                                                                    0x0040844b
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408413
                                                                                                                                                                    0x00408414
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408414
                                                                                                                                                                    0x00408411
                                                                                                                                                                    0x00408419
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408419

                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID: Unknown error$X3B
                                                                                                                                                                    • API String ID: 3519838083-1496835351
                                                                                                                                                                    • Opcode ID: 47f253f86f2cbe6f5ea7b7729e7e95f0c02779c145a6591478a86d185b5344b5
                                                                                                                                                                    • Instruction ID: 10ffca09dccd2053a4a89f972bfe6bbc607f2b880b0d523777cfa28ffc571443
                                                                                                                                                                    • Opcode Fuzzy Hash: 47f253f86f2cbe6f5ea7b7729e7e95f0c02779c145a6591478a86d185b5344b5
                                                                                                                                                                    • Instruction Fuzzy Hash: 89D16070900219EFCF05DFA4C984ADEBB74BF48304F14846EE846BB2D1DB78AA45CB95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00405620, Relevance: 4.6, APIs: 3, Instructions: 130COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 927 405620-40564a call 413724 call 405434 932 405653-40565f GetLastError 927->932 933 40564c-40564e 927->933 935 405661-405664 932->935 936 40566a-405672 932->936 934 405794-40579c call 405414 933->934 942 40579e-4057ac 934->942 935->936 937 405792 935->937 936->937 939 405678 936->939 937->934 941 40567a-405681 939->941 941->941 943 405683-405686 941->943 943->937 944 40568c-405692 943->944 944->937 945 405698-40569c 944->945 945->937 946 4056a2-4056ae call 403a6e 945->946 946->937 949 4056b4-4056d9 call 403a6e call 401cb5 946->949 954 4056e7-4056f6 call 401cb5 949->954 955 4056db-4056e1 949->955 961 405705-405720 call 401ded call 405434 954->961 962 4056f8-405700 call 401ded 954->962 955->954 956 405789-405791 call 403a63 955->956 956->937 968 405722-405734 call 403b11 961->968 969 405777-405788 SetLastError call 403a63 961->969 962->961 968->969 974 405736-405775 call 40222b call 401daf call 403a63 * 3 call 405414 968->974 969->956 974->942
                                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                                    			E00405620(intOrPtr __ecx, void* __eflags) {
				void* _t40;
				long _t41;
				signed int _t43;
				short* _t44;
				short _t51;
				short _t54;
				void* _t56;
				signed int _t66;
				intOrPtr _t68;
				signed int _t69;
				short _t72;
				void* _t88;
				short* _t92;
				intOrPtr _t94;
				void* _t95;
				short _t97;
				intOrPtr _t100;
				void* _t101;

				E00413724(E004194E8, _t101);
				 *(_t101 - 0x10) =  *(_t101 - 0x10) | 0xffffffff;
				 *((intOrPtr*)(_t101 - 0x14)) = __ecx;
				_t92 =  *((intOrPtr*)(_t101 + 8));
				 *(_t101 - 4) =  *(_t101 - 4) & 0x00000000;
				_t40 = E00405434(_t101 - 0x10, __eflags, _t92, __ecx); // executed
				if(_t40 == 0) {
					_t41 = GetLastError();
					__eflags = _t41 - 0x35;
					 *(_t101 - 0x18) = _t41;
					if(_t41 == 0x35) {
						L4:
						_t72 =  *_t92;
						_t97 = 0;
						__eflags = _t72;
						if(_t72 == 0) {
							goto L20;
						} else {
							_t44 = _t92;
							do {
								_t97 = _t97 + 1;
								_t44 = _t44 + 2;
								__eflags =  *_t44;
							} while ( *_t44 != 0);
							__eflags = _t97 - 2;
							if(_t97 <= 2) {
								goto L20;
							} else {
								_t88 = 0x5c;
								__eflags = _t72 - _t88;
								if(_t72 != _t88) {
									goto L20;
								} else {
									__eflags =  *((intOrPtr*)(_t92 + 2)) - _t88;
									if( *((intOrPtr*)(_t92 + 2)) != _t88) {
										goto L20;
									} else {
										_t68 = E00403A6E(_t92 + 4, _t88);
										__eflags = _t68;
										if(_t68 < 0) {
											goto L20;
										} else {
											_t69 = _t68 + 3;
											 *((intOrPtr*)(_t101 + 8)) = _t97 - _t69;
											_t100 = E00403A6E(_t92 + _t69 * 2, 0x5c);
											E00401CB5(_t101 - 0x30, _t92);
											__eflags = _t100;
											 *(_t101 - 4) = 1;
											if(_t100 < 0) {
												L13:
												E00401CB5(_t101 - 0x24, _t92);
												__eflags = _t100;
												 *(_t101 - 4) = 2;
												if(_t100 < 0) {
													_t100 =  *((intOrPtr*)(_t101 + 8));
													E00401DED(_t101 - 0x24, 0x5c);
												}
												E00401DED(_t101 - 0x24, 0x2a);
												_t94 =  *((intOrPtr*)(_t101 - 0x14));
												_t51 = E00405434(_t101 - 0x10, __eflags,  *((intOrPtr*)(_t101 - 0x24)), _t94);
												__eflags = _t51;
												if(_t51 == 0) {
													L18:
													SetLastError( *(_t101 - 0x18));
													E00403A63( *((intOrPtr*)(_t101 - 0x24)));
													goto L19;
												} else {
													_t95 = _t94 + 0x28;
													_t54 = E00403B11( *((intOrPtr*)(_t94 + 0x28)), 0x42045c);
													__eflags = _t54;
													if(_t54 != 0) {
														goto L18;
													} else {
														_push(_t100);
														_push(_t69);
														_push(_t101 - 0x3c);
														_t56 = E0040222B(_t101 - 0x24);
														 *(_t101 - 4) = 3;
														E00401DAF(_t95, _t56);
														E00403A63( *((intOrPtr*)(_t101 - 0x3c)));
														E00403A63( *((intOrPtr*)(_t101 - 0x24)));
														E00403A63( *((intOrPtr*)(_t101 - 0x30)));
														E00405414(_t101 - 0x10);
														_t43 = 1;
													}
												}
											} else {
												__eflags = _t100 -  *((intOrPtr*)(_t101 + 8)) - 1;
												if(_t100 !=  *((intOrPtr*)(_t101 + 8)) - 1) {
													L19:
													E00403A63( *((intOrPtr*)(_t101 - 0x30)));
													goto L20;
												} else {
													goto L13;
												}
											}
										}
									}
								}
							}
						}
					} else {
						__eflags = _t41 - 2;
						if(_t41 != 2) {
							L20:
							_t66 = 0;
							__eflags = 0;
							goto L21;
						} else {
							goto L4;
						}
					}
				} else {
					_t66 = 1;
					L21:
					E00405414(_t101 - 0x10);
					_t43 = _t66;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t101 - 0xc));
				return _t43;
			}





















                                                                                                                                                                    0x00405625
                                                                                                                                                                    0x0040562d
                                                                                                                                                                    0x00405634
                                                                                                                                                                    0x00405637
                                                                                                                                                                    0x0040563a
                                                                                                                                                                    0x00405643
                                                                                                                                                                    0x0040564a
                                                                                                                                                                    0x00405653
                                                                                                                                                                    0x00405659
                                                                                                                                                                    0x0040565c
                                                                                                                                                                    0x0040565f
                                                                                                                                                                    0x0040566a
                                                                                                                                                                    0x0040566a
                                                                                                                                                                    0x0040566d
                                                                                                                                                                    0x0040566f
                                                                                                                                                                    0x00405672
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00405678
                                                                                                                                                                    0x00405678
                                                                                                                                                                    0x0040567a
                                                                                                                                                                    0x0040567a
                                                                                                                                                                    0x0040567c
                                                                                                                                                                    0x0040567d
                                                                                                                                                                    0x0040567d
                                                                                                                                                                    0x00405683
                                                                                                                                                                    0x00405686
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040568c
                                                                                                                                                                    0x0040568e
                                                                                                                                                                    0x0040568f
                                                                                                                                                                    0x00405692
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00405698
                                                                                                                                                                    0x00405698
                                                                                                                                                                    0x0040569c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004056a2
                                                                                                                                                                    0x004056aa
                                                                                                                                                                    0x004056ac
                                                                                                                                                                    0x004056ae
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004056b4
                                                                                                                                                                    0x004056b4
                                                                                                                                                                    0x004056c0
                                                                                                                                                                    0x004056cc
                                                                                                                                                                    0x004056ce
                                                                                                                                                                    0x004056d3
                                                                                                                                                                    0x004056d5
                                                                                                                                                                    0x004056d9
                                                                                                                                                                    0x004056e7
                                                                                                                                                                    0x004056eb
                                                                                                                                                                    0x004056f0
                                                                                                                                                                    0x004056f2
                                                                                                                                                                    0x004056f6
                                                                                                                                                                    0x004056f8
                                                                                                                                                                    0x00405700
                                                                                                                                                                    0x00405700
                                                                                                                                                                    0x0040570a
                                                                                                                                                                    0x0040570f
                                                                                                                                                                    0x00405719
                                                                                                                                                                    0x0040571e
                                                                                                                                                                    0x00405720
                                                                                                                                                                    0x00405777
                                                                                                                                                                    0x0040577a
                                                                                                                                                                    0x00405783
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00405722
                                                                                                                                                                    0x00405725
                                                                                                                                                                    0x0040572d
                                                                                                                                                                    0x00405732
                                                                                                                                                                    0x00405734
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00405736
                                                                                                                                                                    0x00405736
                                                                                                                                                                    0x0040573a
                                                                                                                                                                    0x0040573b
                                                                                                                                                                    0x0040573f
                                                                                                                                                                    0x00405747
                                                                                                                                                                    0x0040574b
                                                                                                                                                                    0x00405753
                                                                                                                                                                    0x0040575b
                                                                                                                                                                    0x00405763
                                                                                                                                                                    0x0040576e
                                                                                                                                                                    0x00405773
                                                                                                                                                                    0x00405773
                                                                                                                                                                    0x00405734
                                                                                                                                                                    0x004056db
                                                                                                                                                                    0x004056df
                                                                                                                                                                    0x004056e1
                                                                                                                                                                    0x00405789
                                                                                                                                                                    0x0040578c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004056e1
                                                                                                                                                                    0x004056d9
                                                                                                                                                                    0x004056ae
                                                                                                                                                                    0x0040569c
                                                                                                                                                                    0x00405692
                                                                                                                                                                    0x00405686
                                                                                                                                                                    0x00405661
                                                                                                                                                                    0x00405661
                                                                                                                                                                    0x00405664
                                                                                                                                                                    0x00405792
                                                                                                                                                                    0x00405792
                                                                                                                                                                    0x00405792
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00405664
                                                                                                                                                                    0x0040564c
                                                                                                                                                                    0x0040564c
                                                                                                                                                                    0x00405794
                                                                                                                                                                    0x00405797
                                                                                                                                                                    0x0040579c
                                                                                                                                                                    0x0040579c
                                                                                                                                                                    0x004057a4
                                                                                                                                                                    0x004057ac

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00405625
                                                                                                                                                                      • Part of subcall function 00405434: FindFirstFileA.KERNEL32(?,?,000000FF), ref: 00405467
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000,?,00000001), ref: 00405653
                                                                                                                                                                      • Part of subcall function 00405414: FindClose.KERNELBASE(?,000000FF,00405445,000000FF), ref: 0040541F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Find$CloseErrorFileFirstH_prologLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 364955512-0
                                                                                                                                                                    • Opcode ID: e39f0d4d85096f3cd882782c1d04852b930387ce9b142e76bb949cb0f7f9728b
                                                                                                                                                                    • Instruction ID: 04b13d9487752735ca5a27f2fc382c225ef0a6c39b2ce108fc8834fd1c85259b
                                                                                                                                                                    • Opcode Fuzzy Hash: e39f0d4d85096f3cd882782c1d04852b930387ce9b142e76bb949cb0f7f9728b
                                                                                                                                                                    • Instruction Fuzzy Hash: F0418E36900519AACF14FBA5D942AEFBB75EF14308F10403AE412772E1DB795E41DEA8
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004060E5, Relevance: 4.6, APIs: 3, Instructions: 61COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E004060E5(long __ecx) {
				CHAR* _t26;
				int _t27;
				int _t29;
				void* _t31;
				void* _t52;
				intOrPtr _t57;

				E00413724(E00419584, _t52);
				_t57 =  *0x423168; // 0x1
				_t49 = __ecx;
				if(_t57 == 0) {
					 *(_t52 - 0x18) = 0;
					 *((intOrPtr*)(_t52 - 0x14)) = 0;
					 *((intOrPtr*)(_t52 - 0x10)) = 0;
					E0040245B(_t52 - 0x18, 3);
					_t26 =  *(_t52 + 8);
					 *((intOrPtr*)(_t52 - 4)) = 0;
					if((_t26 & 0xffff0000) != 0) {
						E00401CB5(_t52 - 0x24, _t26);
						 *((char*)(_t52 - 4)) = 1;
						_t31 = E00401A66();
						 *((char*)(_t52 - 4)) = 2;
						E00405F5D(_t52 - 0x18, _t31);
						E00403A63( *((intOrPtr*)(_t52 - 0x30)));
						E00403A63( *((intOrPtr*)(_t52 - 0x24)));
						_t26 =  *(_t52 - 0x18);
					}
					_t27 = DialogBoxParamA( *0x423164, _t26,  *(_t52 + 0xc), E0040606B, _t49);
					E00403A63( *(_t52 - 0x18));
					_t29 = _t27;
				} else {
					_t29 = DialogBoxParamW( *0x423164,  *(_t52 + 8),  *(_t52 + 0xc), E0040606B, __ecx); // executed
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t52 - 0xc));
				return _t29;
			}









                                                                                                                                                                    0x004060ea
                                                                                                                                                                    0x004060f5
                                                                                                                                                                    0x004060fc
                                                                                                                                                                    0x004060fe
                                                                                                                                                                    0x0040611f
                                                                                                                                                                    0x00406122
                                                                                                                                                                    0x00406125
                                                                                                                                                                    0x00406128
                                                                                                                                                                    0x0040612d
                                                                                                                                                                    0x00406130
                                                                                                                                                                    0x00406138
                                                                                                                                                                    0x0040613e
                                                                                                                                                                    0x00406149
                                                                                                                                                                    0x0040614d
                                                                                                                                                                    0x00406156
                                                                                                                                                                    0x0040615a
                                                                                                                                                                    0x00406162
                                                                                                                                                                    0x0040616a
                                                                                                                                                                    0x0040616f
                                                                                                                                                                    0x00406173
                                                                                                                                                                    0x00406184
                                                                                                                                                                    0x0040618f
                                                                                                                                                                    0x00406195
                                                                                                                                                                    0x00406100
                                                                                                                                                                    0x00406112
                                                                                                                                                                    0x00406112
                                                                                                                                                                    0x0040619c
                                                                                                                                                                    0x004061a4

                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DialogParam$H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2739952857-0
                                                                                                                                                                    • Opcode ID: 191137edc6d920c8208621a5736751153619fee05b7e1ffbcf34819dcd84d79d
                                                                                                                                                                    • Instruction ID: 2808b249a3055eceb7387f846a77b80eb730dba42929eb80a2947979fd3f5042
                                                                                                                                                                    • Opcode Fuzzy Hash: 191137edc6d920c8208621a5736751153619fee05b7e1ffbcf34819dcd84d79d
                                                                                                                                                                    • Instruction Fuzzy Hash: 21116075900205ABCB11EFA9DD969EEBF74EF04315F10403AF506B22E1CB794B50CB98
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00405EEB, Relevance: 4.5, APIs: 3, Instructions: 41COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1009 405eeb-405f05 call 413724 1012 405f16-405f4e call 401cb5 call 403d8e SetWindowTextA call 403a63 * 2 1009->1012 1013 405f07-405f14 SetWindowTextW 1009->1013 1014 405f4f-405f5c 1012->1014 1013->1014
                                                                                                                                                                    C-Code - Quality: 52%
                                                                                                                                                                    			E00405EEB(struct HWND__* __ecx, void* __edx) {
				int _t14;
				signed int _t17;
				signed int _t18;
				void* _t35;
				intOrPtr _t40;

				E00413724(E00419554, _t35);
				_t40 =  *0x423168; // 0x1
				if(_t40 == 0) {
					E00401CB5(_t35 - 0x18);
					 *((intOrPtr*)(_t35 - 4)) = 0;
					_t14 = SetWindowTextA(__ecx,  *(E00403D8E(_t35 - 0x24)));
					E00403A63( *((intOrPtr*)(_t35 - 0x24)));
					E00403A63( *((intOrPtr*)(_t35 - 0x18)));
					_t17 = 0 | _t14 != 0x00000000;
				} else {
					_t18 = SetWindowTextW(__ecx, ??); // executed
					asm("sbb eax, eax");
					_t17 =  ~( ~_t18);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t35 - 0xc));
				return _t17;
			}








                                                                                                                                                                    0x00405ef0
                                                                                                                                                                    0x00405efb
                                                                                                                                                                    0x00405f05
                                                                                                                                                                    0x00405f19
                                                                                                                                                                    0x00405f25
                                                                                                                                                                    0x00405f30
                                                                                                                                                                    0x00405f3e
                                                                                                                                                                    0x00405f46
                                                                                                                                                                    0x00405f4c
                                                                                                                                                                    0x00405f07
                                                                                                                                                                    0x00405f08
                                                                                                                                                                    0x00405f10
                                                                                                                                                                    0x00405f12
                                                                                                                                                                    0x00405f12
                                                                                                                                                                    0x00405f54
                                                                                                                                                                    0x00405f5c

                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: TextWindow$H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3018873321-0
                                                                                                                                                                    • Opcode ID: 8010a1b88299061ceb0c30b4647cb070b8812e1cdbca230e313dc76ba08b9a07
                                                                                                                                                                    • Instruction ID: a2eb8e2a8f64e5268eba20175de676c266ad93bd8d3b9a0bc9cc9e41b17c7c14
                                                                                                                                                                    • Opcode Fuzzy Hash: 8010a1b88299061ceb0c30b4647cb070b8812e1cdbca230e313dc76ba08b9a07
                                                                                                                                                                    • Instruction Fuzzy Hash: 01F08171A44016ABCB01EFB9D9919EEBB78EF04305B10417EE402B21E2DB394B45DE98
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00406F68, Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1023 406f68-406f9c call 413724 EnterCriticalSection call 40647d 1027 406f9e-406fac call 4063d0 1023->1027 1028 406faf-406fc7 LeaveCriticalSection 1023->1028 1027->1028
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00406F68(intOrPtr* __ecx) {
				intOrPtr* _t15;
				void* _t16;
				void* _t22;
				struct _CRITICAL_SECTION* _t23;
				void* _t25;
				intOrPtr* _t26;
				intOrPtr* _t29;
				void* _t30;

				E00413724(E00419650, _t30);
				_t26 = __ecx;
				_t23 = __ecx + 4;
				 *(_t30 - 0x10) = _t23;
				EnterCriticalSection(_t23);
				_t15 =  *_t26;
				 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
				_t16 =  *((intOrPtr*)( *_t15 + 0x10))(_t15,  *((intOrPtr*)(_t30 + 8)),  *((intOrPtr*)(_t30 + 0xc)), 0, 0, _t22, _t25, __ecx);
				if(_t16 == 0) {
					_t29 =  *_t26;
					_t16 =  *((intOrPtr*)( *_t29 + 0xc))(_t29,  *((intOrPtr*)(_t30 + 0x10)),  *((intOrPtr*)(_t30 + 0x14)),  *((intOrPtr*)(_t30 + 0x18)));
				}
				LeaveCriticalSection(_t23);
				 *[fs:0x0] =  *((intOrPtr*)(_t30 - 0xc));
				return _t16;
			}











                                                                                                                                                                    0x00406f6d
                                                                                                                                                                    0x00406f74
                                                                                                                                                                    0x00406f77
                                                                                                                                                                    0x00406f7b
                                                                                                                                                                    0x00406f7e
                                                                                                                                                                    0x00406f84
                                                                                                                                                                    0x00406f8a
                                                                                                                                                                    0x00406f97
                                                                                                                                                                    0x00406f9c
                                                                                                                                                                    0x00406fa1
                                                                                                                                                                    0x00406fac
                                                                                                                                                                    0x00406fac
                                                                                                                                                                    0x00406fb2
                                                                                                                                                                    0x00406fbf
                                                                                                                                                                    0x00406fc7

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00406F6D
                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000,?,?,?,00406FF7,?,?,?,?,?), ref: 00406F7E
                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00000000,?,?,?,00406FF7,?,?,?,?,?), ref: 00406FB2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterH_prologLeave
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 367238759-0
                                                                                                                                                                    • Opcode ID: 07f6c1fd103800f188fec5f91ab3bb47b81eb91ba650842d040f77beb3819d41
                                                                                                                                                                    • Instruction ID: 97c3a8bfcec3db19a0bb52fb413a425f8ec3aea0187b5ae5e4fa4e2c7e55e4ea
                                                                                                                                                                    • Opcode Fuzzy Hash: 07f6c1fd103800f188fec5f91ab3bb47b81eb91ba650842d040f77beb3819d41
                                                                                                                                                                    • Instruction Fuzzy Hash: 4C013C76A00214EFCB118F94DC08B9ABBB9FF48755F11886AFD16E7250C7B4A910DFA4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040280E, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 384COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1031 40280e-402831 call 413724 call 402d81 1036 402833-402838 1031->1036 1037 40283d-402844 1031->1037 1038 402cdb-402ce9 1036->1038 1039 402846-40284c 1037->1039 1040 40284f-40286f 1037->1040 1039->1040 1043 402871-402873 1040->1043 1044 402875-402890 call 40218d 1040->1044 1045 4028b5-4028c3 call 405cd6 1043->1045 1050 4028a0-4028a5 1044->1050 1051 402892-40289e call 401daf 1044->1051 1045->1038 1053 4028a7-4028b0 call 403a63 1050->1053 1054 4028c8-4028ce call 401d50 1050->1054 1058 4028d3-4028e2 call 401daf 1051->1058 1053->1045 1054->1058 1062 4028e8-402906 1058->1062 1063 402cbf-402cc2 1058->1063 1067 402908-40290a 1062->1067 1068 40290f-402913 1062->1068 1064 402cc4-402cd9 call 403a63 call 405cd6 1063->1064 1064->1038 1070 402b4b-402b6e call 405cd6 call 403a63 call 405cd6 1067->1070 1071 402915-402918 1068->1071 1072 40291a-40291f 1068->1072 1070->1038 1074 40292e-402943 1071->1074 1075 402921-402926 1072->1075 1076 40292b 1072->1076 1074->1067 1082 402945-402972 1074->1082 1075->1070 1076->1074 1087 402974-4029a3 call 405cd6 * 2 call 403a63 call 405cd6 1082->1087 1088 4029a8-4029ad 1082->1088 1087->1038 1089 4029b7-4029d7 call 405cd6 1088->1089 1090 4029af-4029b3 1088->1090 1089->1067 1100 4029dd-4029e3 1089->1100 1090->1089 1102 4029e5-4029e8 1100->1102 1103 4029fe-402a09 1100->1103 1102->1075 1106 4029ee-4029fc 1102->1106 1104 402a0c-402a31 call 402172 call 40452f 1103->1104 1111 402a33-402a3a 1104->1111 1112 402a3f-402a52 call 401d16 1104->1112 1106->1104 1113 402b32 1111->1113 1118 402a54-402a57 call 404351 1112->1118 1119 402a5c-402a5f 1112->1119 1115 402b37-402b46 call 404349 call 404320 1113->1115 1115->1070 1118->1119 1122 402a71-402a87 call 402635 1119->1122 1123 402a61-402a64 1119->1123 1129 402a89-402a9c call 401daf 1122->1129 1130 402acb-402ae3 call 401c9d call 405620 1122->1130 1123->1122 1126 402a66-402a6c call 4027a7 1123->1126 1126->1122 1136 402aa5-402aab call 404908 1129->1136 1137 402a9e-402aa3 call 4049af 1129->1137 1138 402ae8-402aea 1130->1138 1144 402ab0-402ac9 call 403a63 * 2 1136->1144 1137->1144 1141 402af0-402afa call 404c29 1138->1141 1142 402b73-402b76 1138->1142 1141->1142 1155 402afc-402b2e call 401d50 call 403a63 * 3 1141->1155 1147 402c6c-402cbd call 401daf call 403a63 * 3 call 404349 call 404320 call 405cd6 1142->1147 1148 402b7c-402b86 call 403a3d 1142->1148 1144->1115 1147->1064 1157 402b88-402b97 1148->1157 1158 402b99 1148->1158 1155->1113 1162 402b9b-402ba3 1157->1162 1158->1162 1165 402ba5-402ba7 1162->1165 1166 402bab-402bc8 call 405ae5 1162->1166 1165->1166 1175 402c55-402c67 call 4062e7 1166->1175 1176 402bce-402be5 call 401d50 1166->1176 1175->1147 1187 402be7-402be9 1176->1187 1188 402bed-402c50 call 403a63 * 3 call 404349 call 404320 call 405cd6 call 403a63 call 405cd6 1176->1188 1187->1188 1188->1038
                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                    			E0040280E() {
				intOrPtr* _t185;
				intOrPtr* _t186;
				signed int _t187;
				signed int _t195;
				intOrPtr* _t196;
				signed int _t197;
				intOrPtr _t198;
				intOrPtr* _t199;
				intOrPtr* _t204;
				intOrPtr* _t207;
				signed int _t208;
				signed int _t209;
				FILETIME* _t217;
				signed int _t226;
				signed int _t227;
				FILETIME* _t228;
				FILETIME* _t244;
				signed int _t270;
				intOrPtr _t289;
				WCHAR* _t315;
				signed int _t338;
				signed int _t340;
				signed int _t342;
				intOrPtr _t344;
				intOrPtr* _t346;
				signed int _t347;
				void* _t348;

				E00413724(E00418FEB, _t348);
				_t344 =  *((intOrPtr*)(_t348 + 8));
				if(E00402D81(_t344 + 0xa8) == 0) {
					_t185 =  *((intOrPtr*)(_t344 + 0x4c));
					_t270 = 0;
					__eflags = _t185;
					if(_t185 != 0) {
						 *((intOrPtr*)( *_t185 + 8))(_t185);
						 *((intOrPtr*)(_t344 + 0x4c)) = 0;
					}
					 *(_t348 - 0x58) = _t270;
					 *(_t348 - 0x56) = _t270;
					_t186 =  *((intOrPtr*)(_t344 + 0xc));
					_t338 =  *(_t348 + 0xc);
					 *(_t348 - 4) = _t270;
					_t187 =  *((intOrPtr*)( *_t186 + 0x18))(_t186, _t338, 3, _t348 - 0x58);
					__eflags = _t187 - _t270;
					if(_t187 == _t270) {
						 *(_t348 - 0x18) = _t270;
						 *(_t348 - 0x14) = _t270;
						 *(_t348 - 0x10) = _t270;
						E0040218D(_t348 - 0x18, 3);
						__eflags =  *(_t348 - 0x58) - _t270;
						 *(_t348 - 4) = 1;
						if( *(_t348 - 0x58) != _t270) {
							__eflags =  *(_t348 - 0x58) - 8;
							if( *(_t348 - 0x58) == 8) {
								E00401D50(_t348 - 0x18,  *((intOrPtr*)(_t348 - 0x50)));
								L12:
								E00401DAF(_t344 + 0x1c, _t348 - 0x18);
								__eflags =  *((intOrPtr*)(_t348 + 0x14)) - _t270;
								if( *((intOrPtr*)(_t348 + 0x14)) != _t270) {
									 *( *(_t348 + 0x10)) = _t270;
									L61:
									E00403A63( *(_t348 - 0x18));
									 *(_t348 - 4) =  *(_t348 - 4) | 0xffffffff;
									E00405CD6(_t348 - 0x58);
									_t195 = 0;
									__eflags = 0;
									goto L62;
								}
								 *(_t348 - 0x28) = _t270;
								 *(_t348 - 0x26) = _t270;
								_t196 =  *((intOrPtr*)(_t344 + 0xc));
								 *(_t348 - 4) = 2;
								_t197 =  *((intOrPtr*)( *_t196 + 0x18))(_t196, _t338, 9, _t348 - 0x28);
								__eflags = _t197 - _t270;
								if(_t197 == _t270) {
									__eflags =  *(_t348 - 0x28) - _t270;
									if( *(_t348 - 0x28) != _t270) {
										__eflags =  *(_t348 - 0x28) - 0x13;
										if( *(_t348 - 0x28) == 0x13) {
											_t198 =  *((intOrPtr*)(_t348 - 0x20));
											L20:
											 *((intOrPtr*)(_t344 + 0x44)) = _t198;
											_t199 =  *((intOrPtr*)(_t344 + 0xc));
											_t197 =  *((intOrPtr*)( *_t199 + 0x18))(_t199, _t338, 6, _t348 - 0x28);
											__eflags = _t197 - _t270;
											if(_t197 != _t270) {
												goto L14;
											}
											__eflags =  *((intOrPtr*)(_t348 - 0x20)) - _t270;
											 *(_t348 + 0xb) = _t270;
											 *(_t348 - 0x74) = _t270;
											 *(_t348 - 0x72) = _t270;
											 *((char*)(_t344 + 0x40)) = _t197 & 0xffffff00 |  *((intOrPtr*)(_t348 - 0x20)) != _t270;
											_t204 =  *((intOrPtr*)(_t344 + 0xc));
											 *(_t348 - 4) = 3;
											_t340 =  *((intOrPtr*)( *_t204 + 0x18))(_t204, _t338, 0x15, _t348 - 0x74);
											__eflags = _t340 - _t270;
											if(_t340 == _t270) {
												__eflags =  *(_t348 - 0x74) - 0xb;
												if( *(_t348 - 0x74) == 0xb) {
													__eflags =  *((intOrPtr*)(_t348 - 0x6c)) - _t270;
													_t66 = _t348 + 0xb;
													 *_t66 =  *((intOrPtr*)(_t348 - 0x6c)) != _t270;
													__eflags =  *_t66;
												}
												 *(_t348 - 4) = 2;
												E00405CD6(_t348 - 0x74);
												_t207 =  *((intOrPtr*)(_t344 + 0xc));
												_t197 =  *((intOrPtr*)( *_t207 + 0x18))(_t207,  *(_t348 + 0xc), 0xc, _t348 - 0x28);
												__eflags = _t197 - _t270;
												if(_t197 != _t270) {
													goto L14;
												} else {
													_t208 =  *(_t348 - 0x28) & 0x0000ffff;
													__eflags = _t208 - _t270;
													if(_t208 == _t270) {
														_t209 = _t344 + 0x38;
														 *(_t348 + 0xc) = _t209;
														 *_t209 =  *((intOrPtr*)(_t344 + 0x5c));
														_t289 =  *((intOrPtr*)(_t344 + 0x60));
														L30:
														 *((intOrPtr*)(_t209 + 4)) = _t289;
														E00402172(_t348 - 0x3c);
														_t341 = 0x41b378;
														 *((intOrPtr*)(_t348 - 0x3c)) = 0x41b378;
														 *(_t348 - 4) = 4;
														E0040452F(_t348 - 0x18, _t348 - 0x3c, __eflags);
														__eflags =  *((intOrPtr*)(_t348 - 0x34)) - _t270;
														if( *((intOrPtr*)(_t348 - 0x34)) != _t270) {
															E00401D16(_t348 - 0x64, _t348 - 0x18);
															__eflags =  *((intOrPtr*)(_t344 + 0x40)) - _t270;
															 *(_t348 - 4) = 6;
															if( *((intOrPtr*)(_t344 + 0x40)) == _t270) {
																E00404351(_t348 - 0x3c);
															}
															__eflags =  *((intOrPtr*)(_t348 - 0x34)) - _t270;
															if( *((intOrPtr*)(_t348 - 0x34)) != _t270) {
																__eflags =  *(_t348 + 0xb) - _t270;
																if( *(_t348 + 0xb) == _t270) {
																	_push(_t348 - 0x3c); // executed
																	E004027A7(_t344); // executed
																}
															}
															_push(_t348 - 0x64);
															E00402635(_t348 - 0x48, _t344 + 0x10);
															__eflags =  *((intOrPtr*)(_t344 + 0x40)) - _t270;
															 *(_t348 - 4) = 7;
															if( *((intOrPtr*)(_t344 + 0x40)) == _t270) {
																E00401C9D(_t348 - 0x84);
																 *(_t348 - 4) = 9;
																_t217 = E00405620(_t348 - 0xac, __eflags,  *((intOrPtr*)(_t348 - 0x48))); // executed
																__eflags = _t217;
																if(__eflags == 0) {
																	L48:
																	__eflags =  *(_t348 + 0xb) - _t270;
																	if( *(_t348 + 0xb) != _t270) {
																		L59:
																		E00401DAF(_t344 + 0x28, _t348 - 0x48);
																		E00403A63( *((intOrPtr*)(_t348 - 0x84)));
																		E00403A63( *((intOrPtr*)(_t348 - 0x48)));
																		E00403A63( *((intOrPtr*)(_t348 - 0x64)));
																		 *((intOrPtr*)(_t348 - 0x3c)) = _t341;
																		 *(_t348 - 4) = 0xd;
																		E00404349();
																		 *(_t348 - 4) = 2;
																		E00404320(_t348 - 0x3c);
																		 *(_t348 - 4) = 1;
																		E00405CD6(_t348 - 0x28);
																		goto L61;
																	}
																	_push(0x18);
																	_t226 = E00403A3D();
																	__eflags = _t226 - _t270;
																	if(_t226 == _t270) {
																		_t342 = 0;
																		__eflags = 0;
																	} else {
																		 *(_t226 + 4) = _t270;
																		 *(_t226 + 8) =  *(_t226 + 8) | 0xffffffff;
																		 *_t226 = 0x41b35c;
																		_t342 = _t226;
																	}
																	__eflags = _t342 - _t270;
																	 *(_t344 + 0x48) = _t342;
																	 *(_t348 + 0xc) = _t342;
																	if(_t342 != _t270) {
																		 *((intOrPtr*)( *_t342 + 4))(_t342);
																	}
																	_t227 =  *(_t344 + 0x48);
																	 *(_t227 + 0x10) = _t270;
																	 *(_t348 - 4) = 0xb;
																	 *(_t227 + 0x14) = _t270;
																	_t228 = E00405AE5( *((intOrPtr*)(_t348 - 0x48)), 1);
																	__eflags = _t228;
																	if(_t228 != 0) {
																		E004062E7(_t344 + 0x4c, _t342);
																		 *(_t348 - 4) = 9;
																		 *( *(_t348 + 0x10)) = _t342;
																		_t341 = 0x41b378;
																		goto L59;
																	} else {
																		E00401D50(_t344 + 0xe4,  *0x420284);
																		__eflags = _t342 - _t270;
																		 *(_t348 - 4) = 9;
																		if(_t342 != _t270) {
																			 *((intOrPtr*)( *_t342 + 8))(_t342);
																		}
																		E00403A63( *((intOrPtr*)(_t348 - 0x84)));
																		E00403A63( *((intOrPtr*)(_t348 - 0x48)));
																		E00403A63( *((intOrPtr*)(_t348 - 0x64)));
																		 *((intOrPtr*)(_t348 - 0x3c)) = 0x41b378;
																		 *(_t348 - 4) = 0xc;
																		E00404349();
																		 *(_t348 - 4) = 2;
																		E00404320(_t348 - 0x3c);
																		 *(_t348 - 4) = 1;
																		E00405CD6(_t348 - 0x28);
																		E00403A63( *(_t348 - 0x18));
																		 *(_t348 - 4) =  *(_t348 - 4) | 0xffffffff;
																		E00405CD6(_t348 - 0x58);
																		_t195 = 0x80004005;
																		goto L62;
																	}
																}
																_t244 = E00404C29( *((intOrPtr*)(_t348 - 0x48)), __eflags);
																__eflags = _t244;
																if(_t244 != 0) {
																	goto L48;
																}
																E00401D50(_t344 + 0xe4,  *0x420280);
																E00403A63( *((intOrPtr*)(_t348 - 0x84)));
																E00403A63( *((intOrPtr*)(_t348 - 0x48)));
																E00403A63( *((intOrPtr*)(_t348 - 0x64)));
																 *((intOrPtr*)(_t348 - 0x3c)) = _t341;
																 *(_t348 - 4) = 0xa;
																L45:
																_t270 = 0x80004005;
																goto L46;
															} else {
																_t346 = _t344 + 0x28;
																E00401DAF(_t346, _t348 - 0x48);
																__eflags =  *(_t348 + 0xb) - _t270;
																_t315 =  *_t346;
																if( *(_t348 + 0xb) == _t270) {
																	__eflags = 0;
																	E00404908(_t315, 0, _t270,  *(_t348 + 0xc));
																} else {
																	E004049AF(_t315);
																}
																E00403A63( *((intOrPtr*)(_t348 - 0x48)));
																E00403A63( *((intOrPtr*)(_t348 - 0x64)));
																 *((intOrPtr*)(_t348 - 0x3c)) = _t341;
																 *(_t348 - 4) = 8;
																L46:
																E00404349();
																 *(_t348 - 4) = 2;
																E00404320(_t348 - 0x3c);
																L47:
																 *(_t348 - 4) = 1;
																E00405CD6(_t348 - 0x28);
																E00403A63( *(_t348 - 0x18));
																 *(_t348 - 4) =  *(_t348 - 4) | 0xffffffff;
																E00405CD6(_t348 - 0x58);
																_t195 = _t270;
																goto L62;
															}
														}
														 *((intOrPtr*)(_t348 - 0x3c)) = 0x41b378;
														 *(_t348 - 4) = 5;
														goto L45;
													}
													__eflags = _t208 - 0x40;
													if(_t208 != 0x40) {
														goto L18;
													}
													_t209 = _t344 + 0x38;
													 *(_t348 + 0xc) = _t209;
													 *_t209 =  *((intOrPtr*)(_t348 - 0x20));
													_t289 =  *((intOrPtr*)(_t348 - 0x1c));
													goto L30;
												}
											}
											 *(_t348 - 4) = 2;
											E00405CD6(_t348 - 0x74);
											 *(_t348 - 4) = 1;
											E00405CD6(_t348 - 0x28);
											E00403A63( *(_t348 - 0x18));
											 *(_t348 - 4) =  *(_t348 - 4) | 0xffffffff;
											E00405CD6(_t348 - 0x58);
											_t195 = _t340;
											goto L62;
										}
										L18:
										_t270 = 0x80004005;
										goto L47;
									}
									_t198 =  *((intOrPtr*)(_t344 + 0x64));
									goto L20;
								}
								L14:
								_t270 = _t197;
								goto L47;
							}
							E00403A63( *(_t348 - 0x18));
							_t347 = 0x80004005;
							goto L10;
						}
						E00401DAF(_t348 - 0x18, _t344 + 0x50);
						goto L12;
					} else {
						_t347 = _t187;
						L10:
						 *(_t348 - 4) =  *(_t348 - 4) | 0xffffffff;
						E00405CD6(_t348 - 0x58);
						_t195 = _t347;
						L62:
						 *[fs:0x0] =  *((intOrPtr*)(_t348 - 0xc));
						return _t195;
					}
				}
				_t195 = 0x80004004;
				goto L62;
			}






























                                                                                                                                                                    0x00402813
                                                                                                                                                                    0x00402820
                                                                                                                                                                    0x00402831
                                                                                                                                                                    0x0040283d
                                                                                                                                                                    0x00402840
                                                                                                                                                                    0x00402842
                                                                                                                                                                    0x00402844
                                                                                                                                                                    0x00402849
                                                                                                                                                                    0x0040284c
                                                                                                                                                                    0x0040284c
                                                                                                                                                                    0x0040284f
                                                                                                                                                                    0x00402853
                                                                                                                                                                    0x00402857
                                                                                                                                                                    0x0040285a
                                                                                                                                                                    0x00402860
                                                                                                                                                                    0x0040286a
                                                                                                                                                                    0x0040286d
                                                                                                                                                                    0x0040286f
                                                                                                                                                                    0x0040287a
                                                                                                                                                                    0x0040287d
                                                                                                                                                                    0x00402880
                                                                                                                                                                    0x00402883
                                                                                                                                                                    0x00402888
                                                                                                                                                                    0x0040288c
                                                                                                                                                                    0x00402890
                                                                                                                                                                    0x004028a0
                                                                                                                                                                    0x004028a5
                                                                                                                                                                    0x004028ce
                                                                                                                                                                    0x004028d3
                                                                                                                                                                    0x004028da
                                                                                                                                                                    0x004028df
                                                                                                                                                                    0x004028e2
                                                                                                                                                                    0x00402cc2
                                                                                                                                                                    0x00402cc4
                                                                                                                                                                    0x00402cc7
                                                                                                                                                                    0x00402ccc
                                                                                                                                                                    0x00402cd4
                                                                                                                                                                    0x00402cd9
                                                                                                                                                                    0x00402cd9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00402cd9
                                                                                                                                                                    0x004028e8
                                                                                                                                                                    0x004028ec
                                                                                                                                                                    0x004028f0
                                                                                                                                                                    0x004028fd
                                                                                                                                                                    0x00402901
                                                                                                                                                                    0x00402904
                                                                                                                                                                    0x00402906
                                                                                                                                                                    0x0040290f
                                                                                                                                                                    0x00402913
                                                                                                                                                                    0x0040291a
                                                                                                                                                                    0x0040291f
                                                                                                                                                                    0x0040292b
                                                                                                                                                                    0x0040292e
                                                                                                                                                                    0x0040292e
                                                                                                                                                                    0x00402931
                                                                                                                                                                    0x0040293e
                                                                                                                                                                    0x00402941
                                                                                                                                                                    0x00402943
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00402945
                                                                                                                                                                    0x00402949
                                                                                                                                                                    0x0040294c
                                                                                                                                                                    0x00402950
                                                                                                                                                                    0x00402957
                                                                                                                                                                    0x0040295a
                                                                                                                                                                    0x00402967
                                                                                                                                                                    0x0040296e
                                                                                                                                                                    0x00402970
                                                                                                                                                                    0x00402972
                                                                                                                                                                    0x004029a8
                                                                                                                                                                    0x004029ad
                                                                                                                                                                    0x004029af
                                                                                                                                                                    0x004029b3
                                                                                                                                                                    0x004029b3
                                                                                                                                                                    0x004029b3
                                                                                                                                                                    0x004029b3
                                                                                                                                                                    0x004029ba
                                                                                                                                                                    0x004029be
                                                                                                                                                                    0x004029c3
                                                                                                                                                                    0x004029d2
                                                                                                                                                                    0x004029d5
                                                                                                                                                                    0x004029d7
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004029dd
                                                                                                                                                                    0x004029dd
                                                                                                                                                                    0x004029e1
                                                                                                                                                                    0x004029e3
                                                                                                                                                                    0x00402a01
                                                                                                                                                                    0x00402a04
                                                                                                                                                                    0x00402a07
                                                                                                                                                                    0x00402a09
                                                                                                                                                                    0x00402a0c
                                                                                                                                                                    0x00402a0c
                                                                                                                                                                    0x00402a12
                                                                                                                                                                    0x00402a17
                                                                                                                                                                    0x00402a1c
                                                                                                                                                                    0x00402a25
                                                                                                                                                                    0x00402a29
                                                                                                                                                                    0x00402a2e
                                                                                                                                                                    0x00402a31
                                                                                                                                                                    0x00402a46
                                                                                                                                                                    0x00402a4b
                                                                                                                                                                    0x00402a4e
                                                                                                                                                                    0x00402a52
                                                                                                                                                                    0x00402a57
                                                                                                                                                                    0x00402a57
                                                                                                                                                                    0x00402a5c
                                                                                                                                                                    0x00402a5f
                                                                                                                                                                    0x00402a61
                                                                                                                                                                    0x00402a64
                                                                                                                                                                    0x00402a6b
                                                                                                                                                                    0x00402a6c
                                                                                                                                                                    0x00402a6c
                                                                                                                                                                    0x00402a64
                                                                                                                                                                    0x00402a77
                                                                                                                                                                    0x00402a7b
                                                                                                                                                                    0x00402a80
                                                                                                                                                                    0x00402a83
                                                                                                                                                                    0x00402a87
                                                                                                                                                                    0x00402ad1
                                                                                                                                                                    0x00402adf
                                                                                                                                                                    0x00402ae3
                                                                                                                                                                    0x00402ae8
                                                                                                                                                                    0x00402aea
                                                                                                                                                                    0x00402b73
                                                                                                                                                                    0x00402b73
                                                                                                                                                                    0x00402b76
                                                                                                                                                                    0x00402c6c
                                                                                                                                                                    0x00402c73
                                                                                                                                                                    0x00402c7e
                                                                                                                                                                    0x00402c86
                                                                                                                                                                    0x00402c8e
                                                                                                                                                                    0x00402c96
                                                                                                                                                                    0x00402c9c
                                                                                                                                                                    0x00402ca0
                                                                                                                                                                    0x00402ca8
                                                                                                                                                                    0x00402cac
                                                                                                                                                                    0x00402cb4
                                                                                                                                                                    0x00402cb8
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00402cb8
                                                                                                                                                                    0x00402b7c
                                                                                                                                                                    0x00402b7e
                                                                                                                                                                    0x00402b83
                                                                                                                                                                    0x00402b86
                                                                                                                                                                    0x00402b99
                                                                                                                                                                    0x00402b99
                                                                                                                                                                    0x00402b88
                                                                                                                                                                    0x00402b88
                                                                                                                                                                    0x00402b8b
                                                                                                                                                                    0x00402b8f
                                                                                                                                                                    0x00402b95
                                                                                                                                                                    0x00402b95
                                                                                                                                                                    0x00402b9b
                                                                                                                                                                    0x00402b9d
                                                                                                                                                                    0x00402ba0
                                                                                                                                                                    0x00402ba3
                                                                                                                                                                    0x00402ba8
                                                                                                                                                                    0x00402ba8
                                                                                                                                                                    0x00402bae
                                                                                                                                                                    0x00402bb4
                                                                                                                                                                    0x00402bba
                                                                                                                                                                    0x00402bbe
                                                                                                                                                                    0x00402bc1
                                                                                                                                                                    0x00402bc6
                                                                                                                                                                    0x00402bc8
                                                                                                                                                                    0x00402c59
                                                                                                                                                                    0x00402c61
                                                                                                                                                                    0x00402c65
                                                                                                                                                                    0x00402c67
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00402bce
                                                                                                                                                                    0x00402bda
                                                                                                                                                                    0x00402bdf
                                                                                                                                                                    0x00402be1
                                                                                                                                                                    0x00402be5
                                                                                                                                                                    0x00402bea
                                                                                                                                                                    0x00402bea
                                                                                                                                                                    0x00402bf3
                                                                                                                                                                    0x00402bfb
                                                                                                                                                                    0x00402c03
                                                                                                                                                                    0x00402c0b
                                                                                                                                                                    0x00402c15
                                                                                                                                                                    0x00402c19
                                                                                                                                                                    0x00402c21
                                                                                                                                                                    0x00402c25
                                                                                                                                                                    0x00402c2d
                                                                                                                                                                    0x00402c31
                                                                                                                                                                    0x00402c39
                                                                                                                                                                    0x00402c3e
                                                                                                                                                                    0x00402c46
                                                                                                                                                                    0x00402c4b
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00402c4b
                                                                                                                                                                    0x00402bc8
                                                                                                                                                                    0x00402af3
                                                                                                                                                                    0x00402af8
                                                                                                                                                                    0x00402afa
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00402b08
                                                                                                                                                                    0x00402b13
                                                                                                                                                                    0x00402b1b
                                                                                                                                                                    0x00402b23
                                                                                                                                                                    0x00402b2b
                                                                                                                                                                    0x00402b2e
                                                                                                                                                                    0x00402b32
                                                                                                                                                                    0x00402b32
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00402a89
                                                                                                                                                                    0x00402a89
                                                                                                                                                                    0x00402a92
                                                                                                                                                                    0x00402a97
                                                                                                                                                                    0x00402a9a
                                                                                                                                                                    0x00402a9c
                                                                                                                                                                    0x00402aa8
                                                                                                                                                                    0x00402aab
                                                                                                                                                                    0x00402a9e
                                                                                                                                                                    0x00402a9e
                                                                                                                                                                    0x00402a9e
                                                                                                                                                                    0x00402ab3
                                                                                                                                                                    0x00402abb
                                                                                                                                                                    0x00402ac1
                                                                                                                                                                    0x00402ac5
                                                                                                                                                                    0x00402b37
                                                                                                                                                                    0x00402b3a
                                                                                                                                                                    0x00402b42
                                                                                                                                                                    0x00402b46
                                                                                                                                                                    0x00402b4b
                                                                                                                                                                    0x00402b4e
                                                                                                                                                                    0x00402b52
                                                                                                                                                                    0x00402b5a
                                                                                                                                                                    0x00402b5f
                                                                                                                                                                    0x00402b67
                                                                                                                                                                    0x00402b6c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00402b6c
                                                                                                                                                                    0x00402a87
                                                                                                                                                                    0x00402a33
                                                                                                                                                                    0x00402a36
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00402a36
                                                                                                                                                                    0x004029e5
                                                                                                                                                                    0x004029e8
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004029f1
                                                                                                                                                                    0x004029f4
                                                                                                                                                                    0x004029f7
                                                                                                                                                                    0x004029f9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004029f9
                                                                                                                                                                    0x004029d7
                                                                                                                                                                    0x00402977
                                                                                                                                                                    0x0040297b
                                                                                                                                                                    0x00402983
                                                                                                                                                                    0x00402987
                                                                                                                                                                    0x0040298f
                                                                                                                                                                    0x00402994
                                                                                                                                                                    0x0040299c
                                                                                                                                                                    0x004029a1
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004029a1
                                                                                                                                                                    0x00402921
                                                                                                                                                                    0x00402921
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00402921
                                                                                                                                                                    0x00402915
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00402915
                                                                                                                                                                    0x00402908
                                                                                                                                                                    0x00402908
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00402908
                                                                                                                                                                    0x004028aa
                                                                                                                                                                    0x004028b0
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004028b0
                                                                                                                                                                    0x00402899
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00402871
                                                                                                                                                                    0x00402871
                                                                                                                                                                    0x004028b5
                                                                                                                                                                    0x004028b5
                                                                                                                                                                    0x004028bc
                                                                                                                                                                    0x004028c1
                                                                                                                                                                    0x00402cdb
                                                                                                                                                                    0x00402ce1
                                                                                                                                                                    0x00402ce9
                                                                                                                                                                    0x00402ce9
                                                                                                                                                                    0x0040286f
                                                                                                                                                                    0x00402833
                                                                                                                                                                    0x00000000

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00402813
                                                                                                                                                                      • Part of subcall function 00402D81: EnterCriticalSection.KERNEL32(?,?,?,00409336), ref: 00402D86
                                                                                                                                                                      • Part of subcall function 00402D81: LeaveCriticalSection.KERNEL32(?,?,?,?,00409336), ref: 00402D90
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterH_prologLeave
                                                                                                                                                                    • String ID: .@
                                                                                                                                                                    • API String ID: 367238759-2582305824
                                                                                                                                                                    • Opcode ID: 8fa9e22be79ad84d6f04a92b5f18cb98b490ec71762145dbd7fbdab0deae62f2
                                                                                                                                                                    • Instruction ID: fb4838387da9abac6519c3a0e173b295c4de01f89ec6b6ed0d4ee3fc8d60aaac
                                                                                                                                                                    • Opcode Fuzzy Hash: 8fa9e22be79ad84d6f04a92b5f18cb98b490ec71762145dbd7fbdab0deae62f2
                                                                                                                                                                    • Instruction Fuzzy Hash: F3F1DF70900248DFCF14EFA5C985ADEBBB4AF54308F10807EE446B72E1DB785A85DB19
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004030FC, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1209 4030fc-403128 call 413724 call 401c9d call 405620 1216 403141-403146 1209->1216 1217 40312a-40313f call 401d50 1209->1217 1218 403150 1216->1218 1219 403148-40314e 1216->1219 1223 4031a2-4031aa call 403a63 1217->1223 1221 403153-403192 call 403291 call 408d5e call 404320 1218->1221 1219->1221 1234 403194-40319d call 401d50 1221->1234 1235 4031af-4031d1 call 401d16 call 405bad call 404a3e 1221->1235 1230 403281 1223->1230 1232 403282-403290 1230->1232 1234->1223 1243 403213-403268 call 401cb5 call 402686 call 403a63 1235->1243 1244 4031d3-403211 call 4092e6 call 401daf call 403a63 * 3 1235->1244 1266 40326a call 40bff7 1243->1266 1267 40326a call 40b98f 1243->1267 1244->1232 1258 40326d-403280 call 403a63 * 2 1258->1230 1266->1258 1267->1258
                                                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                                                    			E004030FC(intOrPtr* __ecx, void* __eflags) {
				void* _t63;
				intOrPtr _t64;
				intOrPtr _t68;
				intOrPtr _t73;
				intOrPtr* _t82;
				void* _t85;
				void* _t87;
				void* _t123;
				void* _t125;
				intOrPtr* _t128;
				void* _t130;
				void* _t136;

				_t136 = __eflags;
				E00413724(E00419080, _t130);
				_t128 = __ecx;
				E00401C9D(_t130 - 0x40);
				 *((intOrPtr*)(_t130 - 4)) = 0;
				_t63 = E00405620(_t130 - 0x68, _t136,  *((intOrPtr*)(__ecx + 4))); // executed
				if(_t63 != 0) {
					_t64 =  *((intOrPtr*)(__ecx + 0x1c));
					__eflags = _t64;
					if(_t64 == 0) {
						 *((intOrPtr*)(_t130 - 0x10)) = 0;
					} else {
						 *((intOrPtr*)(_t130 - 0x10)) = _t64 + 4;
					}
					E00403291(_t130 - 0x30, 4);
					 *((intOrPtr*)(_t130 - 0x30)) = 0x41b380;
					_push( *((intOrPtr*)(_t130 - 0x10)));
					_t125 = _t128 + 0x28;
					 *((char*)(_t130 - 4)) = 1;
					_push(_t128 + 4);
					_push(0);
					_push(0);
					_push(_t130 - 0x30);
					_push( *_t128); // executed
					_t68 = E00408D5E(_t125); // executed
					 *((intOrPtr*)(_t128 + 0x60)) = _t68;
					 *((char*)(_t130 - 4)) = 0;
					E00404320(_t130 - 0x30);
					__eflags =  *((intOrPtr*)(_t128 + 0x60));
					if( *((intOrPtr*)(_t128 + 0x60)) == 0) {
						E00401D16(_t130 - 0x1c, _t128 + 0x10);
						 *((char*)(_t130 - 4)) = 2;
						E00405BAD(_t130 - 0x1c);
						_t73 = E00404A3E( *((intOrPtr*)(_t130 - 0x1c))); // executed
						__eflags = _t73;
						if(__eflags != 0) {
							E00401CB5(_t130 - 0x28, L"Default");
							 *((char*)(_t130 - 4)) = 4;
							E00402686( *((intOrPtr*)(_t128 + 0x1c)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t125 + 0xc)) +  *(_t125 + 8) * 4 - 4)))), _t130 - 0x1c, _t130 - 0x28, _t130 - 0x50, 0);
							 *((char*)(_t130 - 4)) = 2;
							E00403A63( *((intOrPtr*)(_t130 - 0x28)));
							_t82 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t125 + 0xc)) +  *(_t125 + 8) * 4 - 4))));
							 *((intOrPtr*)(_t128 + 0x60)) =  *((intOrPtr*)( *_t82 + 0x1c))(_t82, 0, 0xffffffff, 0,  *((intOrPtr*)(_t128 + 0x20)));
							E00403A63( *((intOrPtr*)(_t130 - 0x1c)));
							_t85 = E00403A63( *((intOrPtr*)(_t130 - 0x40)));
							goto L11;
						} else {
							_push(_t130 - 0x1c);
							_t123 = 9;
							_t87 = E004092E6(_t130 - 0x28, _t123, __eflags);
							 *((char*)(_t130 - 4)) = 3;
							E00401DAF(_t128 + 0x64, _t87);
							E00403A63( *((intOrPtr*)(_t130 - 0x28)));
							 *((intOrPtr*)(_t128 + 0x60)) = 0x80004005;
							E00403A63( *((intOrPtr*)(_t130 - 0x1c)));
							_t85 = E00403A63( *((intOrPtr*)(_t130 - 0x40)));
						}
					} else {
						E00401D50(_t128 + 0x64,  *0x420324);
						goto L7;
					}
				} else {
					E00401D50(__ecx + 0x64,  *0x420320);
					 *((intOrPtr*)(__ecx + 0x60)) = 0x80004005;
					L7:
					_t85 = E00403A63( *((intOrPtr*)(_t130 - 0x40)));
					L11:
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t130 - 0xc));
				return _t85;
			}















                                                                                                                                                                    0x004030fc
                                                                                                                                                                    0x00403101
                                                                                                                                                                    0x0040310b
                                                                                                                                                                    0x00403111
                                                                                                                                                                    0x0040311e
                                                                                                                                                                    0x00403121
                                                                                                                                                                    0x00403128
                                                                                                                                                                    0x00403141
                                                                                                                                                                    0x00403144
                                                                                                                                                                    0x00403146
                                                                                                                                                                    0x00403150
                                                                                                                                                                    0x00403148
                                                                                                                                                                    0x0040314b
                                                                                                                                                                    0x0040314b
                                                                                                                                                                    0x00403158
                                                                                                                                                                    0x0040315d
                                                                                                                                                                    0x00403164
                                                                                                                                                                    0x0040316a
                                                                                                                                                                    0x0040316d
                                                                                                                                                                    0x00403171
                                                                                                                                                                    0x00403172
                                                                                                                                                                    0x00403176
                                                                                                                                                                    0x00403177
                                                                                                                                                                    0x0040317a
                                                                                                                                                                    0x0040317c
                                                                                                                                                                    0x00403184
                                                                                                                                                                    0x00403187
                                                                                                                                                                    0x0040318a
                                                                                                                                                                    0x0040318f
                                                                                                                                                                    0x00403192
                                                                                                                                                                    0x004031b6
                                                                                                                                                                    0x004031be
                                                                                                                                                                    0x004031c2
                                                                                                                                                                    0x004031ca
                                                                                                                                                                    0x004031cf
                                                                                                                                                                    0x004031d1
                                                                                                                                                                    0x0040321b
                                                                                                                                                                    0x00403227
                                                                                                                                                                    0x00403241
                                                                                                                                                                    0x00403249
                                                                                                                                                                    0x0040324d
                                                                                                                                                                    0x00403262
                                                                                                                                                                    0x00403270
                                                                                                                                                                    0x00403273
                                                                                                                                                                    0x0040327b
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004031d3
                                                                                                                                                                    0x004031d9
                                                                                                                                                                    0x004031dc
                                                                                                                                                                    0x004031dd
                                                                                                                                                                    0x004031e6
                                                                                                                                                                    0x004031ea
                                                                                                                                                                    0x004031f2
                                                                                                                                                                    0x004031fa
                                                                                                                                                                    0x00403201
                                                                                                                                                                    0x00403209
                                                                                                                                                                    0x0040320e
                                                                                                                                                                    0x00403194
                                                                                                                                                                    0x0040319d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040319d
                                                                                                                                                                    0x0040312a
                                                                                                                                                                    0x00403133
                                                                                                                                                                    0x00403138
                                                                                                                                                                    0x004031a2
                                                                                                                                                                    0x004031a5
                                                                                                                                                                    0x00403281
                                                                                                                                                                    0x00403281
                                                                                                                                                                    0x00403288
                                                                                                                                                                    0x00403290

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00403101
                                                                                                                                                                      • Part of subcall function 00405620: __EH_prolog.LIBCMT ref: 00405625
                                                                                                                                                                      • Part of subcall function 00404A3E: __EH_prolog.LIBCMT ref: 00404A43
                                                                                                                                                                      • Part of subcall function 004092E6: __EH_prolog.LIBCMT ref: 004092EB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID: Default
                                                                                                                                                                    • API String ID: 3519838083-753088835
                                                                                                                                                                    • Opcode ID: 98cac416fc26af901fbfb0baa5ee4ca217a1f9b97499c5ce8533e916382461a5
                                                                                                                                                                    • Instruction ID: 203c82e13c85383a660d5cb73dbb10af46e9aa8c77eacbcc0267a4e11568a844
                                                                                                                                                                    • Opcode Fuzzy Hash: 98cac416fc26af901fbfb0baa5ee4ca217a1f9b97499c5ce8533e916382461a5
                                                                                                                                                                    • Instruction Fuzzy Hash: E4514E75900209EFDB14EFA5D8819EEBBB8FF18308F00456EE556772D1DB38AA06CB14
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00404A3E, Relevance: 3.2, APIs: 2, Instructions: 166COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1268 404a3e-404a5f call 413724 call 401cb5 1273 404a61-404a64 1268->1273 1274 404aa8-404ab7 call 401d16 1268->1274 1276 404a68-404a6c 1273->1276 1280 404abb-404ac5 call 4049f4 1274->1280 1278 404a76-404a7a 1276->1278 1279 404a6e-404a70 1276->1279 1283 404a7f-404a81 1278->1283 1281 404a72-404a74 1279->1281 1282 404a7c 1279->1282 1290 404acb-404ad6 GetLastError 1280->1290 1291 404b9f-404ba6 call 401daf 1280->1291 1281->1276 1282->1283 1283->1274 1284 404a83-404a88 1283->1284 1284->1274 1286 404a8a-404a8d 1284->1286 1288 404a9d-404aa3 call 40240b 1286->1288 1289 404a8f-404a94 1286->1289 1288->1274 1289->1288 1293 404a96-404a98 1289->1293 1295 404b47-404b59 call 401c9d call 405620 1290->1295 1296 404ad8-404add 1290->1296 1297 404bab-404bae 1291->1297 1298 404c0e-404c14 call 403a63 1293->1298 1317 404b5e-404b60 1295->1317 1299 404c00 1296->1299 1300 404ae3-404ae6 1296->1300 1304 404bb0-404bc2 call 403a6e 1297->1304 1305 404c25-404c27 1297->1305 1320 404c15-404c24 1298->1320 1302 404c02-404c0d call 403a63 1299->1302 1307 404aea-404aee 1300->1307 1302->1298 1324 404bc4-404bca 1304->1324 1325 404bcc 1304->1325 1305->1302 1308 404af0-404af2 1307->1308 1309 404af8-404afc 1307->1309 1314 404af4-404af6 1308->1314 1315 404afe 1308->1315 1318 404b01-404b03 1309->1318 1314->1307 1315->1318 1321 404b62-404b64 1317->1321 1322 404b66-404b6e 1317->1322 1318->1299 1323 404b09 1318->1323 1326 404b72-404b8d call 403a63 * 3 1321->1326 1327 404b70 1322->1327 1328 404b92-404b9e call 403a63 1322->1328 1323->1299 1329 404b0f-404b15 1323->1329 1324->1325 1330 404bcf-404bfe call 401e6f call 4049f4 call 403a63 1324->1330 1325->1330 1326->1320 1327->1326 1328->1291 1329->1299 1332 404b1b-404b42 call 401e6f call 401daf call 403a63 1329->1332 1330->1297 1330->1299 1332->1280
                                                                                                                                                                    C-Code - Quality: 99%
                                                                                                                                                                    			E00404A3E(void* __ecx) {
				signed int _t66;
				signed int _t73;
				intOrPtr* _t75;
				signed char _t76;
				long _t78;
				signed int _t80;
				signed char _t82;
				intOrPtr _t87;
				void* _t89;
				signed int _t92;
				signed int _t94;
				signed int _t98;
				signed int _t105;
				signed int _t119;
				intOrPtr _t124;
				signed int _t127;
				signed int _t129;
				void* _t133;

				E00413724(E004193A8, _t133);
				E00401CB5(_t133 - 0x18, __ecx);
				_t105 =  *(_t133 - 0x14);
				 *(_t133 - 4) =  *(_t133 - 4) & 0x00000000;
				if(_t105 == 0) {
					L13:
					E00401D16(_t133 - 0x24, _t133 - 0x18);
					_t127 =  *(_t133 - 0x14);
					 *(_t133 - 4) = 1;
					while(1) {
						L14:
						_t66 = E004049F4( *((intOrPtr*)(_t133 - 0x18))); // executed
						__eflags = _t66;
						if(_t66 != 0) {
							break;
						}
						_t78 = GetLastError();
						__eflags = _t78 - 0xb7;
						if(_t78 == 0xb7) {
							E00401C9D(_t133 - 0x40);
							 *(_t133 - 4) = 2;
							_t80 = E00405620(_t133 - 0x68, __eflags,  *((intOrPtr*)(_t133 - 0x18))); // executed
							__eflags = _t80;
							if(_t80 != 0) {
								_t82 =  *(_t133 - 0x48) >> 4;
								__eflags = _t82 & 0x00000001;
								if((_t82 & 0x00000001) != 0) {
									 *(_t133 - 4) = 1;
									E00403A63( *((intOrPtr*)(_t133 - 0x40)));
									break;
								} else {
									_t98 = 0;
									__eflags = 0;
									goto L31;
								}
							} else {
								_t98 = 1;
								L31:
								E00403A63( *((intOrPtr*)(_t133 - 0x40)));
								E00403A63( *((intOrPtr*)(_t133 - 0x24)));
								E00403A63( *((intOrPtr*)(_t133 - 0x18)));
							}
						} else {
							_t119 =  *(_t133 - 0x14);
							__eflags = _t119;
							if(_t119 == 0) {
								L39:
								_t98 = 0;
								__eflags = 0;
								L40:
								E00403A63( *((intOrPtr*)(_t133 - 0x24)));
								_t124 =  *((intOrPtr*)(_t133 - 0x18));
								goto L41;
							} else {
								_t87 =  *((intOrPtr*)(_t133 - 0x18));
								_t129 = _t87 + _t119 * 2 - 2;
								while(1) {
									__eflags =  *_t129 - 0x5c;
									if( *_t129 == 0x5c) {
										break;
									}
									__eflags = _t129 - _t87;
									if(_t129 == _t87) {
										_t127 = _t129 | 0xffffffff;
										__eflags = _t127;
									} else {
										_t129 = _t129;
										continue;
									}
									L23:
									__eflags = _t127;
									if(__eflags < 0 || __eflags == 0) {
										goto L39;
									} else {
										__eflags =  *((short*)(_t87 + _t127 * 2 - 2)) - 0x3a;
										if( *((short*)(_t87 + _t127 * 2 - 2)) == 0x3a) {
											goto L39;
										} else {
											_t89 = E00401E6F(_t133 - 0x18, _t133 - 0x30, _t127);
											 *(_t133 - 4) = 3;
											E00401DAF(_t133 - 0x18, _t89);
											 *(_t133 - 4) = 1;
											E00403A63( *((intOrPtr*)(_t133 - 0x30)));
											goto L14;
										}
									}
									goto L42;
								}
								_t127 = _t129 - _t87 >> 1;
								goto L23;
							}
						}
						goto L42;
					}
					E00401DAF(_t133 - 0x18, _t133 - 0x24);
					while(1) {
						__eflags = _t127 -  *(_t133 - 0x14);
						if(_t127 >=  *(_t133 - 0x14)) {
							break;
						}
						_t73 = E00403A6E( *((intOrPtr*)(_t133 - 0x18)) + 2 + _t127 * 2, 0x5c);
						__eflags = _t73;
						if(_t73 < 0) {
							L37:
							_t127 =  *(_t133 - 0x14);
						} else {
							_t51 = _t127 + 1; // 0x1
							_t127 = _t73 + _t51;
							__eflags = _t127;
							if(_t127 < 0) {
								goto L37;
							}
						}
						_t75 = E00401E6F(_t133 - 0x18, _t133 - 0x30, _t127);
						 *(_t133 - 4) = 4;
						_t76 = E004049F4( *_t75);
						 *(_t133 - 4) = 1;
						asm("sbb bl, bl");
						E00403A63( *((intOrPtr*)(_t133 - 0x30)));
						__eflags =  ~_t76 + 1;
						if( ~_t76 + 1 == 0) {
							continue;
						} else {
							goto L39;
						}
						goto L40;
					}
					_t98 = 1;
					goto L40;
				} else {
					_t124 =  *((intOrPtr*)(_t133 - 0x18));
					_t92 = _t124 + _t105 * 2 - 2;
					while( *_t92 != 0x5c) {
						if(_t92 == _t124) {
							_t94 = _t92 | 0xffffffff;
							__eflags = _t94;
						} else {
							_t92 = _t92;
							continue;
						}
						L7:
						__eflags = _t94;
						if(_t94 <= 0) {
							goto L13;
						} else {
							_t9 = _t105 - 1; // 0x4149b3
							__eflags = _t94 - _t9;
							if(_t94 != _t9) {
								goto L13;
							} else {
								__eflags = _t105 - 3;
								if(_t105 != 3) {
									L12:
									E0040240B(_t133 - 0x18, _t94, 1);
									goto L13;
								} else {
									__eflags =  *((short*)(_t124 + 2)) - 0x3a;
									if( *((short*)(_t124 + 2)) != 0x3a) {
										goto L12;
									} else {
										_t98 = 1;
										L41:
										E00403A63(_t124);
									}
								}
							}
						}
						goto L42;
					}
					_t94 = _t92 - _t124 >> 1;
					goto L7;
				}
				L42:
				 *[fs:0x0] =  *((intOrPtr*)(_t133 - 0xc));
				return _t98;
			}





















                                                                                                                                                                    0x00404a43
                                                                                                                                                                    0x00404a51
                                                                                                                                                                    0x00404a56
                                                                                                                                                                    0x00404a59
                                                                                                                                                                    0x00404a5f
                                                                                                                                                                    0x00404aa8
                                                                                                                                                                    0x00404aaf
                                                                                                                                                                    0x00404ab4
                                                                                                                                                                    0x00404ab7
                                                                                                                                                                    0x00404abb
                                                                                                                                                                    0x00404abb
                                                                                                                                                                    0x00404abe
                                                                                                                                                                    0x00404ac3
                                                                                                                                                                    0x00404ac5
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404acb
                                                                                                                                                                    0x00404ad1
                                                                                                                                                                    0x00404ad6
                                                                                                                                                                    0x00404b4a
                                                                                                                                                                    0x00404b55
                                                                                                                                                                    0x00404b59
                                                                                                                                                                    0x00404b5e
                                                                                                                                                                    0x00404b60
                                                                                                                                                                    0x00404b69
                                                                                                                                                                    0x00404b6c
                                                                                                                                                                    0x00404b6e
                                                                                                                                                                    0x00404b95
                                                                                                                                                                    0x00404b99
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404b70
                                                                                                                                                                    0x00404b70
                                                                                                                                                                    0x00404b70
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404b70
                                                                                                                                                                    0x00404b62
                                                                                                                                                                    0x00404b62
                                                                                                                                                                    0x00404b72
                                                                                                                                                                    0x00404b75
                                                                                                                                                                    0x00404b7d
                                                                                                                                                                    0x00404b85
                                                                                                                                                                    0x00404b8a
                                                                                                                                                                    0x00404ad8
                                                                                                                                                                    0x00404ad8
                                                                                                                                                                    0x00404adb
                                                                                                                                                                    0x00404add
                                                                                                                                                                    0x00404c00
                                                                                                                                                                    0x00404c00
                                                                                                                                                                    0x00404c00
                                                                                                                                                                    0x00404c02
                                                                                                                                                                    0x00404c05
                                                                                                                                                                    0x00404c0a
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404ae3
                                                                                                                                                                    0x00404ae3
                                                                                                                                                                    0x00404ae6
                                                                                                                                                                    0x00404aea
                                                                                                                                                                    0x00404aea
                                                                                                                                                                    0x00404aee
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404af0
                                                                                                                                                                    0x00404af2
                                                                                                                                                                    0x00404afe
                                                                                                                                                                    0x00404afe
                                                                                                                                                                    0x00404af4
                                                                                                                                                                    0x00404af5
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404af5
                                                                                                                                                                    0x00404b01
                                                                                                                                                                    0x00404b01
                                                                                                                                                                    0x00404b03
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404b0f
                                                                                                                                                                    0x00404b0f
                                                                                                                                                                    0x00404b15
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404b1b
                                                                                                                                                                    0x00404b23
                                                                                                                                                                    0x00404b2c
                                                                                                                                                                    0x00404b30
                                                                                                                                                                    0x00404b35
                                                                                                                                                                    0x00404b3c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404b41
                                                                                                                                                                    0x00404b15
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404b03
                                                                                                                                                                    0x00404afa
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404afa
                                                                                                                                                                    0x00404add
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404ad6
                                                                                                                                                                    0x00404ba6
                                                                                                                                                                    0x00404bab
                                                                                                                                                                    0x00404bab
                                                                                                                                                                    0x00404bae
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404bbb
                                                                                                                                                                    0x00404bc0
                                                                                                                                                                    0x00404bc2
                                                                                                                                                                    0x00404bcc
                                                                                                                                                                    0x00404bcc
                                                                                                                                                                    0x00404bc4
                                                                                                                                                                    0x00404bc4
                                                                                                                                                                    0x00404bc4
                                                                                                                                                                    0x00404bc8
                                                                                                                                                                    0x00404bca
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404bca
                                                                                                                                                                    0x00404bd7
                                                                                                                                                                    0x00404bde
                                                                                                                                                                    0x00404be2
                                                                                                                                                                    0x00404be9
                                                                                                                                                                    0x00404bf2
                                                                                                                                                                    0x00404bf6
                                                                                                                                                                    0x00404bfb
                                                                                                                                                                    0x00404bfe
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404bfe
                                                                                                                                                                    0x00404c25
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404a61
                                                                                                                                                                    0x00404a61
                                                                                                                                                                    0x00404a64
                                                                                                                                                                    0x00404a68
                                                                                                                                                                    0x00404a70
                                                                                                                                                                    0x00404a7c
                                                                                                                                                                    0x00404a7c
                                                                                                                                                                    0x00404a72
                                                                                                                                                                    0x00404a73
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404a73
                                                                                                                                                                    0x00404a7f
                                                                                                                                                                    0x00404a7f
                                                                                                                                                                    0x00404a81
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404a83
                                                                                                                                                                    0x00404a83
                                                                                                                                                                    0x00404a86
                                                                                                                                                                    0x00404a88
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404a8a
                                                                                                                                                                    0x00404a8a
                                                                                                                                                                    0x00404a8d
                                                                                                                                                                    0x00404a9d
                                                                                                                                                                    0x00404aa3
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404a8f
                                                                                                                                                                    0x00404a8f
                                                                                                                                                                    0x00404a94
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404a96
                                                                                                                                                                    0x00404a96
                                                                                                                                                                    0x00404c0e
                                                                                                                                                                    0x00404c0f
                                                                                                                                                                    0x00404c14
                                                                                                                                                                    0x00404a94
                                                                                                                                                                    0x00404a8d
                                                                                                                                                                    0x00404a88
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404a81
                                                                                                                                                                    0x00404a78
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00404a78
                                                                                                                                                                    0x00404c15
                                                                                                                                                                    0x00404c1c
                                                                                                                                                                    0x00404c24

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00404A43
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000), ref: 00404ACB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorH_prologLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1057991267-0
                                                                                                                                                                    • Opcode ID: 016ab45682909d473dd50c7f4f3b14331f85b592f4dc772c0e00c4b2ad38c5e7
                                                                                                                                                                    • Instruction ID: 397979b183d08822f23b565ee303c4952bc02ec102e27be1c48eee89bea9c2ad
                                                                                                                                                                    • Opcode Fuzzy Hash: 016ab45682909d473dd50c7f4f3b14331f85b592f4dc772c0e00c4b2ad38c5e7
                                                                                                                                                                    • Instruction Fuzzy Hash: 1E5105719441099ACF10EBA5C942AFEBB75AF91308F11017FE602731E1DB3DAE46CB99
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00408755, Relevance: 3.1, APIs: 2, Instructions: 85COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1352 408755-408778 call 413724 1355 40877a-408784 call 403a3d 1352->1355 1356 40879e-4087a1 1352->1356 1364 408791 1355->1364 1365 408786-40878f 1355->1365 1358 4087a3-4087ad call 403a3d 1356->1358 1359 4087f6-408807 call 4083ab 1356->1359 1367 4087ce 1358->1367 1368 4087af-4087cc 1358->1368 1366 40880c-408816 1359->1366 1369 408793-40879c call 4062e7 1364->1369 1365->1369 1370 408818-40881a 1366->1370 1371 40881e-408827 1366->1371 1374 4087d0-4087e6 call 4062e7 call 405a0f 1367->1374 1368->1374 1369->1359 1370->1371 1372 408829-40882b 1371->1372 1373 40882f-40883f 1371->1373 1372->1373 1381 4087f0-4087f3 1374->1381 1382 4087e8-4087ee GetLastError 1374->1382 1381->1359 1382->1366
                                                                                                                                                                    C-Code - Quality: 47%
                                                                                                                                                                    			E00408755(intOrPtr* __ecx) {
				long _t34;
				intOrPtr* _t35;
				intOrPtr* _t36;
				intOrPtr* _t40;
				intOrPtr* _t44;
				intOrPtr* _t60;
				long _t63;
				intOrPtr* _t65;
				void* _t66;

				E00413724(E004198C8, _t66);
				_push(__ecx);
				_push(__ecx);
				_t60 = __ecx;
				 *((intOrPtr*)(_t66 - 0x14)) = 0;
				 *(_t66 - 4) = 0;
				 *((intOrPtr*)(_t66 - 0x10)) = 0;
				 *(_t66 - 4) = 1;
				if( *((intOrPtr*)(_t66 + 0x10)) == 0) {
					if( *((intOrPtr*)(_t66 + 0x14)) != 0) {
						goto L12;
					} else {
						_push(0x10);
						_t40 = E00403A3D();
						if(_t40 == 0) {
							_t65 = 0;
						} else {
							 *((intOrPtr*)(_t40 + 4)) = 0x41b5ec;
							 *((intOrPtr*)(_t40 + 8)) = 0;
							 *(_t40 + 0xc) =  *(_t40 + 0xc) | 0xffffffff;
							 *_t40 = 0x41b49c;
							 *((intOrPtr*)(_t40 + 4)) = 0x41b48c;
							_t65 = _t40;
						}
						E004062E7(_t66 - 0x14, _t65);
						if(E00405A0F( *((intOrPtr*)(_t60 + 4))) != 0) {
							 *((intOrPtr*)(_t66 + 0x14)) =  *((intOrPtr*)(_t66 - 0x14));
							goto L12;
						} else {
							_t34 = GetLastError();
						}
					}
				} else {
					_push(8);
					_t44 = E00403A3D();
					if(_t44 == 0) {
						_t44 = 0;
					} else {
						 *((intOrPtr*)(_t44 + 4)) = 0;
						 *_t44 = 0x41b608;
					}
					E004062E7(_t66 - 0x10, _t44);
					L12:
					_t34 = E004083AB(_t60,  *((intOrPtr*)(_t66 + 8)),  *((intOrPtr*)(_t66 + 0xc)),  *((intOrPtr*)(_t66 + 0x14)),  *((intOrPtr*)(_t66 - 0x10)),  *((intOrPtr*)(_t66 + 0x18))); // executed
				}
				_t63 = _t34;
				_t35 =  *((intOrPtr*)(_t66 - 0x10));
				 *(_t66 - 4) = 0;
				if(_t35 != 0) {
					 *((intOrPtr*)( *_t35 + 8))(_t35);
				}
				_t36 =  *((intOrPtr*)(_t66 - 0x14));
				 *(_t66 - 4) =  *(_t66 - 4) | 0xffffffff;
				if(_t36 != 0) {
					 *((intOrPtr*)( *_t36 + 8))(_t36);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t66 - 0xc));
				return _t63;
			}












                                                                                                                                                                    0x0040875a
                                                                                                                                                                    0x0040875f
                                                                                                                                                                    0x00408760
                                                                                                                                                                    0x00408766
                                                                                                                                                                    0x00408768
                                                                                                                                                                    0x0040876b
                                                                                                                                                                    0x0040876e
                                                                                                                                                                    0x00408774
                                                                                                                                                                    0x00408778
                                                                                                                                                                    0x004087a1
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004087a3
                                                                                                                                                                    0x004087a3
                                                                                                                                                                    0x004087a5
                                                                                                                                                                    0x004087ad
                                                                                                                                                                    0x004087ce
                                                                                                                                                                    0x004087af
                                                                                                                                                                    0x004087af
                                                                                                                                                                    0x004087b6
                                                                                                                                                                    0x004087b9
                                                                                                                                                                    0x004087bd
                                                                                                                                                                    0x004087c3
                                                                                                                                                                    0x004087ca
                                                                                                                                                                    0x004087ca
                                                                                                                                                                    0x004087d4
                                                                                                                                                                    0x004087e6
                                                                                                                                                                    0x004087f3
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004087e8
                                                                                                                                                                    0x004087e8
                                                                                                                                                                    0x004087e8
                                                                                                                                                                    0x004087e6
                                                                                                                                                                    0x0040877a
                                                                                                                                                                    0x0040877a
                                                                                                                                                                    0x0040877c
                                                                                                                                                                    0x00408784
                                                                                                                                                                    0x00408791
                                                                                                                                                                    0x00408786
                                                                                                                                                                    0x00408786
                                                                                                                                                                    0x00408789
                                                                                                                                                                    0x00408789
                                                                                                                                                                    0x00408797
                                                                                                                                                                    0x004087f6
                                                                                                                                                                    0x00408807
                                                                                                                                                                    0x00408807
                                                                                                                                                                    0x0040880c
                                                                                                                                                                    0x0040880e
                                                                                                                                                                    0x00408813
                                                                                                                                                                    0x00408816
                                                                                                                                                                    0x0040881b
                                                                                                                                                                    0x0040881b
                                                                                                                                                                    0x0040881e
                                                                                                                                                                    0x00408821
                                                                                                                                                                    0x00408827
                                                                                                                                                                    0x0040882c
                                                                                                                                                                    0x0040882c
                                                                                                                                                                    0x00408837
                                                                                                                                                                    0x0040883f

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040875A
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,00000000,?,?,0040893F,?,?,00000000,004149B4,?,?,?,00000000), ref: 004087E8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorH_prologLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1057991267-0
                                                                                                                                                                    • Opcode ID: 92c7889bff91ff3fffbde8b7c15bb877d45af5ababe25e906364ca0638d9baec
                                                                                                                                                                    • Instruction ID: 0128b321cd566d1ceb50e896689a501b942dab3b414a73cd3b5e456030195100
                                                                                                                                                                    • Opcode Fuzzy Hash: 92c7889bff91ff3fffbde8b7c15bb877d45af5ababe25e906364ca0638d9baec
                                                                                                                                                                    • Instruction Fuzzy Hash: EE317C719012499FCB10DF95CE849AEBBB0FF44314B24817FE496B7292CB388D40DB69
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0041468E, Relevance: 3.0, APIs: 2, Instructions: 45threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E0041468E(struct _SECURITY_ATTRIBUTES* _a4, long _a8, intOrPtr _a12, intOrPtr _a16, long _a20, DWORD* _a24) {
				void* _t18;
				long _t25;
				void* _t26;

				_t25 = 0;
				_t26 = E00416CCC(1, 0x74);
				if(_t26 == 0) {
					L3:
					E00413D6F(_t26);
					if(_t25 != 0) {
						E00416C47(_t25);
					}
					return 0;
				}
				E004152E0(_t26);
				 *(_t26 + 4) =  *(_t26 + 4) | 0xffffffff;
				 *((intOrPtr*)(_t26 + 0x48)) = _a12;
				 *((intOrPtr*)(_t26 + 0x4c)) = _a16;
				_t18 = CreateThread(_a4, _a8, E004146F9, _t26, _a20, _a24); // executed
				if(_t18 == 0) {
					_t25 = GetLastError();
					goto L3;
				}
				return _t18;
			}






                                                                                                                                                                    0x00414697
                                                                                                                                                                    0x0041469e
                                                                                                                                                                    0x004146a4
                                                                                                                                                                    0x004146e1
                                                                                                                                                                    0x004146e2
                                                                                                                                                                    0x004146ea
                                                                                                                                                                    0x004146ed
                                                                                                                                                                    0x004146f2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004146f3
                                                                                                                                                                    0x004146a7
                                                                                                                                                                    0x004146b3
                                                                                                                                                                    0x004146b7
                                                                                                                                                                    0x004146c0
                                                                                                                                                                    0x004146cf
                                                                                                                                                                    0x004146d7
                                                                                                                                                                    0x004146df
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004146df
                                                                                                                                                                    0x004146f8

                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00416CCC: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00416DC2
                                                                                                                                                                    • CreateThread.KERNELBASE ref: 004146CF
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00413009,00000000,00000000,004032CA,?,00000000,00000000,?,00402FAB,?,00000000,?), ref: 004146D9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocCreateErrorHeapLastThread
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3580101977-0
                                                                                                                                                                    • Opcode ID: 0374611688ca75c4551dea276e5d424cbadff3ac534dbe24837146ca9d20d13e
                                                                                                                                                                    • Instruction ID: 928dc59a5e1d7113ba94efa25a55b36d47ae035f635b84aed830f8a2a3c61c12
                                                                                                                                                                    • Opcode Fuzzy Hash: 0374611688ca75c4551dea276e5d424cbadff3ac534dbe24837146ca9d20d13e
                                                                                                                                                                    • Instruction Fuzzy Hash: D6F02D362006156BCB209F66EC019DB3BA5EF81375F10402EF958C2290DF3DC8914BAC
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00405892, Relevance: 3.0, APIs: 2, Instructions: 45fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00405892(void** __ecx, void* __eflags, WCHAR* _a4, long _a8, long _a12, long _a16, long _a20) {
				char _v16;
				void* __ebp;
				void* _t15;
				void* _t16;
				void** _t30;
				intOrPtr _t33;

				_t30 = __ecx;
				_t15 = E00405905(__ecx);
				if(_t15 != 0) {
					_t33 =  *0x423168; // 0x1
					if(_t33 != 0) {
						_t16 = CreateFileW(_a4, _a8, _a12, 0, _a16, _a20, 0); // executed
						 *_t30 = _t16;
					} else {
						 *_t30 = CreateFileA( *(E00403B85( &_v16, _a4)), _a8, _a12, 0, _a16, _a20, 0);
						E00403A63(_v16);
					}
					return 0 |  *_t30 != 0xffffffff;
				}
				return _t15;
			}









                                                                                                                                                                    0x00405899
                                                                                                                                                                    0x0040589b
                                                                                                                                                                    0x004058a2
                                                                                                                                                                    0x004058a7
                                                                                                                                                                    0x004058ad
                                                                                                                                                                    0x004058ef
                                                                                                                                                                    0x004058f5
                                                                                                                                                                    0x004058af
                                                                                                                                                                    0x004058d4
                                                                                                                                                                    0x004058d6
                                                                                                                                                                    0x004058db
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004058fd
                                                                                                                                                                    0x00405902

                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00405905: FindCloseChangeNotification.KERNELBASE(00000000,000000FF,004058A0,?,?,00000000), ref: 00405910
                                                                                                                                                                    • CreateFileW.KERNELBASE(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004058EF
                                                                                                                                                                      • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
                                                                                                                                                                    • CreateFileA.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004058CB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateFile$ChangeCloseFindH_prologNotification
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3273702577-0
                                                                                                                                                                    • Opcode ID: 34b674e9a04a5ff3e8c8923f5916708bcc46c4f31befc859c171c75614de22e6
                                                                                                                                                                    • Instruction ID: 7cb04d8d1853a58e30318ad4c29bda14cf4b58fee7e46fc4002fe1391b6e6e2b
                                                                                                                                                                    • Opcode Fuzzy Hash: 34b674e9a04a5ff3e8c8923f5916708bcc46c4f31befc859c171c75614de22e6
                                                                                                                                                                    • Instruction Fuzzy Hash: 4F01287240020AFFCF11AFA4DC45C9B7F6AEF08364B10853AF991661A1D73699A1EF94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00403086, Relevance: 3.0, APIs: 2, Instructions: 38COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00403086(void* __ecx) {
				intOrPtr* _t18;
				void* _t31;
				void* _t37;
				void* _t39;

				E00413724(E0041904C, _t39);
				_t37 = __ecx;
				_t3 = __ecx + 0x74; // 0xc
				E00401DAF(_t3,  *((intOrPtr*)(_t39 + 8)));
				E004060E5(__ecx + 0x68, 0x1f4, 0); // executed
				E00412FE0( *((intOrPtr*)( *((intOrPtr*)(_t39 + 0xc)))));
				_t31 = 0x45;
				_t18 = E00405ED1(_t31);
				 *(_t39 - 4) =  *(_t39 - 4) & 0x00000000;
				E00405EEB( *((intOrPtr*)(__ecx + 0x6c)),  *_t18);
				E00403A63( *((intOrPtr*)(_t39 - 0x18)));
				ShowWindow( *(_t37 + 0x6c), 1); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t39 - 0xc));
				return 0;
			}







                                                                                                                                                                    0x0040308b
                                                                                                                                                                    0x00403094
                                                                                                                                                                    0x0040309d
                                                                                                                                                                    0x004030a0
                                                                                                                                                                    0x004030ae
                                                                                                                                                                    0x004030b8
                                                                                                                                                                    0x004030c2
                                                                                                                                                                    0x004030c3
                                                                                                                                                                    0x004030cd
                                                                                                                                                                    0x004030d1
                                                                                                                                                                    0x004030d9
                                                                                                                                                                    0x004030e4
                                                                                                                                                                    0x004030f1
                                                                                                                                                                    0x004030f9

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040308B
                                                                                                                                                                      • Part of subcall function 004060E5: __EH_prolog.LIBCMT ref: 004060EA
                                                                                                                                                                      • Part of subcall function 004060E5: DialogBoxParamW.USER32 ref: 00406112
                                                                                                                                                                      • Part of subcall function 00412FE0: WaitForSingleObject.KERNEL32(?,000000FF,004030BD,000001F4,00000000,?,?,00000000,00000003,00000000,00000000), ref: 00412FE3
                                                                                                                                                                      • Part of subcall function 00405EEB: __EH_prolog.LIBCMT ref: 00405EF0
                                                                                                                                                                      • Part of subcall function 00405EEB: SetWindowTextW.USER32 ref: 00405F08
                                                                                                                                                                    • ShowWindow.USER32(004149B4,00000001,000001F4,00000000,?,?,00000000,00000003,00000000,00000000), ref: 004030E4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog$Window$DialogObjectParamShowSingleTextWait
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3020418697-0
                                                                                                                                                                    • Opcode ID: f333b893d7b0a7824a2d2ad9e61fc26d389cf77f91d199b6f29e72894e0ab082
                                                                                                                                                                    • Instruction ID: 8eca8b59faf02432e7bec62545a0d37b36fcc82a8f60ea0d68fa8b76f20e6253
                                                                                                                                                                    • Opcode Fuzzy Hash: f333b893d7b0a7824a2d2ad9e61fc26d389cf77f91d199b6f29e72894e0ab082
                                                                                                                                                                    • Instruction Fuzzy Hash: B5014B31600605AFCB15EB25D852BAEBB61EB44318F00842EE4426A2E1CBB8AA55CA84
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00404965, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00404965(WCHAR* __ecx, long __edx) {
				char _v16;
				void* __ebp;
				int _t8;
				int _t18;

				if( *0x423168 != 0) {
					SetFileAttributesW(__ecx, __edx); // executed
				} else {
					_t8 = SetFileAttributesA( *(E00403B85( &_v16, __ecx)), __edx);
					E00403A63(_v16);
					_t18 = _t8;
				}
				if(_t18 == 0) {
					return 0;
				} else {
					return 1;
				}
			}







                                                                                                                                                                    0x00404975
                                                                                                                                                                    0x0040499c
                                                                                                                                                                    0x00404977
                                                                                                                                                                    0x00404985
                                                                                                                                                                    0x00404990
                                                                                                                                                                    0x00404996
                                                                                                                                                                    0x00404996
                                                                                                                                                                    0x004049a4
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004049a6
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004049a6

                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFileAttributesW.KERNELBASE(?,00000000,?,00000003,?,00000000), ref: 0040499C
                                                                                                                                                                      • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
                                                                                                                                                                    • SetFileAttributesA.KERNEL32(?,00000000,?,00000003,?,00000000), ref: 00404985
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AttributesFile$H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3790360811-0
                                                                                                                                                                    • Opcode ID: 5366c93646a32060bc4a1fe11ea500c12b8b92d1211a98e2b8e7846322785de3
                                                                                                                                                                    • Instruction ID: f078d443d6654451da1bdd33dee3a4941b810ca2709c1c0422ffd448cadfd8b3
                                                                                                                                                                    • Opcode Fuzzy Hash: 5366c93646a32060bc4a1fe11ea500c12b8b92d1211a98e2b8e7846322785de3
                                                                                                                                                                    • Instruction Fuzzy Hash: 12E0E5B19002106BCB302B749C08AD73F6CCB82314B108177E816B72D0DA388E06C6D9
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004049F4, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E004049F4(WCHAR* __ecx) {
				char _v16;
				void* __ebp;
				int _t8;
				int _t18;

				if( *0x423168 != 0) {
					CreateDirectoryW(__ecx, 0); // executed
				} else {
					_t8 = CreateDirectoryA( *(E00403B85( &_v16, __ecx)), 0);
					E00403A63(_v16);
					_t18 = _t8;
				}
				if(_t18 == 0) {
					return 0;
				} else {
					return 1;
				}
			}







                                                                                                                                                                    0x00404a01
                                                                                                                                                                    0x00404a2c
                                                                                                                                                                    0x00404a03
                                                                                                                                                                    0x00404a13
                                                                                                                                                                    0x00404a1e
                                                                                                                                                                    0x00404a24
                                                                                                                                                                    0x00404a26
                                                                                                                                                                    0x00404a34
                                                                                                                                                                    0x00404a3d
                                                                                                                                                                    0x00404a36
                                                                                                                                                                    0x00404a39
                                                                                                                                                                    0x00404a39

                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A2C
                                                                                                                                                                      • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A13
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateDirectory$H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2325068607-0
                                                                                                                                                                    • Opcode ID: a1e0d02f5bfc64bfc09281de4819c2c8931d1b3daee1640bd6a36795e0d5f738
                                                                                                                                                                    • Instruction ID: e8b418caba4fa0c83fd0f6cce2293bab18ef6c4fa53c548cc4c0ebfda5fe1645
                                                                                                                                                                    • Opcode Fuzzy Hash: a1e0d02f5bfc64bfc09281de4819c2c8931d1b3daee1640bd6a36795e0d5f738
                                                                                                                                                                    • Instruction Fuzzy Hash: 3CE0E570B002006BDB206B64AC05B977B68CB41709F104176E902F71D0DA78DE01DA9C
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004157C8, Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E004157C8(void* __ecx, intOrPtr _a4) {
				void* _t6;
				intOrPtr _t8;
				void* _t9;
				void* _t10;
				void* _t12;

				_t12 = __ecx;
				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				_t15 = _t6;
				 *0x425a54 = _t6;
				if(_t6 == 0) {
					L7:
					return 0;
				} else {
					_t8 = E00415680(_t12, _t15);
					 *0x425a58 = _t8;
					if(_t8 != 3) {
						__eflags = _t8 - 2;
						if(_t8 != 2) {
							goto L8;
						} else {
							_t10 = E0041636C();
							goto L5;
						}
					} else {
						_t10 = E00415825(0x3f8);
						L5:
						if(_t10 != 0) {
							L8:
							_t9 = 1;
							return _t9;
						} else {
							HeapDestroy( *0x425a54);
							goto L7;
						}
					}
				}
			}








                                                                                                                                                                    0x004157c8
                                                                                                                                                                    0x004157d9
                                                                                                                                                                    0x004157df
                                                                                                                                                                    0x004157e1
                                                                                                                                                                    0x004157e6
                                                                                                                                                                    0x0041581e
                                                                                                                                                                    0x00415820
                                                                                                                                                                    0x004157e8
                                                                                                                                                                    0x004157e8
                                                                                                                                                                    0x004157f0
                                                                                                                                                                    0x004157f5
                                                                                                                                                                    0x00415804
                                                                                                                                                                    0x00415807
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00415809
                                                                                                                                                                    0x00415809
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00415809
                                                                                                                                                                    0x004157f7
                                                                                                                                                                    0x004157fc
                                                                                                                                                                    0x0041580e
                                                                                                                                                                    0x00415810
                                                                                                                                                                    0x00415821
                                                                                                                                                                    0x00415823
                                                                                                                                                                    0x00415824
                                                                                                                                                                    0x00415812
                                                                                                                                                                    0x00415818
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00415818
                                                                                                                                                                    0x00415810
                                                                                                                                                                    0x004157f5

                                                                                                                                                                    APIs
                                                                                                                                                                    • HeapCreate.KERNELBASE(00000000,00001000,00000000,00414932,00000001), ref: 004157D9
                                                                                                                                                                      • Part of subcall function 00415680: GetVersionExA.KERNEL32 ref: 0041569F
                                                                                                                                                                    • HeapDestroy.KERNEL32 ref: 00415818
                                                                                                                                                                      • Part of subcall function 00415825: HeapAlloc.KERNEL32(00000000,00000140,00415801,000003F8), ref: 00415832
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocCreateDestroyVersion
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2507506473-0
                                                                                                                                                                    • Opcode ID: 0d18dfc85a1640e6673d81f03e6c6359104a03ea7de3319d0e450716895a192f
                                                                                                                                                                    • Instruction ID: ed3d0d0d9fb025b00032fbfed5580f0a7fafafb3549905f7ec75d8b7e0a93aa3
                                                                                                                                                                    • Opcode Fuzzy Hash: 0d18dfc85a1640e6673d81f03e6c6359104a03ea7de3319d0e450716895a192f
                                                                                                                                                                    • Instruction Fuzzy Hash: 6CF06530A54B01EEDF207B706C867EA2B90EB84795F60483BF401D81A0EB7884D1D659
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00405970, Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                                                    			E00405970(void** __ecx, long _a4, long _a8, long _a12, long* _a16) {
				long _v8;
				long _v12;
				long _t12;
				long _t13;
				long* _t14;

				_push(__ecx);
				_push(__ecx);
				_t12 = _a4;
				_v8 = _a8;
				_v12 = _t12;
				_t13 = SetFilePointer( *__ecx, _t12,  &_v8, _a12); // executed
				_v12 = _t13;
				if(_t13 != 0xffffffff || GetLastError() == 0) {
					_t14 = _a16;
					 *_t14 = _v12;
					_t14[1] = _v8;
					return 1;
				} else {
					return 0;
				}
			}








                                                                                                                                                                    0x00405973
                                                                                                                                                                    0x00405974
                                                                                                                                                                    0x0040597b
                                                                                                                                                                    0x0040597e
                                                                                                                                                                    0x00405984
                                                                                                                                                                    0x0040598b
                                                                                                                                                                    0x00405994
                                                                                                                                                                    0x00405997
                                                                                                                                                                    0x004059a7
                                                                                                                                                                    0x004059ad
                                                                                                                                                                    0x004059b2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004059a3
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004059a3

                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFilePointer.KERNELBASE(?,?,?,?), ref: 0040598B
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 00405999
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                                    • Opcode ID: 4eb004f5f0e538f15da8fb4a4b1192dc0e26d9ca4b62000b247bbe798b79ae76
                                                                                                                                                                    • Instruction ID: b27308c8a3af6e3091502473baf333c9532b4c6e1f366657fcb3ad1a7c3590d9
                                                                                                                                                                    • Opcode Fuzzy Hash: 4eb004f5f0e538f15da8fb4a4b1192dc0e26d9ca4b62000b247bbe798b79ae76
                                                                                                                                                                    • Instruction Fuzzy Hash: 93F0B7B4500208EFDF04CF94D9458AE7BB5EF49364B208169F815E7390D7359E00DFA9
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00404F2C, Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                    			E00404F2C(WCHAR* __ecx) {
				char _v16;
				void* __ebp;
				signed int _t5;
				int _t9;
				signed int _t12;

				if( *0x423168 != 0) {
					_t5 = SetCurrentDirectoryW(__ecx); // executed
					asm("sbb eax, eax");
					return  ~( ~_t5);
				} else {
					_push(_t12);
					_t9 = SetCurrentDirectoryA( *(E00403B85( &_v16, __ecx)));
					E00403A63(_v16);
					return _t12 & 0xffffff00 | _t9 != 0x00000000;
				}
			}








                                                                                                                                                                    0x00404f39
                                                                                                                                                                    0x00404f62
                                                                                                                                                                    0x00404f6a
                                                                                                                                                                    0x00404f6f
                                                                                                                                                                    0x00404f3b
                                                                                                                                                                    0x00404f3d
                                                                                                                                                                    0x00404f48
                                                                                                                                                                    0x00404f56
                                                                                                                                                                    0x00404f60
                                                                                                                                                                    0x00404f60

                                                                                                                                                                    APIs
                                                                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,?,00000000), ref: 00404F62
                                                                                                                                                                      • Part of subcall function 00403B85: __EH_prolog.LIBCMT ref: 00403B8A
                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(00000000,00000000,?,00000000), ref: 00404F48
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentDirectory$H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3531555294-0
                                                                                                                                                                    • Opcode ID: 37bd0973ac103fd303293487a19168a5ccebfcf95a8c4f288a103cb7951a30b5
                                                                                                                                                                    • Instruction ID: 9edf083e53dd0555a3085cbe496080ff7240eda39e21aa363a26468641b3ea5b
                                                                                                                                                                    • Opcode Fuzzy Hash: 37bd0973ac103fd303293487a19168a5ccebfcf95a8c4f288a103cb7951a30b5
                                                                                                                                                                    • Instruction Fuzzy Hash: 75E02630B400093FDF112F78EC4A9AA3BB89B40309F10427AB403E20E1EF38CA48CA48
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00412FB0, Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00412FB0(void** __ecx) {
				void* _t1;
				int _t3;
				long _t4;
				intOrPtr* _t7;

				_t7 = __ecx;
				_t1 =  *__ecx;
				if(_t1 == 0) {
					L4:
					 *_t7 = 0;
					return 0;
				}
				_t3 = FindCloseChangeNotification(_t1); // executed
				if(_t3 != 0) {
					goto L4;
				}
				_t4 = GetLastError();
				if(_t4 != 0) {
					return _t4;
				} else {
					return 1;
				}
			}







                                                                                                                                                                    0x00412fb1
                                                                                                                                                                    0x00412fb3
                                                                                                                                                                    0x00412fb7
                                                                                                                                                                    0x00412fd5
                                                                                                                                                                    0x00412fd5
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412fdb
                                                                                                                                                                    0x00412fba
                                                                                                                                                                    0x00412fc2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412fc4
                                                                                                                                                                    0x00412fcc
                                                                                                                                                                    0x00412fde
                                                                                                                                                                    0x00412fce
                                                                                                                                                                    0x00412fd4
                                                                                                                                                                    0x00412fd4

                                                                                                                                                                    APIs
                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000,00000000,0040301E,?,?,00000000,00000003,?,00000000,?,?,00000003,00000000,00000000), ref: 00412FBA
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000003,00000000,00000000), ref: 00412FC4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1687624791-0
                                                                                                                                                                    • Opcode ID: b5098685d33c3cc67ebfad07f634e68468c0e4b8d996f080fdfb64641eb0d31e
                                                                                                                                                                    • Instruction ID: d44e1f3e4cad726ea3e92c5486a9195669633c0610289be4ff3fe3302eef999b
                                                                                                                                                                    • Opcode Fuzzy Hash: b5098685d33c3cc67ebfad07f634e68468c0e4b8d996f080fdfb64641eb0d31e
                                                                                                                                                                    • Instruction Fuzzy Hash: 12D09E3161411547EB705F79B90C7D72AE8AF08750F15446AF451D3240FBA8CCD25699
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040B98F, Relevance: 2.0, APIs: 1, Instructions: 515COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                    			E0040B98F(signed char __edx) {
				signed int _t287;
				signed char _t289;
				signed int _t291;
				signed char _t292;
				signed char _t295;
				signed char _t305;
				intOrPtr _t307;
				signed char _t308;
				signed char _t314;
				intOrPtr _t315;
				signed char _t323;
				signed char _t325;
				signed char _t329;
				signed char _t330;
				signed char _t334;
				signed char _t335;
				signed char _t340;
				signed char _t345;
				signed char _t349;
				signed char _t351;
				signed char _t352;
				signed char _t356;
				signed char _t368;
				signed char _t372;
				signed int _t380;
				intOrPtr _t388;
				intOrPtr _t397;
				signed char _t401;
				signed char _t407;
				signed char _t408;
				intOrPtr _t410;
				intOrPtr _t475;
				signed char _t485;
				signed int _t488;
				signed char _t489;
				intOrPtr* _t490;
				signed int _t492;
				intOrPtr _t498;
				signed int _t501;
				signed int _t502;
				void* _t503;
				signed char _t506;
				signed int _t508;
				intOrPtr _t509;
				void* _t510;
				void* _t512;

				_t485 = __edx;
				_t287 = E00413724(E0041A04A, _t510);
				_t407 = 0;
				 *(_t510 - 4) = 0;
				 *((char*)(_t510 - 0x4c)) = _t287 & 0xffffff00 |  *(_t510 + 0x14) != 0x00000000;
				_t289 =  *(_t510 + 0x18);
				 *((intOrPtr*)(_t510 - 0x10)) = _t512 - 0x124;
				 *(_t510 + 0x18) = _t289;
				if(_t289 != 0) {
					 *((intOrPtr*)( *_t289 + 4))(_t289);
				}
				 *(_t510 - 4) = 1;
				 *(_t510 - 0x1c) = _t407;
				 *(_t510 - 0x18) = _t407;
				 *((char*)(_t510 + 0x17)) =  *(_t510 + 0x10) == 0xffffffff;
				if( *((char*)(_t510 + 0x17)) != 0) {
					 *(_t510 + 0x10) =  *( *(_t510 + 8) + 0x7c);
				}
				if( *(_t510 + 0x10) != _t407) {
					E00402172(_t510 - 0x30);
					 *((intOrPtr*)(_t510 - 0x30)) = 0x41b74c;
					_t291 = 0;
					__eflags = 0;
					 *(_t510 - 4) = 2;
					 *(_t510 - 0x34) = 0;
					while(1) {
						__eflags = _t291 -  *(_t510 + 0x10);
						if(_t291 >=  *(_t510 + 0x10)) {
							break;
						}
						__eflags =  *((char*)(_t510 + 0x17));
						if( *((char*)(_t510 + 0x17)) == 0) {
							_t291 =  *( *(_t510 + 0xc) + _t291 * 4);
						}
						_t496 =  *(_t510 + 8);
						 *(_t510 - 0x38) = _t291;
						_t508 =  *( *((intOrPtr*)( *(_t510 + 8) + 0x1c8)) + _t291 * 4);
						__eflags = _t508 - 0xffffffff;
						if(_t508 != 0xffffffff) {
							_t380 =  *(_t510 - 0x28);
							__eflags = _t380 - _t407;
							if(_t380 == _t407) {
								L16:
								 *(_t510 - 0x7c) =  *(_t510 - 0x7c) | 0xffffffff;
								 *(_t510 - 0x78) = _t508;
								E0040C1BE(_t510 - 0x74);
								 *(_t510 - 0x5c) = _t407;
								 *(_t510 - 0x58) = _t407;
								_push(_t510 - 0x7c);
								 *(_t510 - 4) = 5;
								E0040C233(_t510 - 0x30);
								 *(_t510 - 4) = 2;
								E00404320(_t510 - 0x74);
								_t475 = E0040C047( *((intOrPtr*)( *((intOrPtr*)(_t496 + 0x58)) + _t508 * 4)));
								_t67 = _t510 - 0x1c;
								 *_t67 =  *(_t510 - 0x1c) + _t475;
								__eflags =  *_t67;
								_t388 =  *((intOrPtr*)( *((intOrPtr*)(_t510 - 0x24)) +  *(_t510 - 0x28) * 4 - 4));
								asm("adc [ebp-0x18], edx");
								 *((intOrPtr*)(_t388 + 0x20)) = _t475;
								 *(_t388 + 0x24) = _t485;
								L17:
								_t498 =  *((intOrPtr*)( *((intOrPtr*)(_t510 - 0x24)) +  *(_t510 - 0x28) * 4 - 4));
								_t410 =  *((intOrPtr*)( *((intOrPtr*)( *(_t510 + 8) + 0x1b4)) + _t508 * 4));
								_t509 =  *((intOrPtr*)(_t498 + 0x10));
								while(1) {
									_t393 =  *(_t510 - 0x38) - _t410;
									__eflags = _t509 -  *(_t510 - 0x38) - _t410;
									if(_t509 >  *(_t510 - 0x38) - _t410) {
										goto L13;
									}
									_t87 = _t498 + 8; // 0xa
									E0040C1D9(_t87, _t393 & 0xffffff00 | __eflags == 0x00000000);
									_t509 = _t509 + 1;
								}
								goto L13;
							}
							_t397 =  *((intOrPtr*)( *((intOrPtr*)(_t510 - 0x24)) + _t380 * 4 - 4));
							__eflags = _t508 -  *((intOrPtr*)(_t397 + 4));
							if(_t508 ==  *((intOrPtr*)(_t397 + 4))) {
								goto L17;
							}
							goto L16;
						} else {
							_push(_t508);
							_push(_t291);
							_push(E0040C0D4(_t510 - 0x130));
							 *(_t510 - 4) = 3;
							E0040C233(_t510 - 0x30);
							 *(_t510 - 4) = 2;
							E00404320(_t510 - 0x128);
							L13:
							_t291 =  *(_t510 - 0x34) + 1;
							_t407 = 0;
							 *(_t510 - 0x34) = _t291;
							continue;
						}
					}
					_t292 =  *(_t510 + 0x18);
					__eflags =  *((intOrPtr*)( *_t292 + 0xc))(_t292,  *(_t510 - 0x1c),  *(_t510 - 0x18)) - _t407;
					if(__eflags == 0) {
						E0040AA56(_t510 - 0x108, __eflags, 1);
						_push(0x38);
						 *(_t510 - 4) = 7;
						 *(_t510 - 0x40) = _t407;
						 *(_t510 - 0x3c) = _t407;
						 *(_t510 - 0x1c) = _t407;
						 *(_t510 - 0x18) = _t407;
						_t295 = E00403A3D();
						 *(_t510 + 0x10) = _t295;
						__eflags = _t295 - _t407;
						 *(_t510 - 4) = 8;
						if(_t295 == _t407) {
							_t501 = 0;
							__eflags = 0;
						} else {
							_t501 = E00407176(_t295);
						}
						_t488 = _t501;
						__eflags = _t501 - _t407;
						 *(_t510 - 4) = 7;
						 *(_t510 - 0x38) = _t488;
						 *(_t510 - 0x14) = _t501;
						if(_t501 != _t407) {
							 *((intOrPtr*)( *_t501 + 4))(_t501);
						}
						_push(_t407);
						 *(_t510 - 4) = 9;
						E00407209(_t501,  *(_t510 + 0x18));
						_t502 = 0;
						__eflags = 0;
						 *(_t510 + 0x14) = 0;
						while(1) {
							 *(_t488 + 0x28) =  *(_t510 - 0x1c);
							 *(_t488 + 0x2c) =  *(_t510 - 0x18);
							 *(_t488 + 0x20) =  *(_t510 - 0x40);
							 *(_t488 + 0x24) =  *(_t510 - 0x3c);
							_t489 = E004072E5(_t488);
							__eflags = _t489 - _t407;
							if(_t489 != _t407) {
								break;
							}
							__eflags = _t502 -  *(_t510 - 0x28);
							if(_t502 <  *(_t510 - 0x28)) {
								_push(0x38);
								 *(_t510 - 0x48) = _t407;
								 *(_t510 - 0x44) = _t407;
								_t490 =  *((intOrPtr*)( *((intOrPtr*)(_t510 - 0x24)) + _t502 * 4));
								 *((intOrPtr*)(_t510 - 0x54)) =  *((intOrPtr*)(_t490 + 0x20));
								 *((intOrPtr*)(_t510 - 0x50)) =  *((intOrPtr*)(_t490 + 0x24));
								_t305 = E00403A3D();
								 *(_t510 + 0xc) = _t305;
								__eflags = _t305 - _t407;
								 *(_t510 - 4) = 0xb;
								if(_t305 == _t407) {
									_t408 = 0;
									__eflags = 0;
								} else {
									_t408 = E0040C3AE(_t305);
								}
								__eflags = _t408;
								 *(_t510 - 0x34) = _t408;
								 *(_t510 - 4) = 9;
								 *(_t510 + 0x10) = _t408;
								if(_t408 != 0) {
									 *((intOrPtr*)( *_t408 + 4))(_t408);
								}
								 *(_t510 - 4) = 0xc;
								_t503 =  *(_t510 + 8) + 0x10;
								_t307 =  *_t490;
								__eflags = _t307 - 0xffffffff;
								if(_t307 == 0xffffffff) {
									_t307 =  *((intOrPtr*)( *((intOrPtr*)(_t503 + 0x1a4)) +  *(_t490 + 4) * 4));
								}
								__eflags =  *( *(_t510 + 8) + 0x1e0);
								_t173 = _t490 + 8; // 0x8
								_t308 = E0040C50E(_t408, _t503, 0, _t307, _t173,  *(_t510 + 0x18),  *((intOrPtr*)(_t510 - 0x4c)),  *(_t510 + 8) & 0xffffff00 |  *( *(_t510 + 8) + 0x1e0) != 0x00000000);
								__eflags = _t308;
								 *(_t510 + 0xc) = _t308;
								if(_t308 == 0) {
									__eflags =  *_t490 - 0xffffffff;
									if( *_t490 == 0xffffffff) {
										_t492 =  *(_t490 + 4) << 2;
										 *(_t510 + 0xc) =  *( *((intOrPtr*)(_t503 + 0x48)) + _t492);
										 *(_t510 - 0x48) = E0040C093(_t503,  *(_t490 + 4));
										 *(_t510 - 0x44) = _t485;
										 *(_t510 - 4) = 0xe;
										_t485 =  *( *((intOrPtr*)(_t503 + 0x17c)) + ( *( *((intOrPtr*)(_t503 + 0x190)) + _t492) << 3) + 4);
										asm("adc edx, [esi+0x14c]");
										_t314 = E0040AB05(_t510 - 0x108, __eflags,  *((intOrPtr*)( *(_t510 + 8) + 8)),  *((intOrPtr*)( *((intOrPtr*)(_t503 + 0x17c)) + ( *( *((intOrPtr*)(_t503 + 0x190)) + _t492) << 3))) +  *((intOrPtr*)(_t503 + 0x148)), _t485,  *((intOrPtr*)(_t503 + 0xc)) + ( *( *((intOrPtr*)(_t503 + 0x190)) + _t492) << 3),  *(_t510 + 0xc),  *(_t510 + 0x10),  *(_t510 - 0x14)); // executed
										_t506 = _t314;
										__eflags = _t506 - 1;
										if(_t506 != 1) {
											__eflags = _t506 - 0x80004001;
											if(_t506 != 0x80004001) {
												__eflags = _t506;
												if(_t506 == 0) {
													_t315 =  *((intOrPtr*)(_t408 + 0x18));
													__eflags =  *((intOrPtr*)(_t408 + 0x28)) -  *((intOrPtr*)(_t315 + 8));
													if( *((intOrPtr*)(_t408 + 0x28)) ==  *((intOrPtr*)(_t315 + 8))) {
														 *(_t510 - 4) = 9;
														E0040A594(_t510 + 0x10);
														L91:
														 *(_t510 + 0x14) =  *(_t510 + 0x14) + 1;
														 *(_t510 - 0x1c) =  *(_t510 - 0x1c) +  *((intOrPtr*)(_t510 - 0x54));
														_t488 =  *(_t510 - 0x38);
														_t502 =  *(_t510 + 0x14);
														asm("adc [ebp-0x18], eax");
														 *(_t510 - 0x40) =  *(_t510 - 0x40) +  *(_t510 - 0x48);
														asm("adc [ebp-0x3c], eax");
														_t407 = 0;
														continue;
													}
													_t506 = E0040C820(_t408, _t510, 2);
													_t323 =  *(_t510 + 0x10);
													__eflags = _t506;
													 *(_t510 - 4) = 9;
													if(_t506 == 0) {
														L86:
														__eflags = _t323;
														if(_t323 != 0) {
															 *((intOrPtr*)( *_t323 + 8))(_t323);
														}
														 *(_t510 - 4) = 9;
														goto L91;
													}
													__eflags = _t323;
													if(_t323 != 0) {
														 *((intOrPtr*)( *_t323 + 8))(_t323);
													}
													_t325 =  *(_t510 - 0x14);
													 *(_t510 - 4) = 7;
													__eflags = _t325;
													if(__eflags != 0) {
														 *((intOrPtr*)( *_t325 + 8))(_t325);
													}
													 *(_t510 - 4) = 2;
													E0040C146(_t510 - 0x108, __eflags);
													 *((intOrPtr*)(_t510 - 0x30)) = 0x41b74c;
													 *(_t510 - 4) = 0x12;
													L82:
													E00404349();
													 *(_t510 - 4) = 1;
													E00404320(_t510 - 0x30);
													_t329 =  *(_t510 + 0x18);
													 *(_t510 - 4) =  *(_t510 - 4) & 0x00000000;
													__eflags = _t329;
													L83:
													if(__eflags != 0) {
														 *((intOrPtr*)( *_t329 + 8))(_t329);
													}
													_t330 = _t506;
													goto L92;
												}
												_t334 =  *(_t510 + 0x10);
												 *(_t510 - 4) = 9;
												__eflags = _t334;
												if(_t334 != 0) {
													 *((intOrPtr*)( *_t334 + 8))(_t334);
												}
												_t335 =  *(_t510 - 0x14);
												 *(_t510 - 4) = 7;
												__eflags = _t335;
												if(__eflags != 0) {
													 *((intOrPtr*)( *_t335 + 8))(_t335);
												}
												 *(_t510 - 4) = 2;
												E0040C146(_t510 - 0x108, __eflags);
												 *((intOrPtr*)(_t510 - 0x30)) = 0x41b74c;
												 *(_t510 - 4) = 0x11;
												goto L82;
											}
											_t506 = E0040C820(_t408, _t510, 1);
											_t323 =  *(_t510 + 0x10);
											__eflags = _t506;
											 *(_t510 - 4) = 9;
											if(_t506 == 0) {
												goto L86;
											}
											__eflags = _t323;
											if(_t323 != 0) {
												 *((intOrPtr*)( *_t323 + 8))(_t323);
											}
											_t340 =  *(_t510 - 0x14);
											 *(_t510 - 4) = 7;
											__eflags = _t340;
											if(__eflags != 0) {
												 *((intOrPtr*)( *_t340 + 8))(_t340);
											}
											 *(_t510 - 4) = 2;
											E0040C146(_t510 - 0x108, __eflags);
											 *((intOrPtr*)(_t510 - 0x30)) = 0x41b74c;
											 *(_t510 - 4) = 0x10;
											goto L82;
										}
										_t506 = E0040C820(_t408, _t510, 2);
										_t323 =  *(_t510 + 0x10);
										__eflags = _t506;
										 *(_t510 - 4) = 9;
										if(_t506 == 0) {
											goto L86;
										}
										__eflags = _t323;
										if(_t323 != 0) {
											 *((intOrPtr*)( *_t323 + 8))(_t323);
										}
										_t345 =  *(_t510 - 0x14);
										 *(_t510 - 4) = 7;
										__eflags = _t345;
										if(__eflags != 0) {
											 *((intOrPtr*)( *_t345 + 8))(_t345);
										}
										 *(_t510 - 4) = 2;
										E0040C146(_t510 - 0x108, __eflags);
										 *((intOrPtr*)(_t510 - 0x30)) = 0x41b74c;
										 *(_t510 - 4) = 0xf;
										goto L82;
									}
									_t349 =  *(_t510 + 0x10);
									 *(_t510 - 4) = 9;
									__eflags = _t349;
									if(_t349 != 0) {
										 *((intOrPtr*)( *_t349 + 8))(_t349);
									}
									goto L91;
								} else {
									_t351 =  *(_t510 + 0x10);
									 *(_t510 - 4) = 9;
									__eflags = _t351;
									if(_t351 != 0) {
										 *((intOrPtr*)( *_t351 + 8))(_t351);
									}
									_t352 =  *(_t510 - 0x14);
									 *(_t510 - 4) = 7;
									__eflags = _t352;
									if(__eflags != 0) {
										 *((intOrPtr*)( *_t352 + 8))(_t352);
									}
									 *(_t510 - 4) = 2;
									E0040C146(_t510 - 0x108, __eflags);
									 *((intOrPtr*)(_t510 - 0x30)) = 0x41b74c;
									 *(_t510 - 4) = 0xd;
									E00404349();
									 *(_t510 - 4) = 1;
									E00404320(_t510 - 0x30);
									_t356 =  *(_t510 + 0x18);
									 *(_t510 - 4) =  *(_t510 - 4) & 0x00000000;
									__eflags = _t356;
									if(_t356 != 0) {
										 *((intOrPtr*)( *_t356 + 8))(_t356);
									}
									_t330 =  *(_t510 + 0xc);
									goto L92;
								}
							}
							 *(_t510 - 4) = 7;
							E0040A594(_t510 - 0x14);
							 *(_t510 - 4) = 2;
							E0040C146(_t510 - 0x108, __eflags); // executed
							 *(_t510 - 4) = 1;
							E0040C1FB(_t510 - 0x30);
							_t144 = _t510 - 4;
							 *_t144 =  *(_t510 - 4) & 0x00000000;
							__eflags =  *_t144;
							E0040A594(_t510 + 0x18);
							goto L36;
						}
						_t368 =  *(_t510 - 0x14);
						 *(_t510 - 4) = 7;
						__eflags = _t368 - _t407;
						if(__eflags != 0) {
							 *((intOrPtr*)( *_t368 + 8))(_t368);
						}
						 *(_t510 - 4) = 2;
						E0040C146(_t510 - 0x108, __eflags);
						 *((intOrPtr*)(_t510 - 0x30)) = 0x41b74c;
						 *(_t510 - 4) = 0xa;
						E00404349();
						 *(_t510 - 4) = 1;
						E00404320(_t510 - 0x30);
						_t372 =  *(_t510 + 0x18);
						 *(_t510 - 4) =  *(_t510 - 4) & 0x00000000;
						__eflags = _t372 - _t407;
						if(_t372 != _t407) {
							 *((intOrPtr*)( *_t372 + 8))(_t372);
						}
						_t330 = _t489;
						goto L92;
					}
					 *((intOrPtr*)(_t510 - 0x30)) = 0x41b74c;
					 *(_t510 - 4) = 6;
					E00404349();
					 *(_t510 - 4) = 1;
					E00404320(_t510 - 0x30);
					_t329 =  *(_t510 + 0x18);
					 *(_t510 - 4) =  *(_t510 - 4) & 0x00000000;
					__eflags = _t329 - _t407;
					goto L83;
				} else {
					_t401 =  *(_t510 + 0x18);
					 *(_t510 - 4) =  *(_t510 - 4) & 0x00000000;
					if(_t401 != _t407) {
						 *((intOrPtr*)( *_t401 + 8))(_t401);
					}
					L36:
					_t330 = 0;
					L92:
					 *[fs:0x0] =  *((intOrPtr*)(_t510 - 0xc));
					return _t330;
				}
			}

















































                                                                                                                                                                    0x0040b98f
                                                                                                                                                                    0x0040b994
                                                                                                                                                                    0x0040b9a0
                                                                                                                                                                    0x0040b9a7
                                                                                                                                                                    0x0040b9ad
                                                                                                                                                                    0x0040b9b0
                                                                                                                                                                    0x0040b9b5
                                                                                                                                                                    0x0040b9b8
                                                                                                                                                                    0x0040b9bb
                                                                                                                                                                    0x0040b9c0
                                                                                                                                                                    0x0040b9c0
                                                                                                                                                                    0x0040b9c7
                                                                                                                                                                    0x0040b9cb
                                                                                                                                                                    0x0040b9ce
                                                                                                                                                                    0x0040b9d1
                                                                                                                                                                    0x0040b9d9
                                                                                                                                                                    0x0040b9e1
                                                                                                                                                                    0x0040b9e1
                                                                                                                                                                    0x0040b9e7
                                                                                                                                                                    0x0040ba06
                                                                                                                                                                    0x0040ba0b
                                                                                                                                                                    0x0040ba12
                                                                                                                                                                    0x0040ba12
                                                                                                                                                                    0x0040ba14
                                                                                                                                                                    0x0040ba18
                                                                                                                                                                    0x0040ba1b
                                                                                                                                                                    0x0040ba1b
                                                                                                                                                                    0x0040ba1e
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ba24
                                                                                                                                                                    0x0040ba28
                                                                                                                                                                    0x0040ba2d
                                                                                                                                                                    0x0040ba2d
                                                                                                                                                                    0x0040ba30
                                                                                                                                                                    0x0040ba33
                                                                                                                                                                    0x0040ba3c
                                                                                                                                                                    0x0040ba3f
                                                                                                                                                                    0x0040ba42
                                                                                                                                                                    0x0040ba78
                                                                                                                                                                    0x0040ba7b
                                                                                                                                                                    0x0040ba7d
                                                                                                                                                                    0x0040ba8b
                                                                                                                                                                    0x0040ba8b
                                                                                                                                                                    0x0040ba92
                                                                                                                                                                    0x0040ba95
                                                                                                                                                                    0x0040ba9a
                                                                                                                                                                    0x0040ba9d
                                                                                                                                                                    0x0040baa6
                                                                                                                                                                    0x0040baa7
                                                                                                                                                                    0x0040baab
                                                                                                                                                                    0x0040bab3
                                                                                                                                                                    0x0040bab7
                                                                                                                                                                    0x0040baca
                                                                                                                                                                    0x0040bacf
                                                                                                                                                                    0x0040bacf
                                                                                                                                                                    0x0040bacf
                                                                                                                                                                    0x0040bad2
                                                                                                                                                                    0x0040bad6
                                                                                                                                                                    0x0040bad9
                                                                                                                                                                    0x0040badc
                                                                                                                                                                    0x0040badf
                                                                                                                                                                    0x0040bae5
                                                                                                                                                                    0x0040baf2
                                                                                                                                                                    0x0040baf5
                                                                                                                                                                    0x0040baf8
                                                                                                                                                                    0x0040bafb
                                                                                                                                                                    0x0040bafd
                                                                                                                                                                    0x0040baff
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040bb09
                                                                                                                                                                    0x0040bb0c
                                                                                                                                                                    0x0040bb11
                                                                                                                                                                    0x0040bb11
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040baf8
                                                                                                                                                                    0x0040ba82
                                                                                                                                                                    0x0040ba86
                                                                                                                                                                    0x0040ba89
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ba44
                                                                                                                                                                    0x0040ba44
                                                                                                                                                                    0x0040ba45
                                                                                                                                                                    0x0040ba51
                                                                                                                                                                    0x0040ba55
                                                                                                                                                                    0x0040ba59
                                                                                                                                                                    0x0040ba64
                                                                                                                                                                    0x0040ba68
                                                                                                                                                                    0x0040ba6d
                                                                                                                                                                    0x0040ba70
                                                                                                                                                                    0x0040ba71
                                                                                                                                                                    0x0040ba73
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ba73
                                                                                                                                                                    0x0040ba42
                                                                                                                                                                    0x0040bb17
                                                                                                                                                                    0x0040bb25
                                                                                                                                                                    0x0040bb27
                                                                                                                                                                    0x0040bb5e
                                                                                                                                                                    0x0040bb63
                                                                                                                                                                    0x0040bb65
                                                                                                                                                                    0x0040bb69
                                                                                                                                                                    0x0040bb6c
                                                                                                                                                                    0x0040bb6f
                                                                                                                                                                    0x0040bb72
                                                                                                                                                                    0x0040bb75
                                                                                                                                                                    0x0040bb7b
                                                                                                                                                                    0x0040bb7e
                                                                                                                                                                    0x0040bb80
                                                                                                                                                                    0x0040bb84
                                                                                                                                                                    0x0040bb91
                                                                                                                                                                    0x0040bb91
                                                                                                                                                                    0x0040bb86
                                                                                                                                                                    0x0040bb8d
                                                                                                                                                                    0x0040bb8d
                                                                                                                                                                    0x0040bb93
                                                                                                                                                                    0x0040bb95
                                                                                                                                                                    0x0040bb97
                                                                                                                                                                    0x0040bb9b
                                                                                                                                                                    0x0040bb9e
                                                                                                                                                                    0x0040bba1
                                                                                                                                                                    0x0040bba6
                                                                                                                                                                    0x0040bba6
                                                                                                                                                                    0x0040bba9
                                                                                                                                                                    0x0040bbaf
                                                                                                                                                                    0x0040bbb3
                                                                                                                                                                    0x0040bbb8
                                                                                                                                                                    0x0040bbb8
                                                                                                                                                                    0x0040bbba
                                                                                                                                                                    0x0040bbbd
                                                                                                                                                                    0x0040bbc2
                                                                                                                                                                    0x0040bbc8
                                                                                                                                                                    0x0040bbce
                                                                                                                                                                    0x0040bbd4
                                                                                                                                                                    0x0040bbdc
                                                                                                                                                                    0x0040bbde
                                                                                                                                                                    0x0040bbe0
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040bc39
                                                                                                                                                                    0x0040bc3c
                                                                                                                                                                    0x0040bc7b
                                                                                                                                                                    0x0040bc7d
                                                                                                                                                                    0x0040bc80
                                                                                                                                                                    0x0040bc83
                                                                                                                                                                    0x0040bc89
                                                                                                                                                                    0x0040bc8f
                                                                                                                                                                    0x0040bc92
                                                                                                                                                                    0x0040bc98
                                                                                                                                                                    0x0040bc9b
                                                                                                                                                                    0x0040bc9d
                                                                                                                                                                    0x0040bca1
                                                                                                                                                                    0x0040bcae
                                                                                                                                                                    0x0040bcae
                                                                                                                                                                    0x0040bca3
                                                                                                                                                                    0x0040bcaa
                                                                                                                                                                    0x0040bcaa
                                                                                                                                                                    0x0040bcb0
                                                                                                                                                                    0x0040bcb2
                                                                                                                                                                    0x0040bcb5
                                                                                                                                                                    0x0040bcb9
                                                                                                                                                                    0x0040bcbc
                                                                                                                                                                    0x0040bcc1
                                                                                                                                                                    0x0040bcc1
                                                                                                                                                                    0x0040bcc7
                                                                                                                                                                    0x0040bccb
                                                                                                                                                                    0x0040bcce
                                                                                                                                                                    0x0040bcd0
                                                                                                                                                                    0x0040bcd3
                                                                                                                                                                    0x0040bcde
                                                                                                                                                                    0x0040bcde
                                                                                                                                                                    0x0040bce4
                                                                                                                                                                    0x0040bcef
                                                                                                                                                                    0x0040bcff
                                                                                                                                                                    0x0040bd04
                                                                                                                                                                    0x0040bd06
                                                                                                                                                                    0x0040bd09
                                                                                                                                                                    0x0040bd74
                                                                                                                                                                    0x0040bd77
                                                                                                                                                                    0x0040bd9c
                                                                                                                                                                    0x0040bda2
                                                                                                                                                                    0x0040bdac
                                                                                                                                                                    0x0040bdb8
                                                                                                                                                                    0x0040bdd6
                                                                                                                                                                    0x0040bde0
                                                                                                                                                                    0x0040bde4
                                                                                                                                                                    0x0040bdf9
                                                                                                                                                                    0x0040bdfe
                                                                                                                                                                    0x0040be00
                                                                                                                                                                    0x0040be03
                                                                                                                                                                    0x0040be59
                                                                                                                                                                    0x0040be5f
                                                                                                                                                                    0x0040beb5
                                                                                                                                                                    0x0040beb7
                                                                                                                                                                    0x0040bef7
                                                                                                                                                                    0x0040befd
                                                                                                                                                                    0x0040bf00
                                                                                                                                                                    0x0040bf8d
                                                                                                                                                                    0x0040bffe
                                                                                                                                                                    0x0040c003
                                                                                                                                                                    0x0040c006
                                                                                                                                                                    0x0040c009
                                                                                                                                                                    0x0040c00f
                                                                                                                                                                    0x0040c012
                                                                                                                                                                    0x0040c015
                                                                                                                                                                    0x0040c01b
                                                                                                                                                                    0x0040c021
                                                                                                                                                                    0x0040c024
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040c024
                                                                                                                                                                    0x0040bf0f
                                                                                                                                                                    0x0040bf11
                                                                                                                                                                    0x0040bf14
                                                                                                                                                                    0x0040bf16
                                                                                                                                                                    0x0040bf1a
                                                                                                                                                                    0x0040bf7d
                                                                                                                                                                    0x0040bf7d
                                                                                                                                                                    0x0040bf7f
                                                                                                                                                                    0x0040bf84
                                                                                                                                                                    0x0040bf84
                                                                                                                                                                    0x0040bf87
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040bf87
                                                                                                                                                                    0x0040bf1c
                                                                                                                                                                    0x0040bf1e
                                                                                                                                                                    0x0040bf23
                                                                                                                                                                    0x0040bf23
                                                                                                                                                                    0x0040bf26
                                                                                                                                                                    0x0040bf29
                                                                                                                                                                    0x0040bf2d
                                                                                                                                                                    0x0040bf2f
                                                                                                                                                                    0x0040bf34
                                                                                                                                                                    0x0040bf34
                                                                                                                                                                    0x0040bf3d
                                                                                                                                                                    0x0040bf41
                                                                                                                                                                    0x0040bf46
                                                                                                                                                                    0x0040bf4d
                                                                                                                                                                    0x0040bf51
                                                                                                                                                                    0x0040bf54
                                                                                                                                                                    0x0040bf5c
                                                                                                                                                                    0x0040bf60
                                                                                                                                                                    0x0040bf65
                                                                                                                                                                    0x0040bf68
                                                                                                                                                                    0x0040bf6c
                                                                                                                                                                    0x0040bf6e
                                                                                                                                                                    0x0040bf6e
                                                                                                                                                                    0x0040bf73
                                                                                                                                                                    0x0040bf73
                                                                                                                                                                    0x0040bf76
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040bf76
                                                                                                                                                                    0x0040beb9
                                                                                                                                                                    0x0040bebc
                                                                                                                                                                    0x0040bec0
                                                                                                                                                                    0x0040bec2
                                                                                                                                                                    0x0040bec7
                                                                                                                                                                    0x0040bec7
                                                                                                                                                                    0x0040beca
                                                                                                                                                                    0x0040becd
                                                                                                                                                                    0x0040bed1
                                                                                                                                                                    0x0040bed3
                                                                                                                                                                    0x0040bed8
                                                                                                                                                                    0x0040bed8
                                                                                                                                                                    0x0040bee1
                                                                                                                                                                    0x0040bee5
                                                                                                                                                                    0x0040beea
                                                                                                                                                                    0x0040bef1
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040bef1
                                                                                                                                                                    0x0040be6a
                                                                                                                                                                    0x0040be6c
                                                                                                                                                                    0x0040be6f
                                                                                                                                                                    0x0040be71
                                                                                                                                                                    0x0040be75
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040be7b
                                                                                                                                                                    0x0040be7d
                                                                                                                                                                    0x0040be82
                                                                                                                                                                    0x0040be82
                                                                                                                                                                    0x0040be85
                                                                                                                                                                    0x0040be88
                                                                                                                                                                    0x0040be8c
                                                                                                                                                                    0x0040be8e
                                                                                                                                                                    0x0040be93
                                                                                                                                                                    0x0040be93
                                                                                                                                                                    0x0040be9c
                                                                                                                                                                    0x0040bea0
                                                                                                                                                                    0x0040bea5
                                                                                                                                                                    0x0040beac
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040beac
                                                                                                                                                                    0x0040be0e
                                                                                                                                                                    0x0040be10
                                                                                                                                                                    0x0040be13
                                                                                                                                                                    0x0040be15
                                                                                                                                                                    0x0040be19
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040be1f
                                                                                                                                                                    0x0040be21
                                                                                                                                                                    0x0040be26
                                                                                                                                                                    0x0040be26
                                                                                                                                                                    0x0040be29
                                                                                                                                                                    0x0040be2c
                                                                                                                                                                    0x0040be30
                                                                                                                                                                    0x0040be32
                                                                                                                                                                    0x0040be37
                                                                                                                                                                    0x0040be37
                                                                                                                                                                    0x0040be40
                                                                                                                                                                    0x0040be44
                                                                                                                                                                    0x0040be49
                                                                                                                                                                    0x0040be50
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040be50
                                                                                                                                                                    0x0040bd79
                                                                                                                                                                    0x0040bd7c
                                                                                                                                                                    0x0040bd80
                                                                                                                                                                    0x0040bd82
                                                                                                                                                                    0x0040bd8b
                                                                                                                                                                    0x0040bd8b
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040bd0b
                                                                                                                                                                    0x0040bd0b
                                                                                                                                                                    0x0040bd0e
                                                                                                                                                                    0x0040bd12
                                                                                                                                                                    0x0040bd14
                                                                                                                                                                    0x0040bd19
                                                                                                                                                                    0x0040bd19
                                                                                                                                                                    0x0040bd1c
                                                                                                                                                                    0x0040bd1f
                                                                                                                                                                    0x0040bd23
                                                                                                                                                                    0x0040bd25
                                                                                                                                                                    0x0040bd2a
                                                                                                                                                                    0x0040bd2a
                                                                                                                                                                    0x0040bd33
                                                                                                                                                                    0x0040bd37
                                                                                                                                                                    0x0040bd3c
                                                                                                                                                                    0x0040bd46
                                                                                                                                                                    0x0040bd4a
                                                                                                                                                                    0x0040bd52
                                                                                                                                                                    0x0040bd56
                                                                                                                                                                    0x0040bd5b
                                                                                                                                                                    0x0040bd5e
                                                                                                                                                                    0x0040bd62
                                                                                                                                                                    0x0040bd64
                                                                                                                                                                    0x0040bd69
                                                                                                                                                                    0x0040bd69
                                                                                                                                                                    0x0040bd6c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040bd6c
                                                                                                                                                                    0x0040bd09
                                                                                                                                                                    0x0040bc41
                                                                                                                                                                    0x0040bc45
                                                                                                                                                                    0x0040bc50
                                                                                                                                                                    0x0040bc54
                                                                                                                                                                    0x0040bc5c
                                                                                                                                                                    0x0040bc60
                                                                                                                                                                    0x0040bc65
                                                                                                                                                                    0x0040bc65
                                                                                                                                                                    0x0040bc65
                                                                                                                                                                    0x0040bc6c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040bc6c
                                                                                                                                                                    0x0040bbe2
                                                                                                                                                                    0x0040bbe5
                                                                                                                                                                    0x0040bbe9
                                                                                                                                                                    0x0040bbeb
                                                                                                                                                                    0x0040bbf0
                                                                                                                                                                    0x0040bbf0
                                                                                                                                                                    0x0040bbf9
                                                                                                                                                                    0x0040bbfd
                                                                                                                                                                    0x0040bc02
                                                                                                                                                                    0x0040bc0c
                                                                                                                                                                    0x0040bc10
                                                                                                                                                                    0x0040bc18
                                                                                                                                                                    0x0040bc1c
                                                                                                                                                                    0x0040bc21
                                                                                                                                                                    0x0040bc24
                                                                                                                                                                    0x0040bc28
                                                                                                                                                                    0x0040bc2a
                                                                                                                                                                    0x0040bc2f
                                                                                                                                                                    0x0040bc2f
                                                                                                                                                                    0x0040bc32
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040bc32
                                                                                                                                                                    0x0040bb29
                                                                                                                                                                    0x0040bb33
                                                                                                                                                                    0x0040bb37
                                                                                                                                                                    0x0040bb3f
                                                                                                                                                                    0x0040bb43
                                                                                                                                                                    0x0040bb48
                                                                                                                                                                    0x0040bb4b
                                                                                                                                                                    0x0040bb4f
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040b9e9
                                                                                                                                                                    0x0040b9e9
                                                                                                                                                                    0x0040b9ec
                                                                                                                                                                    0x0040b9f2
                                                                                                                                                                    0x0040b9fb
                                                                                                                                                                    0x0040b9fb
                                                                                                                                                                    0x0040bc71
                                                                                                                                                                    0x0040bc71
                                                                                                                                                                    0x0040c036
                                                                                                                                                                    0x0040c03b
                                                                                                                                                                    0x0040c044
                                                                                                                                                                    0x0040c044

                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: b371859bdd47b9dc3252955b0f45c47297e54a09621846059a226dfbca1782fe
                                                                                                                                                                    • Instruction ID: 4fbed39282daa38b1d3be95d0829f5567439209fdd6a1d56e89862dfcbe45c3a
                                                                                                                                                                    • Opcode Fuzzy Hash: b371859bdd47b9dc3252955b0f45c47297e54a09621846059a226dfbca1782fe
                                                                                                                                                                    • Instruction Fuzzy Hash: 05324B70904249DFDB10DFA8C584BDEBBB0AF58304F1441AEE845B7382DB78AE45CB99
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040EB99, Relevance: 2.0, APIs: 1, Instructions: 500COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                    			E0040EB99(void* __ecx, signed int __edx) {
				signed int _t296;
				signed int _t307;
				signed int _t311;
				void* _t313;
				signed int _t322;
				signed int* _t324;
				intOrPtr _t326;
				intOrPtr _t329;
				signed int _t334;
				signed int _t373;
				signed int _t380;
				intOrPtr* _t383;
				intOrPtr* _t384;
				void* _t391;
				intOrPtr _t396;
				signed int _t407;
				signed int _t408;
				signed int _t409;
				signed int* _t413;
				signed int _t415;
				signed int _t417;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				void* _t460;
				signed int _t461;
				signed int _t464;
				void* _t466;

				_t447 = __edx;
				E00413724(E0041A5A8, _t466);
				_t460 = __ecx;
				_t296 = E0040D9CB( *((intOrPtr*)(__ecx + 0x18)), __edx);
				_t464 =  *(_t466 + 8);
				 *(_t466 - 0x18) = _t296;
				 *(_t466 - 0x14) = __edx;
				if(_t296 != 2) {
					_t380 = 0;
					__eflags = 0;
				} else {
					_t380 = 0;
					if(__edx == 0) {
						E0040DDAE(__ecx, __edx, _t464 + 0x130);
						 *(_t466 - 0x18) = E0040D9CB( *((intOrPtr*)(_t460 + 0x18)), __edx);
						 *(_t466 - 0x14) = __edx;
					}
				}
				E00402172(_t466 - 0x48);
				 *((intOrPtr*)(_t466 - 0x48)) = 0x41b840;
				 *(_t466 - 4) = _t380;
				if( *(_t466 - 0x18) != 3) {
					L9:
					E00403291(_t466 - 0xd0, 8);
					 *((intOrPtr*)(_t466 - 0xd0)) = 0x41b69c;
					E00403291(_t466 - 0xbc, 1);
					 *((intOrPtr*)(_t466 - 0xbc)) = 0x41b754;
					E00403291(_t466 - 0x98, 4);
					 *((intOrPtr*)(_t466 - 0x98)) = 0x41b68c;
					__eflags =  *(_t466 - 0x18) - 4;
					 *(_t466 - 4) = 4;
					if( *(_t466 - 0x18) != 4) {
						L12:
						__eflags =  *((intOrPtr*)(_t464 + 0x44)) - _t380;
						 *(_t466 + 8) = _t380;
						if( *((intOrPtr*)(_t464 + 0x44)) <= _t380) {
							L15:
							_t391 = _t464 + 0x64;
							E00404349();
							__eflags =  *(_t466 - 0x18) |  *(_t466 - 0x14);
							if(( *(_t466 - 0x18) |  *(_t466 - 0x14)) != 0) {
								__eflags =  *(_t466 - 0x18) - 5;
								if( *(_t466 - 0x18) != 5) {
									L20:
									E0040D91E(_t391);
									L21:
									 *(_t466 + 8) = E0040DA67(_t447);
									E0040439A(_t464 + 0x64, _t305);
									_t307 =  *(_t466 + 8);
									__eflags = _t307 - _t380;
									if(_t307 <= _t380) {
										L24:
										E00409898(_t464 + 0x158, 9, _t380);
										__eflags =  *((intOrPtr*)(_t464 + 8)) - _t380;
										if( *((intOrPtr*)(_t464 + 8)) != _t380) {
											E00409898(_t464 + 0x158, 6, _t380);
										}
										__eflags =  *(_t466 + 8) - _t380;
										if( *(_t466 + 8) > _t380) {
											__eflags =  *((intOrPtr*)(_t466 - 0x90)) - _t380;
											if( *((intOrPtr*)(_t466 - 0x90)) != _t380) {
												E00409898(_t464 + 0x158, 0xa, _t380);
											}
										}
										 *(_t466 - 0x58) = _t380;
										 *(_t466 - 0x54) = _t380;
										 *(_t466 - 0x50) = _t380;
										 *(_t466 - 0x4c) = 1;
										 *((intOrPtr*)(_t466 - 0x5c)) = 0x41b754;
										_t448 =  *(_t466 + 8);
										 *(_t466 - 4) = 7;
										E0040D7D0(_t466 - 0x5c, _t448);
										_t396 = 1;
										 *(_t466 - 0x80) = _t380;
										 *(_t466 - 0x7c) = _t380;
										 *(_t466 - 0x78) = _t380;
										 *((intOrPtr*)(_t466 - 0x74)) = _t396;
										 *((intOrPtr*)(_t466 - 0x84)) = 0x41b754;
										 *(_t466 - 0x6c) = _t380;
										 *(_t466 - 0x68) = _t380;
										 *(_t466 - 0x64) = _t380;
										 *((intOrPtr*)(_t466 - 0x60)) = _t396;
										 *((intOrPtr*)(_t466 - 0x70)) = 0x41b754;
										 *(_t466 - 4) = 9;
										 *(_t466 - 0x10) = _t380;
										while(1) {
											_t311 = E0040D9CB( *((intOrPtr*)(_t460 + 0x18)), _t448);
											 *(_t466 - 0x34) = _t311;
											__eflags = _t311 | _t448;
											 *(_t466 - 0x30) = _t448;
											if((_t311 | _t448) == 0) {
												break;
											}
											_t326 = E0040D9CB( *((intOrPtr*)(_t460 + 0x18)), _t448);
											_t419 =  *((intOrPtr*)(_t460 + 0x18));
											__eflags =  *(_t466 - 0x30) - _t380;
											 *((intOrPtr*)(_t466 - 0x2c)) = _t326;
											 *(_t466 - 0x28) = _t448;
											 *(_t466 - 0x1c) =  *( *((intOrPtr*)(_t460 + 0x18)) + 8);
											if(__eflags > 0) {
												L68:
												E0040D98D(_t419,  *((intOrPtr*)(_t466 - 0x2c)), _t448);
												L69:
												__eflags =  *((char*)(_t464 + 0x130));
												if( *((char*)(_t464 + 0x130)) > 0) {
													L71:
													_t329 =  *((intOrPtr*)(_t460 + 0x18));
													__eflags =  *((intOrPtr*)(_t329 + 8)) -  *(_t466 - 0x1c) -  *((intOrPtr*)(_t466 - 0x2c));
													if( *((intOrPtr*)(_t329 + 8)) -  *(_t466 - 0x1c) !=  *((intOrPtr*)(_t466 - 0x2c))) {
														L73:
														E0040D91E(_t419);
														continue;
													}
													__eflags = _t380 -  *(_t466 - 0x28);
													if(_t380 ==  *(_t466 - 0x28)) {
														continue;
													}
													goto L73;
												}
												__eflags =  *((char*)(_t464 + 0x131)) - 2;
												if( *((char*)(_t464 + 0x131)) <= 2) {
													continue;
												}
												goto L71;
											}
											if(__eflags < 0) {
												L34:
												_t334 =  *(_t466 - 0x34) + 0xfffffff2;
												__eflags = _t334 - 0xb;
												if(__eflags > 0) {
													goto L68;
												}
												switch( *((intOrPtr*)(_t334 * 4 +  &M0040F27F))) {
													case 0:
														__eax = __ebp - 0x5c;
														__ecx = __edi;
														__eax = E0040E6D1(__edi,  *(__ebp + 8), __ebp - 0x5c);
														__eax =  *(__ebp - 0x54);
														__ecx = 0;
														__eflags = __eax - __ebx;
														if(__eax <= __ebx) {
															L50:
															__edx =  *(__ebp - 0x10);
															__ecx = __ebp - 0x84;
															__eax = E0040D7D0(__ebp - 0x84,  *(__ebp - 0x10));
															__edx =  *(__ebp - 0x10);
															__ecx = __ebp - 0x70;
															__eax = E0040D7D0(__ecx,  *(__ebp - 0x10));
															goto L45;
														} else {
															goto L47;
														}
														do {
															L47:
															__edx =  *(__ebp - 0x50);
															__eflags =  *((char*)(__edx + __ecx));
															if( *((char*)(__edx + __ecx)) != 0) {
																_t184 = __ebp - 0x10;
																 *_t184 =  *(__ebp - 0x10) + 1;
																__eflags =  *_t184;
															}
															__ecx = __ecx + 1;
															__eflags = __ecx - __eax;
														} while (__ecx < __eax);
														goto L50;
													case 1:
														__eax = __ebp - 0x84;
														goto L53;
													case 2:
														__eax = __ebp - 0x70;
														L53:
														__ecx = __edi;
														__eax = E0040E6D1(__ecx,  *(__ebp - 0x10), __eax);
														goto L45;
													case 3:
														 *(_t466 - 0xa4) =  *(_t466 - 0xa4) & 0x00000000;
														 *(_t466 - 4) = 0xa;
														E0040D8CF(_t466 - 0xa8, __eflags, _t460, _t466 - 0x48);
														__eflags =  *(_t464 + 0x6c);
														if( *(_t464 + 0x6c) <= 0) {
															L38:
															 *(_t466 - 4) = 9;
															E0040D80B(_t466 - 0xa8);
															goto L44;
														} else {
															goto L37;
														}
														do {
															L37:
															E0040DACE( *((intOrPtr*)(_t460 + 0x18)),  *((intOrPtr*)( *((intOrPtr*)(_t464 + 0x70)) + _t380 * 4)) + 0x10);
															_t380 = _t380 + 1;
															__eflags = _t380 -  *(_t464 + 0x6c);
														} while (_t380 <  *(_t464 + 0x6c));
														goto L38;
													case 4:
														_push( *(__ebp + 8));
														__eax = __esi + 0x78;
														goto L58;
													case 5:
														_push( *(__ebp + 8));
														__eax = __esi + 0xa0;
														goto L58;
													case 6:
														_push( *(__ebp + 8));
														__eax = __esi + 0xc8;
														goto L58;
													case 7:
														 *(__ebp - 0xe0) = __ebx;
														 *(__ebp - 0xdc) = __ebx;
														 *(__ebp - 0xd8) = __ebx;
														 *(__ebp - 0xd4) = 1;
														 *((intOrPtr*)(__ebp - 0xe4)) = 0x41b754;
														__eax =  *(__esi + 0x6c);
														__ecx = __ebp - 0xe4;
														__ecx = __edi;
														 *((char*)(__ebp - 4)) = 0xb;
														__eax = E0040E725(__edi, __eflags,  *(__esi + 0x6c), __ebp - 0xe4);
														 *(__ebp - 0x9c) =  *(__ebp - 0x9c) & 0x00000000;
														__eax = __ebp - 0x48;
														__ecx = __ebp - 0xa0;
														 *((char*)(__ebp - 4)) = 0xc;
														__eax = E0040D8CF(__ebp - 0xa0, __eflags, __edi, __ebp - 0x48);
														__eflags =  *(__ebp + 8);
														if( *(__ebp + 8) <= 0) {
															L43:
															__ecx = __ebp - 0xa0;
															 *((char*)(__ebp - 4)) = 0xb;
															__eax = E0040D80B(__ebp - 0xa0);
															__ecx = __ebp - 0xe4;
															 *((char*)(__ebp - 4)) = 9;
															__eax = E00404320(__ecx);
															L44:
															_t380 = 0;
															__eflags = 0;
															goto L45;
														} else {
															goto L40;
														}
														do {
															L40:
															__eax =  *(__esi + 0x70);
															__ecx =  *((intOrPtr*)( *(__esi + 0x70) + __ebx * 4));
															__eax =  *(__ebp - 0xd8);
															 *((intOrPtr*)(__ebp - 0x14)) = __ecx;
															__al =  *((intOrPtr*)( *(__ebp - 0xd8) + __ebx));
															__eflags = __al;
															 *((char*)(__ecx + 0x1f)) = __al;
															if(__al != 0) {
																__ecx =  *((intOrPtr*)(__edi + 0x18));
																__eax = E0040DA84( *((intOrPtr*)(__edi + 0x18)));
																__ecx =  *((intOrPtr*)(__ebp - 0x14));
																 *( *((intOrPtr*)(__ebp - 0x14)) + 8) = __eax;
															}
															__ebx = __ebx + 1;
															__eflags = __ebx -  *(__ebp + 8);
														} while (__ebx <  *(__ebp + 8));
														goto L43;
													case 8:
														goto L68;
													case 9:
														_push( *(__ebp + 8));
														__eax = __esi + 0xf0;
														L58:
														_push(__eax);
														__eax = __ebp - 0x48;
														_push(__ebp - 0x48);
														__ecx = __edi;
														__eax = E0040E770(__ecx, __eflags);
														L45:
														_t419 = _t464 + 0x158;
														E00409898(_t464 + 0x158,  *(_t466 - 0x34),  *(_t466 - 0x30));
														goto L69;
													case 0xa:
														__eflags = __edx - __ebx;
														 *(__ebp - 0x24) = __ebx;
														 *(__ebp - 0x20) = __ebx;
														if(__eflags < 0) {
															goto L69;
														}
														if(__eflags > 0) {
															goto L62;
															do {
																do {
																	L62:
																	__ecx =  *((intOrPtr*)(__edi + 0x18));
																	__eax = E0040D936(__ecx);
																	__eflags = __al;
																	if(__al != 0) {
																		__eax = E0040D91E(__ecx);
																	}
																	 *(__ebp - 0x24) =  *(__ebp - 0x24) + 1;
																	asm("adc [ebp-0x20], ebx");
																	__eax =  *(__ebp - 0x20);
																	__eflags =  *(__ebp - 0x20) -  *((intOrPtr*)(__ebp - 0x28));
																} while (__eflags < 0);
																if(__eflags > 0) {
																	goto L69;
																}
																__eax =  *(__ebp - 0x2c);
																__eflags =  *(__ebp - 0x24) -  *(__ebp - 0x2c);
															} while ( *(__ebp - 0x24) <  *(__ebp - 0x2c));
															goto L69;
														}
														__eflags =  *(__ebp - 0x2c) - __ebx;
														if( *(__ebp - 0x2c) <= __ebx) {
															goto L69;
														}
														goto L62;
												}
											}
											__eflags =  *(_t466 - 0x34) - 0x40000000;
											if( *(_t466 - 0x34) > 0x40000000) {
												goto L68;
											}
											goto L34;
										}
										_t313 = 0;
										__eflags =  *(_t466 - 0x10) - _t380;
										 *(_t466 - 0x14) = _t380;
										 *(_t466 - 0x20) = _t380;
										 *(_t466 - 0x1c) = _t380;
										if( *(_t466 - 0x10) <= _t380) {
											L78:
											_t461 = 0;
											__eflags =  *(_t466 + 8) - _t380;
											if( *(_t466 + 8) <= _t380) {
												L85:
												 *(_t466 - 4) = 8;
												E00404320(_t466 - 0x70);
												 *(_t466 - 4) = 7;
												E00404320(_t466 - 0x84);
												 *(_t466 - 4) = 4;
												E00404320(_t466 - 0x5c);
												 *(_t466 - 4) = 3;
												E00404320(_t466 - 0x98);
												 *(_t466 - 4) = 2;
												E00404320(_t466 - 0xbc);
												 *(_t466 - 4) =  *(_t466 - 4) & 0x00000000;
												E00404320(_t466 - 0xd0);
												 *((intOrPtr*)(_t466 - 0x48)) = 0x41b840;
												 *(_t466 - 4) = 0xd;
												E00404349();
												 *(_t466 - 4) =  *(_t466 - 4) | 0xffffffff;
												E00404320(_t466 - 0x48);
												_t322 = 0;
												__eflags = 0;
												goto L86;
											} else {
												goto L79;
											}
											do {
												L79:
												_t407 =  *(_t466 - 0x50);
												__eflags =  *((char*)(_t407 + _t461));
												_t324 =  *( *((intOrPtr*)(_t464 + 0x70)) + _t461 * 4);
												_t408 = _t407 & 0xffffff00 |  *((char*)(_t407 + _t461)) == 0x00000000;
												__eflags = _t408;
												_t324[7] = _t408;
												if(_t408 == 0) {
													_t449 =  *(_t466 - 0x78);
													_t409 =  *(_t466 - 0x14);
													__eflags =  *((char*)(_t449 + _t409));
													_t324[7] = _t449 & 0xffffff00 |  *((char*)(_t449 + _t409)) == 0x00000000;
													_t265 =  &(_t324[7]);
													 *_t265 = _t324[7] & 0x00000000;
													__eflags =  *_t265;
													 *_t324 = _t380;
													 *(_t466 - 0x10) =  *((intOrPtr*)( *(_t466 - 0x64) + _t409));
													 *(_t466 - 0x14) = _t409 + 1;
													_t324[1] = _t380;
												} else {
													_t324[7] = _t324[7] & 0x00000000;
													 *(_t466 - 0x10) =  *(_t466 - 0x10) & 0x00000000;
													_t413 =  *((intOrPtr*)(_t466 - 0xc4)) +  *(_t466 - 0x20) * 8;
													 *_t324 =  *_t413;
													_t324[1] = _t413[1];
													_t415 =  *(_t466 - 0x20);
													_t324[3] =  *( *((intOrPtr*)(_t466 - 0x8c)) + _t415 * 4);
													_t324[7] =  *((intOrPtr*)( *((intOrPtr*)(_t466 - 0xb0)) + _t415));
													 *(_t466 - 0x20) = _t415 + 1;
												}
												__eflags =  *(_t466 - 0x1c) - _t380;
												if( *(_t466 - 0x1c) != _t380) {
													E0040C1D9(_t464 + 0x118,  *(_t466 - 0x10));
												}
												_t461 = _t461 + 1;
												__eflags = _t461 -  *(_t466 + 8);
											} while (_t461 <  *(_t466 + 8));
											goto L85;
										} else {
											goto L75;
										}
										do {
											L75:
											_t417 =  *(_t466 - 0x64);
											__eflags =  *((char*)(_t417 + _t313));
											if( *((char*)(_t417 + _t313)) != 0) {
												_t226 = _t466 - 0x1c;
												 *_t226 =  *(_t466 - 0x1c) + 1;
												__eflags =  *_t226;
											}
											_t313 = _t313 + 1;
											__eflags = _t313 -  *(_t466 - 0x10);
										} while (_t313 <  *(_t466 - 0x10));
										goto L78;
									}
									 *(_t466 - 0x1c) = _t307;
									do {
										_push(E0040F2AF(_t466 - 0xf0));
										 *(_t466 - 4) = 6;
										E0040F7B7(_t464 + 0x64);
										 *(_t466 - 4) = 4;
										E00403A63( *((intOrPtr*)(_t466 - 0xe0)));
										_t92 = _t466 - 0x1c;
										 *_t92 =  *(_t466 - 0x1c) - 1;
										__eflags =  *_t92;
									} while ( *_t92 != 0);
									goto L24;
								}
								__eflags =  *(_t466 - 0x14) - _t380;
								if( *(_t466 - 0x14) == _t380) {
									goto L21;
								}
								goto L20;
							}
							 *(_t466 - 4) = 3;
							E00404320(_t466 - 0x98);
							 *(_t466 - 4) = 2;
							E00404320(_t466 - 0xbc);
							_t71 = _t466 - 4;
							 *_t71 =  *(_t466 - 4) & 0x00000000;
							__eflags =  *_t71;
							E00404320(_t466 - 0xd0);
							 *((intOrPtr*)(_t466 - 0x48)) = 0x41b840;
							 *(_t466 - 4) = 5;
							goto L17;
						} else {
							goto L13;
						}
						do {
							L13:
							E0040A528(_t464 + 0x50, 1);
							E00409898(_t466 - 0xd0, E0040C047( *((intOrPtr*)( *((intOrPtr*)(_t464 + 0x48)) +  *(_t466 + 8) * 4))), _t447);
							E0040C1D9(_t466 - 0xbc,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t464 + 0x48)) +  *(_t466 + 8) * 4)) + 0x54)));
							E0040A528(_t466 - 0x98,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t464 + 0x48)) +  *(_t466 + 8) * 4)) + 0x50)));
							 *(_t466 + 8) =  *(_t466 + 8) + 1;
							__eflags =  *(_t466 + 8) -  *((intOrPtr*)(_t464 + 0x44));
						} while ( *(_t466 + 8) <  *((intOrPtr*)(_t464 + 0x44)));
						L14:
						_t380 = 0;
						__eflags = 0;
						goto L15;
					}
					__eflags =  *(_t466 - 0x14) - _t380;
					if( *(_t466 - 0x14) != _t380) {
						goto L12;
					}
					_t383 = _t464 + 0x148;
					E0040E654(_t460, _t447, _t466 - 0x48, _t383, _t464, _t464 + 0x14, _t464 + 0x28, _t464 + 0x3c, _t464 + 0x50, _t466 - 0xd0, _t466 - 0xbc, _t466 - 0x98); // executed
					 *_t383 =  *_t383 +  *((intOrPtr*)(_t464 + 0x140));
					asm("adc [ebx+0x4], ecx");
					 *(_t466 - 0x18) = E0040D9CB( *((intOrPtr*)(_t460 + 0x18)), _t447);
					 *(_t466 - 0x14) = _t447;
					goto L14;
				} else {
					_t474 =  *(_t466 - 0x14) - _t380;
					if( *(_t466 - 0x14) != _t380) {
						goto L9;
					}
					_t384 = _t464 + 0x150;
					_push(_t466 - 0x48);
					_push(_t384);
					_push( *((intOrPtr*)(_t464 + 0x144)));
					_push( *((intOrPtr*)(_t464 + 0x140)));
					_t373 = E0040E7F4(_t460, _t447, _t474);
					if(_t373 == 0) {
						 *_t384 =  *_t384 +  *((intOrPtr*)(_t464 + 0x140));
						asm("adc [ebx+0x4], ecx");
						 *(_t466 - 0x18) = E0040D9CB( *((intOrPtr*)(_t460 + 0x18)), _t447);
						 *(_t466 - 0x14) = _t447;
						_t380 = 0;
						__eflags = 0;
						goto L9;
					}
					 *((intOrPtr*)(_t466 - 0x48)) = 0x41b840;
					 *(_t466 - 4) = 1;
					_t380 = _t373;
					L17:
					E00404349();
					 *(_t466 - 4) =  *(_t466 - 4) | 0xffffffff;
					E00404320(_t466 - 0x48);
					_t322 = _t380;
					L86:
					 *[fs:0x0] =  *((intOrPtr*)(_t466 - 0xc));
					return _t322;
				}
			}































                                                                                                                                                                    0x0040eb99
                                                                                                                                                                    0x0040eb9e
                                                                                                                                                                    0x0040ebac
                                                                                                                                                                    0x0040ebb1
                                                                                                                                                                    0x0040ebb6
                                                                                                                                                                    0x0040ebbc
                                                                                                                                                                    0x0040ebbf
                                                                                                                                                                    0x0040ebc2
                                                                                                                                                                    0x0040ebe8
                                                                                                                                                                    0x0040ebe8
                                                                                                                                                                    0x0040ebc4
                                                                                                                                                                    0x0040ebc4
                                                                                                                                                                    0x0040ebc8
                                                                                                                                                                    0x0040ebd3
                                                                                                                                                                    0x0040ebe0
                                                                                                                                                                    0x0040ebe3
                                                                                                                                                                    0x0040ebe3
                                                                                                                                                                    0x0040ebc8
                                                                                                                                                                    0x0040ebed
                                                                                                                                                                    0x0040ebf2
                                                                                                                                                                    0x0040ebfd
                                                                                                                                                                    0x0040ec00
                                                                                                                                                                    0x0040ec5f
                                                                                                                                                                    0x0040ec67
                                                                                                                                                                    0x0040ec6c
                                                                                                                                                                    0x0040ec7e
                                                                                                                                                                    0x0040ec83
                                                                                                                                                                    0x0040ec95
                                                                                                                                                                    0x0040ec9a
                                                                                                                                                                    0x0040eca4
                                                                                                                                                                    0x0040eca8
                                                                                                                                                                    0x0040ecac
                                                                                                                                                                    0x0040ed0c
                                                                                                                                                                    0x0040ed0c
                                                                                                                                                                    0x0040ed0f
                                                                                                                                                                    0x0040ed12
                                                                                                                                                                    0x0040ed65
                                                                                                                                                                    0x0040ed65
                                                                                                                                                                    0x0040ed68
                                                                                                                                                                    0x0040ed70
                                                                                                                                                                    0x0040ed73
                                                                                                                                                                    0x0040edcb
                                                                                                                                                                    0x0040edcf
                                                                                                                                                                    0x0040edd6
                                                                                                                                                                    0x0040edd6
                                                                                                                                                                    0x0040eddb
                                                                                                                                                                    0x0040ede7
                                                                                                                                                                    0x0040edea
                                                                                                                                                                    0x0040edef
                                                                                                                                                                    0x0040edf2
                                                                                                                                                                    0x0040edf4
                                                                                                                                                                    0x0040ee26
                                                                                                                                                                    0x0040ee2f
                                                                                                                                                                    0x0040ee34
                                                                                                                                                                    0x0040ee37
                                                                                                                                                                    0x0040ee42
                                                                                                                                                                    0x0040ee42
                                                                                                                                                                    0x0040ee47
                                                                                                                                                                    0x0040ee4a
                                                                                                                                                                    0x0040ee4c
                                                                                                                                                                    0x0040ee52
                                                                                                                                                                    0x0040ee5d
                                                                                                                                                                    0x0040ee5d
                                                                                                                                                                    0x0040ee52
                                                                                                                                                                    0x0040ee62
                                                                                                                                                                    0x0040ee65
                                                                                                                                                                    0x0040ee68
                                                                                                                                                                    0x0040ee6b
                                                                                                                                                                    0x0040ee72
                                                                                                                                                                    0x0040ee79
                                                                                                                                                                    0x0040ee7f
                                                                                                                                                                    0x0040ee83
                                                                                                                                                                    0x0040ee8f
                                                                                                                                                                    0x0040ee90
                                                                                                                                                                    0x0040ee93
                                                                                                                                                                    0x0040ee96
                                                                                                                                                                    0x0040ee99
                                                                                                                                                                    0x0040ee9c
                                                                                                                                                                    0x0040eea2
                                                                                                                                                                    0x0040eea5
                                                                                                                                                                    0x0040eea8
                                                                                                                                                                    0x0040eeab
                                                                                                                                                                    0x0040eeae
                                                                                                                                                                    0x0040eeb1
                                                                                                                                                                    0x0040eeb5
                                                                                                                                                                    0x0040eeb8
                                                                                                                                                                    0x0040eebb
                                                                                                                                                                    0x0040eec0
                                                                                                                                                                    0x0040eec3
                                                                                                                                                                    0x0040eec5
                                                                                                                                                                    0x0040eec8
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040eed1
                                                                                                                                                                    0x0040eed6
                                                                                                                                                                    0x0040eed9
                                                                                                                                                                    0x0040eedc
                                                                                                                                                                    0x0040eedf
                                                                                                                                                                    0x0040eee5
                                                                                                                                                                    0x0040eee8
                                                                                                                                                                    0x0040f0f0
                                                                                                                                                                    0x0040f0f4
                                                                                                                                                                    0x0040f0f9
                                                                                                                                                                    0x0040f0f9
                                                                                                                                                                    0x0040f100
                                                                                                                                                                    0x0040f10f
                                                                                                                                                                    0x0040f10f
                                                                                                                                                                    0x0040f118
                                                                                                                                                                    0x0040f11b
                                                                                                                                                                    0x0040f126
                                                                                                                                                                    0x0040f126
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f126
                                                                                                                                                                    0x0040f11d
                                                                                                                                                                    0x0040f120
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f120
                                                                                                                                                                    0x0040f102
                                                                                                                                                                    0x0040f109
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f109
                                                                                                                                                                    0x0040eeee
                                                                                                                                                                    0x0040eefd
                                                                                                                                                                    0x0040ef00
                                                                                                                                                                    0x0040ef03
                                                                                                                                                                    0x0040ef06
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ef0c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f020
                                                                                                                                                                    0x0040f023
                                                                                                                                                                    0x0040f029
                                                                                                                                                                    0x0040f02e
                                                                                                                                                                    0x0040f031
                                                                                                                                                                    0x0040f033
                                                                                                                                                                    0x0040f035
                                                                                                                                                                    0x0040f048
                                                                                                                                                                    0x0040f048
                                                                                                                                                                    0x0040f04b
                                                                                                                                                                    0x0040f051
                                                                                                                                                                    0x0040f056
                                                                                                                                                                    0x0040f059
                                                                                                                                                                    0x0040f05c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f037
                                                                                                                                                                    0x0040f037
                                                                                                                                                                    0x0040f037
                                                                                                                                                                    0x0040f03a
                                                                                                                                                                    0x0040f03e
                                                                                                                                                                    0x0040f040
                                                                                                                                                                    0x0040f040
                                                                                                                                                                    0x0040f040
                                                                                                                                                                    0x0040f040
                                                                                                                                                                    0x0040f043
                                                                                                                                                                    0x0040f044
                                                                                                                                                                    0x0040f044
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f063
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f06b
                                                                                                                                                                    0x0040f06e
                                                                                                                                                                    0x0040f06f
                                                                                                                                                                    0x0040f074
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ef13
                                                                                                                                                                    0x0040ef25
                                                                                                                                                                    0x0040ef29
                                                                                                                                                                    0x0040ef2e
                                                                                                                                                                    0x0040ef32
                                                                                                                                                                    0x0040ef4c
                                                                                                                                                                    0x0040ef52
                                                                                                                                                                    0x0040ef56
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ef34
                                                                                                                                                                    0x0040ef34
                                                                                                                                                                    0x0040ef41
                                                                                                                                                                    0x0040ef46
                                                                                                                                                                    0x0040ef47
                                                                                                                                                                    0x0040ef47
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f086
                                                                                                                                                                    0x0040f089
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f08e
                                                                                                                                                                    0x0040f091
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f099
                                                                                                                                                                    0x0040f09c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ef60
                                                                                                                                                                    0x0040ef66
                                                                                                                                                                    0x0040ef6c
                                                                                                                                                                    0x0040ef72
                                                                                                                                                                    0x0040ef7c
                                                                                                                                                                    0x0040ef86
                                                                                                                                                                    0x0040ef89
                                                                                                                                                                    0x0040ef91
                                                                                                                                                                    0x0040ef93
                                                                                                                                                                    0x0040ef97
                                                                                                                                                                    0x0040ef9c
                                                                                                                                                                    0x0040efa3
                                                                                                                                                                    0x0040efa6
                                                                                                                                                                    0x0040efae
                                                                                                                                                                    0x0040efb2
                                                                                                                                                                    0x0040efb7
                                                                                                                                                                    0x0040efbb
                                                                                                                                                                    0x0040efea
                                                                                                                                                                    0x0040efea
                                                                                                                                                                    0x0040eff0
                                                                                                                                                                    0x0040eff4
                                                                                                                                                                    0x0040eff9
                                                                                                                                                                    0x0040efff
                                                                                                                                                                    0x0040f003
                                                                                                                                                                    0x0040f008
                                                                                                                                                                    0x0040f008
                                                                                                                                                                    0x0040f008
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040efbd
                                                                                                                                                                    0x0040efbd
                                                                                                                                                                    0x0040efbd
                                                                                                                                                                    0x0040efc0
                                                                                                                                                                    0x0040efc3
                                                                                                                                                                    0x0040efc9
                                                                                                                                                                    0x0040efcc
                                                                                                                                                                    0x0040efcf
                                                                                                                                                                    0x0040efd1
                                                                                                                                                                    0x0040efd4
                                                                                                                                                                    0x0040efd6
                                                                                                                                                                    0x0040efd9
                                                                                                                                                                    0x0040efde
                                                                                                                                                                    0x0040efe1
                                                                                                                                                                    0x0040efe1
                                                                                                                                                                    0x0040efe4
                                                                                                                                                                    0x0040efe5
                                                                                                                                                                    0x0040efe5
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f07b
                                                                                                                                                                    0x0040f07e
                                                                                                                                                                    0x0040f0a2
                                                                                                                                                                    0x0040f0a2
                                                                                                                                                                    0x0040f0a3
                                                                                                                                                                    0x0040f0a6
                                                                                                                                                                    0x0040f0a7
                                                                                                                                                                    0x0040f0a9
                                                                                                                                                                    0x0040f00a
                                                                                                                                                                    0x0040f00d
                                                                                                                                                                    0x0040f016
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f0b3
                                                                                                                                                                    0x0040f0b5
                                                                                                                                                                    0x0040f0b8
                                                                                                                                                                    0x0040f0bb
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f0bd
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f0c4
                                                                                                                                                                    0x0040f0c4
                                                                                                                                                                    0x0040f0c4
                                                                                                                                                                    0x0040f0c4
                                                                                                                                                                    0x0040f0c7
                                                                                                                                                                    0x0040f0cc
                                                                                                                                                                    0x0040f0ce
                                                                                                                                                                    0x0040f0d0
                                                                                                                                                                    0x0040f0d0
                                                                                                                                                                    0x0040f0d5
                                                                                                                                                                    0x0040f0d9
                                                                                                                                                                    0x0040f0dc
                                                                                                                                                                    0x0040f0df
                                                                                                                                                                    0x0040f0df
                                                                                                                                                                    0x0040f0e4
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f0e6
                                                                                                                                                                    0x0040f0e9
                                                                                                                                                                    0x0040f0e9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f0ee
                                                                                                                                                                    0x0040f0bf
                                                                                                                                                                    0x0040f0c2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ef0c
                                                                                                                                                                    0x0040eef0
                                                                                                                                                                    0x0040eef7
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040eef7
                                                                                                                                                                    0x0040f130
                                                                                                                                                                    0x0040f132
                                                                                                                                                                    0x0040f135
                                                                                                                                                                    0x0040f138
                                                                                                                                                                    0x0040f13b
                                                                                                                                                                    0x0040f13e
                                                                                                                                                                    0x0040f152
                                                                                                                                                                    0x0040f152
                                                                                                                                                                    0x0040f154
                                                                                                                                                                    0x0040f157
                                                                                                                                                                    0x0040f1f6
                                                                                                                                                                    0x0040f1f9
                                                                                                                                                                    0x0040f1fd
                                                                                                                                                                    0x0040f208
                                                                                                                                                                    0x0040f20c
                                                                                                                                                                    0x0040f214
                                                                                                                                                                    0x0040f218
                                                                                                                                                                    0x0040f223
                                                                                                                                                                    0x0040f227
                                                                                                                                                                    0x0040f232
                                                                                                                                                                    0x0040f236
                                                                                                                                                                    0x0040f23b
                                                                                                                                                                    0x0040f245
                                                                                                                                                                    0x0040f24a
                                                                                                                                                                    0x0040f254
                                                                                                                                                                    0x0040f25b
                                                                                                                                                                    0x0040f260
                                                                                                                                                                    0x0040f267
                                                                                                                                                                    0x0040f26c
                                                                                                                                                                    0x0040f26c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f15d
                                                                                                                                                                    0x0040f15d
                                                                                                                                                                    0x0040f15d
                                                                                                                                                                    0x0040f163
                                                                                                                                                                    0x0040f167
                                                                                                                                                                    0x0040f16a
                                                                                                                                                                    0x0040f16d
                                                                                                                                                                    0x0040f16f
                                                                                                                                                                    0x0040f172
                                                                                                                                                                    0x0040f1b3
                                                                                                                                                                    0x0040f1b6
                                                                                                                                                                    0x0040f1b9
                                                                                                                                                                    0x0040f1c0
                                                                                                                                                                    0x0040f1ca
                                                                                                                                                                    0x0040f1ca
                                                                                                                                                                    0x0040f1ca
                                                                                                                                                                    0x0040f1ce
                                                                                                                                                                    0x0040f1d0
                                                                                                                                                                    0x0040f1d3
                                                                                                                                                                    0x0040f1d6
                                                                                                                                                                    0x0040f174
                                                                                                                                                                    0x0040f174
                                                                                                                                                                    0x0040f181
                                                                                                                                                                    0x0040f185
                                                                                                                                                                    0x0040f18a
                                                                                                                                                                    0x0040f18f
                                                                                                                                                                    0x0040f198
                                                                                                                                                                    0x0040f19e
                                                                                                                                                                    0x0040f1ab
                                                                                                                                                                    0x0040f1ae
                                                                                                                                                                    0x0040f1ae
                                                                                                                                                                    0x0040f1d9
                                                                                                                                                                    0x0040f1dc
                                                                                                                                                                    0x0040f1e7
                                                                                                                                                                    0x0040f1e7
                                                                                                                                                                    0x0040f1ec
                                                                                                                                                                    0x0040f1ed
                                                                                                                                                                    0x0040f1ed
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f140
                                                                                                                                                                    0x0040f140
                                                                                                                                                                    0x0040f140
                                                                                                                                                                    0x0040f143
                                                                                                                                                                    0x0040f147
                                                                                                                                                                    0x0040f149
                                                                                                                                                                    0x0040f149
                                                                                                                                                                    0x0040f149
                                                                                                                                                                    0x0040f149
                                                                                                                                                                    0x0040f14c
                                                                                                                                                                    0x0040f14d
                                                                                                                                                                    0x0040f14d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f140
                                                                                                                                                                    0x0040edf6
                                                                                                                                                                    0x0040edf9
                                                                                                                                                                    0x0040ee04
                                                                                                                                                                    0x0040ee08
                                                                                                                                                                    0x0040ee0c
                                                                                                                                                                    0x0040ee17
                                                                                                                                                                    0x0040ee1b
                                                                                                                                                                    0x0040ee20
                                                                                                                                                                    0x0040ee20
                                                                                                                                                                    0x0040ee20
                                                                                                                                                                    0x0040ee23
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040edf9
                                                                                                                                                                    0x0040edd1
                                                                                                                                                                    0x0040edd4
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040edd4
                                                                                                                                                                    0x0040ed7b
                                                                                                                                                                    0x0040ed7f
                                                                                                                                                                    0x0040ed8a
                                                                                                                                                                    0x0040ed8e
                                                                                                                                                                    0x0040ed93
                                                                                                                                                                    0x0040ed93
                                                                                                                                                                    0x0040ed93
                                                                                                                                                                    0x0040ed9d
                                                                                                                                                                    0x0040eda2
                                                                                                                                                                    0x0040eda9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ed14
                                                                                                                                                                    0x0040ed14
                                                                                                                                                                    0x0040ed19
                                                                                                                                                                    0x0040ed36
                                                                                                                                                                    0x0040ed45
                                                                                                                                                                    0x0040ed53
                                                                                                                                                                    0x0040ed58
                                                                                                                                                                    0x0040ed5e
                                                                                                                                                                    0x0040ed5e
                                                                                                                                                                    0x0040ed63
                                                                                                                                                                    0x0040ed63
                                                                                                                                                                    0x0040ed63
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ed63
                                                                                                                                                                    0x0040ecae
                                                                                                                                                                    0x0040ecb1
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ecb9
                                                                                                                                                                    0x0040ece6
                                                                                                                                                                    0x0040ecf7
                                                                                                                                                                    0x0040ecf9
                                                                                                                                                                    0x0040ed04
                                                                                                                                                                    0x0040ed07
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ec02
                                                                                                                                                                    0x0040ec02
                                                                                                                                                                    0x0040ec05
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ec0a
                                                                                                                                                                    0x0040ec10
                                                                                                                                                                    0x0040ec11
                                                                                                                                                                    0x0040ec12
                                                                                                                                                                    0x0040ec1a
                                                                                                                                                                    0x0040ec20
                                                                                                                                                                    0x0040ec27
                                                                                                                                                                    0x0040ec4a
                                                                                                                                                                    0x0040ec4c
                                                                                                                                                                    0x0040ec57
                                                                                                                                                                    0x0040ec5a
                                                                                                                                                                    0x0040ec5d
                                                                                                                                                                    0x0040ec5d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ec5d
                                                                                                                                                                    0x0040ec29
                                                                                                                                                                    0x0040ec30
                                                                                                                                                                    0x0040ec37
                                                                                                                                                                    0x0040edb0
                                                                                                                                                                    0x0040edb3
                                                                                                                                                                    0x0040edb8
                                                                                                                                                                    0x0040edbf
                                                                                                                                                                    0x0040edc4
                                                                                                                                                                    0x0040f26e
                                                                                                                                                                    0x0040f274
                                                                                                                                                                    0x0040f27c
                                                                                                                                                                    0x0040f27c

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040EB9E
                                                                                                                                                                      • Part of subcall function 0040E770: __EH_prolog.LIBCMT ref: 0040E775
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: 4ee52160cf10c497289931bc5f7b4d1e285fcdeb904782406dbd320dcbc05257
                                                                                                                                                                    • Instruction ID: 765616d13d330a71392781af4293cea344630bd2be9376268a28767dce44cac6
                                                                                                                                                                    • Opcode Fuzzy Hash: 4ee52160cf10c497289931bc5f7b4d1e285fcdeb904782406dbd320dcbc05257
                                                                                                                                                                    • Instruction Fuzzy Hash: F6325C70900249DFCB24DFA5C880BEEBBB5BF55308F14847ED549B7282DB386A89CB55
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040888F, Relevance: 1.9, APIs: 1, Instructions: 374COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                                                    			E0040888F(intOrPtr __ecx) {
				intOrPtr _t181;
				signed int _t184;
				signed int* _t187;
				intOrPtr _t188;
				signed int* _t191;
				signed int* _t193;
				void* _t194;
				signed int* _t195;
				void* _t197;
				signed int* _t198;
				void* _t200;
				signed int* _t201;
				intOrPtr _t205;
				signed int* _t207;
				signed int* _t208;
				signed int* _t209;
				intOrPtr* _t213;
				intOrPtr* _t215;
				intOrPtr _t216;
				intOrPtr* _t217;
				intOrPtr* _t220;
				signed int* _t222;
				signed int* _t223;
				signed int* _t224;
				intOrPtr* _t232;
				signed int* _t234;
				signed int* _t235;
				signed int* _t236;
				intOrPtr* _t243;
				signed int* _t245;
				signed int* _t246;
				signed int* _t247;
				intOrPtr _t255;
				signed int _t266;
				signed int _t307;
				signed int _t313;
				intOrPtr _t317;
				signed int** _t319;
				intOrPtr _t320;
				void* _t322;

				E00413724(E0041990F, _t322);
				_push(_t313);
				 *((intOrPtr*)(_t322 - 0x20)) = __ecx;
				E0040887B(__ecx);
				if( *((intOrPtr*)( *((intOrPtr*)(_t322 + 0xc)) + 8)) < 0x20) {
					while(1) {
						_t317 =  *((intOrPtr*)(_t322 + 0xc));
						_t307 = 1;
						_t313 = _t313 | 0xffffffff;
						_t181 =  *((intOrPtr*)(_t317 + 8));
						 *(_t322 - 0x24) = _t313;
						if(_t181 < _t307) {
							goto L6;
						}
						L4:
						_t266 =  *( *((intOrPtr*)(_t322 - 0x20)) + 8);
						if(_t266 >= _t181) {
							L76:
							 *((char*)( *((intOrPtr*)(_t322 - 0x20)) + 0x30)) = _t266 & 0xffffff00 |  *( *((intOrPtr*)(_t322 - 0x20)) + 8) != 0x00000000;
							_t184 = 0;
							goto L77;
						}
						 *(_t322 - 0x24) =  *( *((intOrPtr*)(_t317 + 0xc)) + (_t181 - _t266) * 4 - 4);
						L7:
						if(_t266 != 0) {
							 *(_t322 - 0x38) = 0;
							 *((short*)(_t322 - 0x36)) = 0;
							_t319 =  *( *((intOrPtr*)( *((intOrPtr*)(_t322 - 0x20)) + 0xc)) + _t266 * 4 - 4);
							_t187 =  *_t319;
							 *(_t322 - 4) = _t307;
							_t188 =  *((intOrPtr*)( *_t187 + 0x20))(_t187, _t307, _t322 - 0x38);
							if(_t188 != 0) {
								L35:
								 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
								_t320 = _t188;
								E00405CD6(_t322 - 0x38);
								L71:
								_t184 = _t320;
								goto L77;
							}
							if( *(_t322 - 0x38) != 0x13) {
								L75:
								 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
								_t266 = _t322 - 0x38;
								E00405CD6(_t266);
								goto L76;
							}
							_t191 =  *_t319;
							_t313 =  *(_t322 - 0x30);
							_t188 =  *((intOrPtr*)( *_t191 + 0x14))(_t191, _t322 - 0x3c);
							if(_t188 != 0) {
								goto L35;
							}
							if(_t313 >=  *((intOrPtr*)(_t322 - 0x3c))) {
								goto L75;
							}
							 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
							E00405CD6(_t322 - 0x38);
							 *(_t322 - 0x10) = 0;
							_t193 =  *_t319;
							_t266 =  *_t193;
							 *(_t322 - 4) = 2;
							_t194 =  *_t266(_t193, 0x41b230, _t322 - 0x10);
							_t195 =  *(_t322 - 0x10);
							if(_t194 != 0 || _t195 == 0) {
								 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
								goto L52;
							} else {
								 *(_t322 - 0x14) = 0;
								_t266 =  *_t195;
								 *(_t322 - 4) = 3;
								_t197 =  *((intOrPtr*)(_t266 + 0xc))(_t195, _t313, _t322 - 0x14);
								_t198 =  *(_t322 - 0x14);
								if(_t197 != 0 || _t198 == 0) {
									 *(_t322 - 4) = 2;
									goto L49;
								} else {
									 *(_t322 - 0x18) = 0;
									_t266 =  *_t198;
									 *(_t322 - 4) = 4;
									_t200 =  *_t266(_t198, 0x41b300, _t322 - 0x18);
									_t201 =  *(_t322 - 0x18);
									if(_t200 != 0 || _t201 == 0) {
										 *(_t322 - 4) = 3;
										goto L46;
									} else {
										E00408CF4(_t322 - 0x78);
										_push(_t322 - 0x74);
										_push(_t313);
										 *(_t322 - 4) = 5;
										_t205 = E004081F4(_t319);
										 *((intOrPtr*)(_t322 - 0x28)) = _t205;
										if(_t205 != 0) {
											 *(_t322 - 4) = 4;
											E004038AB(_t322 - 0x78);
											_t207 =  *(_t322 - 0x18);
											 *(_t322 - 4) = 3;
											if(_t207 != 0) {
												 *((intOrPtr*)( *_t207 + 8))(_t207);
											}
											_t208 =  *(_t322 - 0x14);
											 *(_t322 - 4) = 2;
											if(_t208 != 0) {
												 *((intOrPtr*)( *_t208 + 8))(_t208);
											}
											_t209 =  *(_t322 - 0x10);
											 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
											if(_t209 != 0) {
												 *((intOrPtr*)( *_t209 + 8))(_t209);
											}
											_t184 =  *((intOrPtr*)(_t322 - 0x28));
											goto L77;
										}
										 *((intOrPtr*)(_t322 - 0x1c)) = 0;
										_t213 =  *((intOrPtr*)(_t322 + 0x1c));
										 *(_t322 - 4) = 6;
										 *((intOrPtr*)( *_t213))(_t213, 0x41b220, _t322 - 0x1c);
										_t215 =  *((intOrPtr*)(_t322 - 0x1c));
										if(_t215 != 0) {
											 *((intOrPtr*)( *_t215 + 0xc))(_t215,  *((intOrPtr*)(_t322 - 0x74)));
										}
										 *(_t322 - 0x58) = _t313;
										_t216 = E004083AB(_t322 - 0x78,  *((intOrPtr*)(_t322 + 8)),  *(_t322 - 0x24),  *(_t322 - 0x18), 0,  *((intOrPtr*)(_t322 + 0x1c)));
										 *((intOrPtr*)(_t322 - 0x28)) = _t216;
										if(_t216 == 1) {
											_t217 =  *((intOrPtr*)(_t322 - 0x1c));
											 *(_t322 - 4) = 5;
											if(_t217 != 0) {
												 *((intOrPtr*)( *_t217 + 8))(_t217);
											}
											_t266 = _t322 - 0x78;
											 *(_t322 - 4) = 4;
											E004038AB(_t266);
											_t201 =  *(_t322 - 0x18);
											 *(_t322 - 4) = 3;
											L46:
											if(_t201 != 0) {
												_t266 =  *_t201;
												 *((intOrPtr*)(_t266 + 8))(_t201);
											}
											_t198 =  *(_t322 - 0x14);
											 *(_t322 - 4) = 2;
											L49:
											if(_t198 != 0) {
												_t266 =  *_t198;
												 *((intOrPtr*)(_t266 + 8))(_t198);
											}
											 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
											_t195 =  *(_t322 - 0x10);
											L52:
											if(_t195 != 0) {
												_t266 =  *_t195;
												 *((intOrPtr*)(_t266 + 8))(_t195);
											}
											goto L76;
										} else {
											if(_t216 != 0) {
												_t220 =  *((intOrPtr*)(_t322 - 0x1c));
												 *(_t322 - 4) = 5;
												if(_t220 != 0) {
													 *((intOrPtr*)( *_t220 + 8))(_t220);
												}
												 *(_t322 - 4) = 4;
												E004038AB(_t322 - 0x78);
												_t222 =  *(_t322 - 0x18);
												 *(_t322 - 4) = 3;
												if(_t222 != 0) {
													 *((intOrPtr*)( *_t222 + 8))(_t222);
												}
												_t223 =  *(_t322 - 0x14);
												 *(_t322 - 4) = 2;
												if(_t223 != 0) {
													 *((intOrPtr*)( *_t223 + 8))(_t223);
												}
												_t224 =  *(_t322 - 0x10);
												 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
												if(_t224 != 0) {
													 *((intOrPtr*)( *_t224 + 8))(_t224);
												}
												_t184 =  *((intOrPtr*)(_t322 - 0x28));
												goto L77;
											}
											_t320 = E00408313(_t319, _t313, _t322 - 0x54, _t322 - 0x4c);
											if(_t320 != 0) {
												_t232 =  *((intOrPtr*)(_t322 - 0x1c));
												 *(_t322 - 4) = 5;
												if(_t232 != 0) {
													 *((intOrPtr*)( *_t232 + 8))(_t232);
												}
												 *(_t322 - 4) = 4;
												E004038AB(_t322 - 0x78);
												_t234 =  *(_t322 - 0x18);
												 *(_t322 - 4) = 3;
												if(_t234 != 0) {
													 *((intOrPtr*)( *_t234 + 8))(_t234);
												}
												_t235 =  *(_t322 - 0x14);
												 *(_t322 - 4) = 2;
												if(_t235 != 0) {
													 *((intOrPtr*)( *_t235 + 8))(_t235);
												}
												_t236 =  *(_t322 - 0x10);
												 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
												if(_t236 != 0) {
													 *((intOrPtr*)( *_t236 + 8))(_t236);
												}
												goto L71;
											}
											_push(_t322 - 0x78);
											E00409177( *((intOrPtr*)(_t322 - 0x20)));
											_t243 =  *((intOrPtr*)(_t322 - 0x1c));
											 *(_t322 - 4) = 5;
											if(_t243 != 0) {
												 *((intOrPtr*)( *_t243 + 8))(_t243);
											}
											 *(_t322 - 4) = 4;
											E004038AB(_t322 - 0x78);
											_t245 =  *(_t322 - 0x18);
											 *(_t322 - 4) = 3;
											if(_t245 != 0) {
												 *((intOrPtr*)( *_t245 + 8))(_t245);
											}
											_t246 =  *(_t322 - 0x14);
											 *(_t322 - 4) = 2;
											if(_t246 != 0) {
												 *((intOrPtr*)( *_t246 + 8))(_t246);
											}
											_t247 =  *(_t322 - 0x10);
											 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
											if(_t247 != 0) {
												 *((intOrPtr*)( *_t247 + 8))(_t247);
											}
											while(1) {
												_t317 =  *((intOrPtr*)(_t322 + 0xc));
												_t307 = 1;
												_t313 = _t313 | 0xffffffff;
												_t181 =  *((intOrPtr*)(_t317 + 8));
												 *(_t322 - 0x24) = _t313;
												if(_t181 < _t307) {
													goto L6;
												}
												goto L4;
											}
										}
									}
								}
							}
						}
						E00408CF4(_t322 - 0xb4);
						 *(_t322 - 4) = 0;
						E00401DAF(_t322 - 0xb0,  *((intOrPtr*)(_t322 + 0x18)));
						 *(_t322 - 0x94) = _t313;
						_t255 = E00408755(_t322 - 0xb4,  *((intOrPtr*)(_t322 + 8)),  *(_t322 - 0x24),  *((intOrPtr*)(_t322 + 0x10)),  *((intOrPtr*)(_t322 + 0x14)),  *((intOrPtr*)(_t322 + 0x1c))); // executed
						_t320 = _t255;
						if(_t320 != 0) {
							 *(_t322 - 4) = _t313;
							E004038AB(_t322 - 0xb4);
							goto L71;
						}
						_push(_t322 - 0xb4);
						E00409177( *((intOrPtr*)(_t322 - 0x20)));
						 *(_t322 - 4) = _t313;
						E004038AB(_t322 - 0xb4);
						continue;
						L6:
						_t266 =  *( *((intOrPtr*)(_t322 - 0x20)) + 8);
						if(_t266 >= 0x20) {
							goto L76;
						}
						goto L7;
					}
				} else {
					_t184 = 0x80004001;
					L77:
					 *[fs:0x0] =  *((intOrPtr*)(_t322 - 0xc));
					return _t184;
				}
			}











































                                                                                                                                                                    0x00408894
                                                                                                                                                                    0x004088a1
                                                                                                                                                                    0x004088a2
                                                                                                                                                                    0x004088a5
                                                                                                                                                                    0x004088b3
                                                                                                                                                                    0x004088c1
                                                                                                                                                                    0x004088c1
                                                                                                                                                                    0x004088c6
                                                                                                                                                                    0x004088c7
                                                                                                                                                                    0x004088ca
                                                                                                                                                                    0x004088cd
                                                                                                                                                                    0x004088d2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004088d4
                                                                                                                                                                    0x004088d7
                                                                                                                                                                    0x004088dc
                                                                                                                                                                    0x00408cd5
                                                                                                                                                                    0x00408cde
                                                                                                                                                                    0x00408ce1
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408ce1
                                                                                                                                                                    0x004088eb
                                                                                                                                                                    0x004088ff
                                                                                                                                                                    0x00408901
                                                                                                                                                                    0x0040896e
                                                                                                                                                                    0x00408972
                                                                                                                                                                    0x00408979
                                                                                                                                                                    0x0040897d
                                                                                                                                                                    0x00408987
                                                                                                                                                                    0x0040898a
                                                                                                                                                                    0x0040898f
                                                                                                                                                                    0x00408b4f
                                                                                                                                                                    0x00408b4f
                                                                                                                                                                    0x00408b56
                                                                                                                                                                    0x00408b58
                                                                                                                                                                    0x00408caa
                                                                                                                                                                    0x00408caa
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408caa
                                                                                                                                                                    0x0040899a
                                                                                                                                                                    0x00408cc9
                                                                                                                                                                    0x00408cc9
                                                                                                                                                                    0x00408ccd
                                                                                                                                                                    0x00408cd0
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408cd0
                                                                                                                                                                    0x004089a0
                                                                                                                                                                    0x004089a2
                                                                                                                                                                    0x004089ac
                                                                                                                                                                    0x004089b1
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004089ba
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004089c0
                                                                                                                                                                    0x004089c7
                                                                                                                                                                    0x004089cc
                                                                                                                                                                    0x004089cf
                                                                                                                                                                    0x004089da
                                                                                                                                                                    0x004089dd
                                                                                                                                                                    0x004089e4
                                                                                                                                                                    0x004089e8
                                                                                                                                                                    0x004089eb
                                                                                                                                                                    0x00408cc0
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004089f9
                                                                                                                                                                    0x004089f9
                                                                                                                                                                    0x004089fc
                                                                                                                                                                    0x00408a04
                                                                                                                                                                    0x00408a08
                                                                                                                                                                    0x00408a0d
                                                                                                                                                                    0x00408a10
                                                                                                                                                                    0x00408cb7
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408a1e
                                                                                                                                                                    0x00408a1e
                                                                                                                                                                    0x00408a21
                                                                                                                                                                    0x00408a2d
                                                                                                                                                                    0x00408a31
                                                                                                                                                                    0x00408a35
                                                                                                                                                                    0x00408a38
                                                                                                                                                                    0x00408cae
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408a46
                                                                                                                                                                    0x00408a49
                                                                                                                                                                    0x00408a53
                                                                                                                                                                    0x00408a54
                                                                                                                                                                    0x00408a55
                                                                                                                                                                    0x00408a59
                                                                                                                                                                    0x00408a60
                                                                                                                                                                    0x00408a63
                                                                                                                                                                    0x00408b65
                                                                                                                                                                    0x00408b69
                                                                                                                                                                    0x00408b6e
                                                                                                                                                                    0x00408b71
                                                                                                                                                                    0x00408b77
                                                                                                                                                                    0x00408b7c
                                                                                                                                                                    0x00408b7c
                                                                                                                                                                    0x00408b7f
                                                                                                                                                                    0x00408b82
                                                                                                                                                                    0x00408b88
                                                                                                                                                                    0x00408b8d
                                                                                                                                                                    0x00408b8d
                                                                                                                                                                    0x00408b90
                                                                                                                                                                    0x00408b93
                                                                                                                                                                    0x00408b99
                                                                                                                                                                    0x00408b9e
                                                                                                                                                                    0x00408b9e
                                                                                                                                                                    0x00408ba1
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408ba1
                                                                                                                                                                    0x00408a69
                                                                                                                                                                    0x00408a6c
                                                                                                                                                                    0x00408a7b
                                                                                                                                                                    0x00408a7f
                                                                                                                                                                    0x00408a81
                                                                                                                                                                    0x00408a86
                                                                                                                                                                    0x00408a8e
                                                                                                                                                                    0x00408a8e
                                                                                                                                                                    0x00408a97
                                                                                                                                                                    0x00408aa4
                                                                                                                                                                    0x00408aac
                                                                                                                                                                    0x00408aaf
                                                                                                                                                                    0x00408ba9
                                                                                                                                                                    0x00408bac
                                                                                                                                                                    0x00408bb2
                                                                                                                                                                    0x00408bb7
                                                                                                                                                                    0x00408bb7
                                                                                                                                                                    0x00408bba
                                                                                                                                                                    0x00408bbd
                                                                                                                                                                    0x00408bc1
                                                                                                                                                                    0x00408bc6
                                                                                                                                                                    0x00408bc9
                                                                                                                                                                    0x00408bcd
                                                                                                                                                                    0x00408bcf
                                                                                                                                                                    0x00408bd1
                                                                                                                                                                    0x00408bd4
                                                                                                                                                                    0x00408bd4
                                                                                                                                                                    0x00408bd7
                                                                                                                                                                    0x00408bda
                                                                                                                                                                    0x00408bde
                                                                                                                                                                    0x00408be0
                                                                                                                                                                    0x00408be2
                                                                                                                                                                    0x00408be5
                                                                                                                                                                    0x00408be5
                                                                                                                                                                    0x00408be8
                                                                                                                                                                    0x00408bec
                                                                                                                                                                    0x00408bef
                                                                                                                                                                    0x00408bf1
                                                                                                                                                                    0x00408bf7
                                                                                                                                                                    0x00408bfa
                                                                                                                                                                    0x00408bfa
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408ab5
                                                                                                                                                                    0x00408ab7
                                                                                                                                                                    0x00408c02
                                                                                                                                                                    0x00408c05
                                                                                                                                                                    0x00408c0b
                                                                                                                                                                    0x00408c10
                                                                                                                                                                    0x00408c10
                                                                                                                                                                    0x00408c16
                                                                                                                                                                    0x00408c1a
                                                                                                                                                                    0x00408c1f
                                                                                                                                                                    0x00408c22
                                                                                                                                                                    0x00408c28
                                                                                                                                                                    0x00408c2d
                                                                                                                                                                    0x00408c2d
                                                                                                                                                                    0x00408c30
                                                                                                                                                                    0x00408c33
                                                                                                                                                                    0x00408c39
                                                                                                                                                                    0x00408c3e
                                                                                                                                                                    0x00408c3e
                                                                                                                                                                    0x00408c41
                                                                                                                                                                    0x00408c44
                                                                                                                                                                    0x00408c4a
                                                                                                                                                                    0x00408c4f
                                                                                                                                                                    0x00408c4f
                                                                                                                                                                    0x00408c52
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408c52
                                                                                                                                                                    0x00408acd
                                                                                                                                                                    0x00408ad1
                                                                                                                                                                    0x00408c5a
                                                                                                                                                                    0x00408c5d
                                                                                                                                                                    0x00408c63
                                                                                                                                                                    0x00408c68
                                                                                                                                                                    0x00408c68
                                                                                                                                                                    0x00408c6e
                                                                                                                                                                    0x00408c72
                                                                                                                                                                    0x00408c77
                                                                                                                                                                    0x00408c7a
                                                                                                                                                                    0x00408c80
                                                                                                                                                                    0x00408c85
                                                                                                                                                                    0x00408c85
                                                                                                                                                                    0x00408c88
                                                                                                                                                                    0x00408c8b
                                                                                                                                                                    0x00408c91
                                                                                                                                                                    0x00408c96
                                                                                                                                                                    0x00408c96
                                                                                                                                                                    0x00408c99
                                                                                                                                                                    0x00408c9c
                                                                                                                                                                    0x00408ca2
                                                                                                                                                                    0x00408ca7
                                                                                                                                                                    0x00408ca7
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408ca2
                                                                                                                                                                    0x00408add
                                                                                                                                                                    0x00408ade
                                                                                                                                                                    0x00408ae3
                                                                                                                                                                    0x00408ae6
                                                                                                                                                                    0x00408aec
                                                                                                                                                                    0x00408af1
                                                                                                                                                                    0x00408af1
                                                                                                                                                                    0x00408af7
                                                                                                                                                                    0x00408afb
                                                                                                                                                                    0x00408b00
                                                                                                                                                                    0x00408b03
                                                                                                                                                                    0x00408b09
                                                                                                                                                                    0x00408b0e
                                                                                                                                                                    0x00408b0e
                                                                                                                                                                    0x00408b11
                                                                                                                                                                    0x00408b14
                                                                                                                                                                    0x00408b1a
                                                                                                                                                                    0x00408b1f
                                                                                                                                                                    0x00408b1f
                                                                                                                                                                    0x00408b22
                                                                                                                                                                    0x00408b25
                                                                                                                                                                    0x00408b2b
                                                                                                                                                                    0x00408b34
                                                                                                                                                                    0x00408b34
                                                                                                                                                                    0x004088c1
                                                                                                                                                                    0x004088c1
                                                                                                                                                                    0x004088c6
                                                                                                                                                                    0x004088c7
                                                                                                                                                                    0x004088ca
                                                                                                                                                                    0x004088cd
                                                                                                                                                                    0x004088d2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004088d2
                                                                                                                                                                    0x004088c1
                                                                                                                                                                    0x00408aaf
                                                                                                                                                                    0x00408a38
                                                                                                                                                                    0x00408a10
                                                                                                                                                                    0x004089eb
                                                                                                                                                                    0x00408909
                                                                                                                                                                    0x00408917
                                                                                                                                                                    0x0040891a
                                                                                                                                                                    0x00408928
                                                                                                                                                                    0x0040893a
                                                                                                                                                                    0x0040893f
                                                                                                                                                                    0x00408943
                                                                                                                                                                    0x00408b42
                                                                                                                                                                    0x00408b45
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408b45
                                                                                                                                                                    0x00408952
                                                                                                                                                                    0x00408953
                                                                                                                                                                    0x0040895e
                                                                                                                                                                    0x00408961
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004088f0
                                                                                                                                                                    0x004088f3
                                                                                                                                                                    0x004088f9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004088f9
                                                                                                                                                                    0x004088b5
                                                                                                                                                                    0x004088b5
                                                                                                                                                                    0x00408ce3
                                                                                                                                                                    0x00408ce9
                                                                                                                                                                    0x00408cf1
                                                                                                                                                                    0x00408cf1

                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: f8f61f009d3daf8c2db6a732b574bcd6eafb3dea196858b7c2c201f5376d76a6
                                                                                                                                                                    • Instruction ID: dff2ad87a4df39db6f8fa6ff6a697358cee08fb6a23258ae47e5232e80a59da3
                                                                                                                                                                    • Opcode Fuzzy Hash: f8f61f009d3daf8c2db6a732b574bcd6eafb3dea196858b7c2c201f5376d76a6
                                                                                                                                                                    • Instruction Fuzzy Hash: FFE16E70904249DFDF10DFA4C988AAEBBB4AF48314F2444AEE556F7391CB389E45CB25
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040E7F4, Relevance: 1.8, APIs: 1, Instructions: 255COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                                    			E0040E7F4(intOrPtr* __ecx, signed int __edx, void* __eflags) {
				intOrPtr _t191;
				intOrPtr* _t197;
				intOrPtr _t202;
				void* _t220;
				void* _t227;
				intOrPtr _t267;
				signed int _t271;
				intOrPtr* _t273;
				intOrPtr* _t277;
				intOrPtr* _t279;
				intOrPtr* _t283;
				void* _t284;
				void* _t289;

				_t289 = __eflags;
				_t271 = __edx;
				E00413724(E0041A515, _t284);
				_t273 = __ecx;
				E00403291(_t284 - 0x5c, 8);
				 *((intOrPtr*)(_t284 - 0x5c)) = 0x41b69c;
				 *(_t284 - 4) =  *(_t284 - 4) & 0x00000000;
				E00403291(_t284 - 0xd8, 1);
				 *((intOrPtr*)(_t284 - 0xd8)) = 0x41b754;
				E00403291(_t284 - 0xc4, 4);
				 *((intOrPtr*)(_t284 - 0xc4)) = 0x41b68c;
				 *(_t284 - 4) = 2;
				E00402172(_t284 - 0x30);
				 *((intOrPtr*)(_t284 - 0x30)) = 0x41b804;
				E00403291(_t284 - 0x84, 4);
				 *((intOrPtr*)(_t284 - 0x84)) = 0x41b68c;
				E00403291(_t284 - 0x9c, 8);
				 *((intOrPtr*)(_t284 - 0x9c)) = 0x41b69c;
				E00403291(_t284 - 0xb0, 1);
				 *((intOrPtr*)(_t284 - 0xb0)) = 0x41b754;
				E00403291(_t284 - 0x70, 4);
				 *((intOrPtr*)(_t284 - 0x70)) = 0x41b68c;
				_t277 =  *((intOrPtr*)(_t284 + 0x10));
				 *(_t284 - 4) = 7;
				E0040E654(__ecx, __edx, 0, _t277, _t284 - 0x5c, _t284 - 0xd8, _t284 - 0xc4, _t284 - 0x30, _t284 - 0x84, _t284 - 0x9c, _t284 - 0xb0, _t284 - 0x70);
				 *(_t284 - 0x14) =  *(_t284 - 0x14) & 0x00000000;
				E0040AA56(_t284 - 0x164, _t289, 1);
				_t227 =  *_t277 +  *((intOrPtr*)(_t284 + 8));
				asm("adc esi, [ebp+0xc]");
				 *(_t284 + 0xc) =  *(_t284 + 0xc) & 0x00000000;
				 *((intOrPtr*)(_t284 - 0x34)) =  *((intOrPtr*)(_t277 + 4));
				if( *((intOrPtr*)(_t284 - 0x28)) <= 0) {
					L17:
					 *(_t284 - 4) = 7;
					E0040C146(_t284 - 0x164, _t301); // executed
					 *(_t284 - 4) = 6;
					E00404320(_t284 - 0x70);
					 *(_t284 - 4) = 5;
					E00404320(_t284 - 0xb0);
					 *(_t284 - 4) = 4;
					E00404320(_t284 - 0x9c);
					 *(_t284 - 4) = 3;
					E00404320(_t284 - 0x84);
					 *((intOrPtr*)(_t284 - 0x30)) = 0x41b804;
					 *(_t284 - 4) = 0xc;
					_t279 = 0;
					L18:
					E00404349();
					 *(_t284 - 4) = 2;
					E00404320(_t284 - 0x30);
					 *(_t284 - 4) = 1;
					E00404320(_t284 - 0xc4);
					 *(_t284 - 4) =  *(_t284 - 4) & 0x00000000;
					E00404320(_t284 - 0xd8);
					 *(_t284 - 4) =  *(_t284 - 4) | 0xffffffff;
					E00404320(_t284 - 0x5c);
					 *[fs:0x0] =  *((intOrPtr*)(_t284 - 0xc));
					return _t279;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					 *(_t284 - 0x40) =  *(_t284 - 0x40) & 0x00000000;
					 *(_t284 - 0x3c) =  *(_t284 - 0x3c) & 0x00000000;
					 *((intOrPtr*)(_t284 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(_t284 - 0x24)) +  *(_t284 + 0xc) * 4));
					 *((intOrPtr*)(_t284 - 0x44)) = 0x41b824;
					_push(_t284 - 0x44);
					 *(_t284 - 4) = 9;
					E0040F836( *((intOrPtr*)(_t284 + 0x14)));
					 *(_t284 - 4) = 8;
					 *((intOrPtr*)(_t284 - 0x44)) = 0x41b824;
					E00403A63( *(_t284 - 0x3c));
					_t191 =  *((intOrPtr*)(_t284 + 0x14));
					_t282 =  *( *((intOrPtr*)(_t191 + 0xc)) +  *(_t191 + 8) * 4 - 4);
					 *(_t284 - 0x10) =  *( *((intOrPtr*)(_t191 + 0xc)) +  *(_t191 + 8) * 4 - 4);
					 *(_t284 - 0x1c) = E0040C047( *((intOrPtr*)(_t284 + 0x10)));
					_t256 =  *(_t284 - 0x1c);
					if( *(_t284 - 0x1c) !=  *(_t284 - 0x1c) || 0 != _t271) {
						E0040D91E(_t256);
					}
					E004075EF(_t282,  *(_t284 - 0x1c));
					_push(0x14);
					_t197 = E00403A3D();
					_t283 = 0;
					if(_t197 != 0) {
						 *((intOrPtr*)(_t197 + 4)) = 0;
						 *_t197 = 0x41b830;
						_t283 = _t197;
					}
					_t294 = _t283;
					 *((intOrPtr*)(_t284 - 0x88)) = _t283;
					if(_t283 != 0) {
						 *((intOrPtr*)( *_t283 + 4))(_t283);
					}
					_t271 =  *(_t284 - 0x14);
					 *(_t283 + 0x10) =  *(_t283 + 0x10) & 0x00000000;
					 *((intOrPtr*)(_t283 + 8)) =  *((intOrPtr*)( *(_t284 - 0x10) + 8));
					 *(_t284 - 4) = 0xa;
					 *(_t283 + 0xc) =  *(_t284 - 0x1c);
					_t202 = E0040AB05(_t284 - 0x164, _t294,  *_t273, _t227,  *((intOrPtr*)(_t284 - 0x34)),  *(_t284 - 0x50) + _t271 * 8,  *((intOrPtr*)(_t284 + 0x10)), _t283, 0); // executed
					 *((intOrPtr*)(_t284 - 0x48)) = _t202;
					if(_t202 != 0) {
						break;
					}
					if( *((char*)( *((intOrPtr*)(_t284 + 0x10)) + 0x54)) != 0) {
						_t271 =  *(_t284 - 0x1c);
						_t220 = E00413180( *((intOrPtr*)( *(_t284 - 0x10) + 8)), _t271);
						_t270 =  *((intOrPtr*)(_t284 + 0x10));
						if(_t220 !=  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0x10)) + 0x50))) {
							E0040D91E(_t270);
						}
					}
					 *(_t284 - 0x10) =  *(_t284 - 0x10) & 0x00000000;
					if( *((intOrPtr*)( *((intOrPtr*)(_t284 + 0x10)) + 0x30)) <= 0) {
						L14:
						 *(_t284 - 4) = 8;
						if(_t283 != 0) {
							 *((intOrPtr*)( *_t283 + 8))(_t283);
						}
						 *(_t284 + 0xc) =  *(_t284 + 0xc) + 1;
						_t301 =  *(_t284 + 0xc) -  *((intOrPtr*)(_t284 - 0x28));
						if( *(_t284 + 0xc) <  *((intOrPtr*)(_t284 - 0x28))) {
							continue;
						} else {
							goto L17;
						}
					} else {
						do {
							_t271 =  *(_t284 - 0x50);
							 *(_t284 - 0x14) =  *(_t284 - 0x14) + 1;
							_t267 =  *((intOrPtr*)(( *(_t284 - 0x14) << 3) + _t271));
							_t227 = _t227 + _t267;
							asm("adc [ebp-0x34], eax");
							 *((intOrPtr*)(_t273 + 0x50)) =  *((intOrPtr*)(_t273 + 0x50)) + _t267;
							asm("adc [edi+0x54], eax");
							 *(_t284 - 0x10) =  *(_t284 - 0x10) + 1;
						} while ( *(_t284 - 0x10) <  *((intOrPtr*)( *((intOrPtr*)(_t284 + 0x10)) + 0x30)));
						goto L14;
					}
				}
				__eflags = _t283;
				 *(_t284 - 4) = 8;
				if(__eflags != 0) {
					 *((intOrPtr*)( *_t283 + 8))(_t283);
				}
				 *(_t284 - 4) = 7;
				E0040C146(_t284 - 0x164, __eflags);
				 *(_t284 - 4) = 6;
				E00404320(_t284 - 0x70);
				 *(_t284 - 4) = 5;
				E00404320(_t284 - 0xb0);
				 *(_t284 - 4) = 4;
				E00404320(_t284 - 0x9c);
				 *(_t284 - 4) = 3;
				E00404320(_t284 - 0x84);
				 *((intOrPtr*)(_t284 - 0x30)) = 0x41b804;
				_t279 =  *((intOrPtr*)(_t284 - 0x48));
				 *(_t284 - 4) = 0xb;
				goto L18;
			}
















                                                                                                                                                                    0x0040e7f4
                                                                                                                                                                    0x0040e7f4
                                                                                                                                                                    0x0040e7f9
                                                                                                                                                                    0x0040e807
                                                                                                                                                                    0x0040e80e
                                                                                                                                                                    0x0040e813
                                                                                                                                                                    0x0040e81a
                                                                                                                                                                    0x0040e826
                                                                                                                                                                    0x0040e830
                                                                                                                                                                    0x0040e83e
                                                                                                                                                                    0x0040e848
                                                                                                                                                                    0x0040e851
                                                                                                                                                                    0x0040e855
                                                                                                                                                                    0x0040e85a
                                                                                                                                                                    0x0040e869
                                                                                                                                                                    0x0040e86e
                                                                                                                                                                    0x0040e87c
                                                                                                                                                                    0x0040e881
                                                                                                                                                                    0x0040e893
                                                                                                                                                                    0x0040e898
                                                                                                                                                                    0x0040e8a3
                                                                                                                                                                    0x0040e8a8
                                                                                                                                                                    0x0040e8ae
                                                                                                                                                                    0x0040e8e2
                                                                                                                                                                    0x0040e8e6
                                                                                                                                                                    0x0040e8eb
                                                                                                                                                                    0x0040e8f7
                                                                                                                                                                    0x0040e901
                                                                                                                                                                    0x0040e904
                                                                                                                                                                    0x0040e907
                                                                                                                                                                    0x0040e90f
                                                                                                                                                                    0x0040e912
                                                                                                                                                                    0x0040ea72
                                                                                                                                                                    0x0040ea78
                                                                                                                                                                    0x0040ea7c
                                                                                                                                                                    0x0040ea84
                                                                                                                                                                    0x0040ea88
                                                                                                                                                                    0x0040ea93
                                                                                                                                                                    0x0040ea97
                                                                                                                                                                    0x0040eaa2
                                                                                                                                                                    0x0040eaa6
                                                                                                                                                                    0x0040eab1
                                                                                                                                                                    0x0040eab5
                                                                                                                                                                    0x0040eaba
                                                                                                                                                                    0x0040eac1
                                                                                                                                                                    0x0040eac5
                                                                                                                                                                    0x0040eac7
                                                                                                                                                                    0x0040eaca
                                                                                                                                                                    0x0040ead2
                                                                                                                                                                    0x0040ead6
                                                                                                                                                                    0x0040eae1
                                                                                                                                                                    0x0040eae5
                                                                                                                                                                    0x0040eaea
                                                                                                                                                                    0x0040eaf4
                                                                                                                                                                    0x0040eaf9
                                                                                                                                                                    0x0040eb00
                                                                                                                                                                    0x0040eb0d
                                                                                                                                                                    0x0040eb15
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e918
                                                                                                                                                                    0x0040e918
                                                                                                                                                                    0x0040e91e
                                                                                                                                                                    0x0040e922
                                                                                                                                                                    0x0040e92e
                                                                                                                                                                    0x0040e931
                                                                                                                                                                    0x0040e93a
                                                                                                                                                                    0x0040e93b
                                                                                                                                                                    0x0040e93f
                                                                                                                                                                    0x0040e947
                                                                                                                                                                    0x0040e94b
                                                                                                                                                                    0x0040e94e
                                                                                                                                                                    0x0040e953
                                                                                                                                                                    0x0040e95d
                                                                                                                                                                    0x0040e964
                                                                                                                                                                    0x0040e96c
                                                                                                                                                                    0x0040e971
                                                                                                                                                                    0x0040e976
                                                                                                                                                                    0x0040e97c
                                                                                                                                                                    0x0040e97c
                                                                                                                                                                    0x0040e986
                                                                                                                                                                    0x0040e98b
                                                                                                                                                                    0x0040e98d
                                                                                                                                                                    0x0040e992
                                                                                                                                                                    0x0040e997
                                                                                                                                                                    0x0040e999
                                                                                                                                                                    0x0040e99c
                                                                                                                                                                    0x0040e9a2
                                                                                                                                                                    0x0040e9a2
                                                                                                                                                                    0x0040e9a4
                                                                                                                                                                    0x0040e9a6
                                                                                                                                                                    0x0040e9ac
                                                                                                                                                                    0x0040e9b1
                                                                                                                                                                    0x0040e9b1
                                                                                                                                                                    0x0040e9b7
                                                                                                                                                                    0x0040e9c0
                                                                                                                                                                    0x0040e9c7
                                                                                                                                                                    0x0040e9cd
                                                                                                                                                                    0x0040e9d1
                                                                                                                                                                    0x0040e9e8
                                                                                                                                                                    0x0040e9ef
                                                                                                                                                                    0x0040e9f2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e9ff
                                                                                                                                                                    0x0040ea04
                                                                                                                                                                    0x0040ea0a
                                                                                                                                                                    0x0040ea0f
                                                                                                                                                                    0x0040ea15
                                                                                                                                                                    0x0040ea17
                                                                                                                                                                    0x0040ea17
                                                                                                                                                                    0x0040ea15
                                                                                                                                                                    0x0040ea1f
                                                                                                                                                                    0x0040ea27
                                                                                                                                                                    0x0040ea55
                                                                                                                                                                    0x0040ea57
                                                                                                                                                                    0x0040ea5b
                                                                                                                                                                    0x0040ea60
                                                                                                                                                                    0x0040ea60
                                                                                                                                                                    0x0040ea63
                                                                                                                                                                    0x0040ea69
                                                                                                                                                                    0x0040ea6c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ea29
                                                                                                                                                                    0x0040ea29
                                                                                                                                                                    0x0040ea2c
                                                                                                                                                                    0x0040ea32
                                                                                                                                                                    0x0040ea35
                                                                                                                                                                    0x0040ea3c
                                                                                                                                                                    0x0040ea3e
                                                                                                                                                                    0x0040ea41
                                                                                                                                                                    0x0040ea44
                                                                                                                                                                    0x0040ea47
                                                                                                                                                                    0x0040ea50
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040ea29
                                                                                                                                                                    0x0040ea27
                                                                                                                                                                    0x0040eb18
                                                                                                                                                                    0x0040eb1a
                                                                                                                                                                    0x0040eb1e
                                                                                                                                                                    0x0040eb23
                                                                                                                                                                    0x0040eb23
                                                                                                                                                                    0x0040eb2c
                                                                                                                                                                    0x0040eb30
                                                                                                                                                                    0x0040eb38
                                                                                                                                                                    0x0040eb3c
                                                                                                                                                                    0x0040eb47
                                                                                                                                                                    0x0040eb4b
                                                                                                                                                                    0x0040eb56
                                                                                                                                                                    0x0040eb5a
                                                                                                                                                                    0x0040eb65
                                                                                                                                                                    0x0040eb69
                                                                                                                                                                    0x0040eb6e
                                                                                                                                                                    0x0040eb75
                                                                                                                                                                    0x0040eb78
                                                                                                                                                                    0x00000000

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040E7F9
                                                                                                                                                                      • Part of subcall function 0040F836: __EH_prolog.LIBCMT ref: 0040F83B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: 4738ff962e9785107ed31fe88165f1dee39d0e58e30ee903f6a79f5ae9fe48da
                                                                                                                                                                    • Instruction ID: 639e188e3e769c4c76ba7ddc7be71c767d86a570cac8f7036ff280b2304c1e48
                                                                                                                                                                    • Opcode Fuzzy Hash: 4738ff962e9785107ed31fe88165f1dee39d0e58e30ee903f6a79f5ae9fe48da
                                                                                                                                                                    • Instruction Fuzzy Hash: 5DC13670900259DFDB14DFA5C985BDEBBB4BF14308F1480AEE945B7282CB786A48CF65
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040F449, Relevance: 1.7, APIs: 1, Instructions: 207COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                                    			E0040F449(intOrPtr* __ecx, void* __eflags) {
				char* _t97;
				signed char _t104;
				intOrPtr* _t106;
				signed char _t108;
				void* _t114;
				void* _t118;
				signed char _t122;
				void* _t126;
				signed int _t139;
				intOrPtr* _t146;
				void* _t153;
				void* _t172;
				signed char _t175;
				intOrPtr _t177;
				intOrPtr* _t180;
				signed char _t182;
				void* _t183;
				void* _t194;
				void* _t196;

				E00413724(E0041A5E4, _t183);
				_t177 =  *((intOrPtr*)(_t183 + 8));
				_t180 = __ecx;
				E0040D14E(_t177);
				 *((intOrPtr*)(_t177 + 0x138)) =  *((intOrPtr*)(_t180 + 0x20));
				 *((intOrPtr*)(_t177 + 0x13c)) =  *((intOrPtr*)(_t180 + 0x24));
				_t97 = _t177 + 0x130;
				 *_t97 =  *((intOrPtr*)(_t180 + 0x36));
				_t145 =  *((intOrPtr*)(_t180 + 0x37));
				 *((char*)(_t177 + 0x131)) =  *((intOrPtr*)(_t180 + 0x37));
				if( *_t97 != 0) {
					E0040D91E(_t145);
				}
				_t146 = _t180 + 0x3c;
				 *((intOrPtr*)(_t183 + 8)) =  *((intOrPtr*)(_t180 + 0x38));
				_t139 =  *(_t180 + 0x48);
				 *((intOrPtr*)(_t183 - 0x18)) =  *_t146;
				 *((intOrPtr*)(_t183 - 0x14)) =  *((intOrPtr*)(_t146 + 4));
				 *(_t183 - 0x20) =  *(_t180 + 0x44);
				_t172 = 0x14;
				 *((intOrPtr*)(_t183 - 0x10)) =  *((intOrPtr*)(_t180 + 0x4c));
				if(E00413180(_t146, _t172) !=  *((intOrPtr*)(_t183 + 8))) {
					E0040D91E(_t146);
				}
				_t104 = 0;
				 *((intOrPtr*)(_t177 + 0x140)) =  *((intOrPtr*)(_t180 + 0x20)) + 0x20;
				asm("adc edx, eax");
				 *((intOrPtr*)(_t177 + 0x144)) =  *((intOrPtr*)(_t180 + 0x24));
				if(( *(_t183 - 0x20) | _t139) != 0) {
					if(_t139 > _t104 ||  *(_t183 - 0x20) > 0xffffffff) {
						L13:
						_t104 = 1;
					} else {
						_t194 =  *((intOrPtr*)(_t183 - 0x14)) - _t104;
						if(_t194 > 0 || _t194 >= 0 &&  *((intOrPtr*)(_t183 - 0x18)) >= _t104) {
							_t153 =  *((intOrPtr*)(_t177 + 0x140)) +  *((intOrPtr*)(_t183 - 0x18));
							asm("adc eax, [ebp-0x14]");
							_t196 =  *((intOrPtr*)(_t177 + 0x144)) -  *((intOrPtr*)(_t180 + 0x2c));
							if(_t196 < 0 || _t196 <= 0 && _t153 <=  *((intOrPtr*)(_t180 + 0x28))) {
								_t106 =  *_t180;
								_t104 =  *((intOrPtr*)( *_t106 + 0x10))(_t106,  *((intOrPtr*)(_t183 - 0x18)),  *((intOrPtr*)(_t183 - 0x14)), 1, 0);
								__eflags = _t104;
								if(_t104 == 0) {
									 *((intOrPtr*)(_t183 - 0x30)) = 0;
									 *((intOrPtr*)(_t183 - 0x2c)) = 0;
									 *((intOrPtr*)(_t183 - 0x34)) = 0x41b824;
									 *(_t183 - 4) = 0;
									E004075EF(_t183 - 0x34,  *(_t183 - 0x20));
									_t108 = E00407689(__eflags,  *(_t183 - 0x20));
									__eflags = _t108;
									if(_t108 == 0) {
										_t175 =  *(_t183 - 0x20);
										asm("adc ecx, 0x0");
										 *((intOrPtr*)(_t180 + 0x50)) =  *((intOrPtr*)(_t180 + 0x50)) + _t175 + 0x20;
										asm("adc [esi+0x54], ecx");
										_t159 =  *((intOrPtr*)(_t183 - 0x2c));
										asm("adc ebx, [ebp-0x14]");
										 *((intOrPtr*)(_t177 + 0x1c8)) = _t175 +  *((intOrPtr*)(_t183 - 0x18)) + 0x20;
										asm("adc ebx, 0x0");
										 *(_t177 + 0x1cc) = _t139;
										_t114 = E00413180( *((intOrPtr*)(_t183 - 0x2c)), _t175);
										__eflags = _t114 -  *((intOrPtr*)(_t183 - 0x10));
										if(_t114 !=  *((intOrPtr*)(_t183 - 0x10))) {
											E0040D91E(_t159);
										}
										 *(_t183 - 0x24) =  *(_t183 - 0x24) & 0x00000000;
										 *(_t183 - 4) = 1;
										E0040D8B9(_t180, _t183 - 0x34);
										E00403291(_t183 - 0x48, 4);
										 *((intOrPtr*)(_t183 - 0x48)) = 0x41b840;
										_t162 =  *((intOrPtr*)(_t180 + 0x18));
										 *(_t183 - 4) = 2;
										_t118 = E0040D9CB( *((intOrPtr*)(_t180 + 0x18)), _t175);
										__eflags = _t118 - 1;
										if(_t118 != 1) {
											L21:
											__eflags = _t118 - 0x17;
											if(_t118 != 0x17) {
												L23:
												E0040D91E(_t162);
											} else {
												__eflags = _t175;
												if(__eflags != 0) {
													goto L23;
												}
											}
											_t163 = _t180;
											_t122 = E0040E7F4(_t180, _t175, __eflags,  *((intOrPtr*)(_t177 + 0x140)),  *((intOrPtr*)(_t177 + 0x144)), _t177 + 0x150, _t183 - 0x48); // executed
											__eflags = _t122;
											if(_t122 == 0) {
												__eflags =  *(_t183 - 0x40);
												if( *(_t183 - 0x40) != 0) {
													__eflags =  *(_t183 - 0x40) - 1;
													if( *(_t183 - 0x40) > 1) {
														E0040D91E(_t163);
													}
													E0040D80B(_t183 - 0x28);
													E0040D8B9(_t180,  *((intOrPtr*)( *((intOrPtr*)(_t183 - 0x3c)))));
													_t166 =  *((intOrPtr*)(_t180 + 0x18));
													_t126 = E0040D9CB( *((intOrPtr*)(_t180 + 0x18)), _t175);
													__eflags = _t126 - 1;
													if(_t126 != 1) {
														L32:
														E0040D91E(_t166);
													} else {
														__eflags = _t175;
														if(_t175 != 0) {
															goto L32;
														}
													}
													goto L33;
												} else {
													 *((intOrPtr*)(_t183 - 0x48)) = 0x41b840;
													 *(_t183 - 4) = 4;
													_t182 = 0;
												}
											} else {
												 *((intOrPtr*)(_t183 - 0x48)) = 0x41b840;
												 *(_t183 - 4) = 3;
												goto L34;
											}
										} else {
											__eflags = _t175;
											if(_t175 == 0) {
												L33:
												 *((intOrPtr*)(_t177 + 0x1c0)) =  *((intOrPtr*)(_t180 + 0x50));
												 *((intOrPtr*)(_t177 + 0x1c4)) =  *((intOrPtr*)(_t180 + 0x54));
												_t122 = E0040EB99(_t180, _t175, _t177); // executed
												 *((intOrPtr*)(_t183 - 0x48)) = 0x41b840;
												 *(_t183 - 4) = 5;
												L34:
												_t182 = _t122;
											} else {
												goto L21;
											}
										}
										E00404349();
										 *(_t183 - 4) = 1;
										E00404320(_t183 - 0x48);
										_t86 = _t183 - 4;
										 *_t86 =  *(_t183 - 4) & 0x00000000;
										__eflags =  *_t86;
										E0040D80B(_t183 - 0x28);
									} else {
										_t182 = _t108;
									}
									 *((intOrPtr*)(_t183 - 0x34)) = 0x41b824;
									E00403A63( *((intOrPtr*)(_t183 - 0x2c)));
									_t104 = _t182;
								}
							} else {
								goto L13;
							}
						} else {
							goto L13;
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t183 - 0xc));
				return _t104;
			}






















                                                                                                                                                                    0x0040f44e
                                                                                                                                                                    0x0040f459
                                                                                                                                                                    0x0040f45c
                                                                                                                                                                    0x0040f460
                                                                                                                                                                    0x0040f468
                                                                                                                                                                    0x0040f471
                                                                                                                                                                    0x0040f47a
                                                                                                                                                                    0x0040f480
                                                                                                                                                                    0x0040f482
                                                                                                                                                                    0x0040f488
                                                                                                                                                                    0x0040f48e
                                                                                                                                                                    0x0040f490
                                                                                                                                                                    0x0040f490
                                                                                                                                                                    0x0040f498
                                                                                                                                                                    0x0040f49b
                                                                                                                                                                    0x0040f49e
                                                                                                                                                                    0x0040f4a5
                                                                                                                                                                    0x0040f4ab
                                                                                                                                                                    0x0040f4b1
                                                                                                                                                                    0x0040f4b7
                                                                                                                                                                    0x0040f4b8
                                                                                                                                                                    0x0040f4c3
                                                                                                                                                                    0x0040f4c5
                                                                                                                                                                    0x0040f4c5
                                                                                                                                                                    0x0040f4d5
                                                                                                                                                                    0x0040f4d6
                                                                                                                                                                    0x0040f4df
                                                                                                                                                                    0x0040f4e3
                                                                                                                                                                    0x0040f4e9
                                                                                                                                                                    0x0040f4f1
                                                                                                                                                                    0x0040f523
                                                                                                                                                                    0x0040f525
                                                                                                                                                                    0x0040f4f9
                                                                                                                                                                    0x0040f4f9
                                                                                                                                                                    0x0040f4fc
                                                                                                                                                                    0x0040f511
                                                                                                                                                                    0x0040f514
                                                                                                                                                                    0x0040f517
                                                                                                                                                                    0x0040f51a
                                                                                                                                                                    0x0040f52b
                                                                                                                                                                    0x0040f53a
                                                                                                                                                                    0x0040f53f
                                                                                                                                                                    0x0040f541
                                                                                                                                                                    0x0040f547
                                                                                                                                                                    0x0040f54a
                                                                                                                                                                    0x0040f54d
                                                                                                                                                                    0x0040f557
                                                                                                                                                                    0x0040f55d
                                                                                                                                                                    0x0040f56a
                                                                                                                                                                    0x0040f56f
                                                                                                                                                                    0x0040f571
                                                                                                                                                                    0x0040f57a
                                                                                                                                                                    0x0040f584
                                                                                                                                                                    0x0040f587
                                                                                                                                                                    0x0040f58c
                                                                                                                                                                    0x0040f592
                                                                                                                                                                    0x0040f595
                                                                                                                                                                    0x0040f59b
                                                                                                                                                                    0x0040f5a1
                                                                                                                                                                    0x0040f5a4
                                                                                                                                                                    0x0040f5aa
                                                                                                                                                                    0x0040f5af
                                                                                                                                                                    0x0040f5b2
                                                                                                                                                                    0x0040f5b4
                                                                                                                                                                    0x0040f5b4
                                                                                                                                                                    0x0040f5b9
                                                                                                                                                                    0x0040f5c5
                                                                                                                                                                    0x0040f5c9
                                                                                                                                                                    0x0040f5d3
                                                                                                                                                                    0x0040f5dd
                                                                                                                                                                    0x0040f5e0
                                                                                                                                                                    0x0040f5e3
                                                                                                                                                                    0x0040f5e7
                                                                                                                                                                    0x0040f5ec
                                                                                                                                                                    0x0040f5ef
                                                                                                                                                                    0x0040f5f9
                                                                                                                                                                    0x0040f5f9
                                                                                                                                                                    0x0040f5fc
                                                                                                                                                                    0x0040f602
                                                                                                                                                                    0x0040f602
                                                                                                                                                                    0x0040f5fe
                                                                                                                                                                    0x0040f5fe
                                                                                                                                                                    0x0040f600
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f600
                                                                                                                                                                    0x0040f60a
                                                                                                                                                                    0x0040f620
                                                                                                                                                                    0x0040f625
                                                                                                                                                                    0x0040f627
                                                                                                                                                                    0x0040f632
                                                                                                                                                                    0x0040f636
                                                                                                                                                                    0x0040f643
                                                                                                                                                                    0x0040f647
                                                                                                                                                                    0x0040f649
                                                                                                                                                                    0x0040f649
                                                                                                                                                                    0x0040f651
                                                                                                                                                                    0x0040f65f
                                                                                                                                                                    0x0040f664
                                                                                                                                                                    0x0040f667
                                                                                                                                                                    0x0040f66c
                                                                                                                                                                    0x0040f66f
                                                                                                                                                                    0x0040f675
                                                                                                                                                                    0x0040f675
                                                                                                                                                                    0x0040f671
                                                                                                                                                                    0x0040f671
                                                                                                                                                                    0x0040f673
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f673
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f638
                                                                                                                                                                    0x0040f638
                                                                                                                                                                    0x0040f63b
                                                                                                                                                                    0x0040f63f
                                                                                                                                                                    0x0040f63f
                                                                                                                                                                    0x0040f629
                                                                                                                                                                    0x0040f629
                                                                                                                                                                    0x0040f62c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f62c
                                                                                                                                                                    0x0040f5f1
                                                                                                                                                                    0x0040f5f1
                                                                                                                                                                    0x0040f5f3
                                                                                                                                                                    0x0040f67a
                                                                                                                                                                    0x0040f67e
                                                                                                                                                                    0x0040f689
                                                                                                                                                                    0x0040f68f
                                                                                                                                                                    0x0040f694
                                                                                                                                                                    0x0040f697
                                                                                                                                                                    0x0040f69b
                                                                                                                                                                    0x0040f69b
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f5f3
                                                                                                                                                                    0x0040f6a0
                                                                                                                                                                    0x0040f6a8
                                                                                                                                                                    0x0040f6ac
                                                                                                                                                                    0x0040f6b1
                                                                                                                                                                    0x0040f6b1
                                                                                                                                                                    0x0040f6b1
                                                                                                                                                                    0x0040f6b8
                                                                                                                                                                    0x0040f573
                                                                                                                                                                    0x0040f573
                                                                                                                                                                    0x0040f573
                                                                                                                                                                    0x0040f6c0
                                                                                                                                                                    0x0040f6c7
                                                                                                                                                                    0x0040f6cd
                                                                                                                                                                    0x0040f6cd
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040f4fc
                                                                                                                                                                    0x0040f4f1
                                                                                                                                                                    0x0040f6d5
                                                                                                                                                                    0x0040f6dd

                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: 9b629b237c488f6570121b27c448209f08593b0ec605445137fe85d2b2ac4caf
                                                                                                                                                                    • Instruction ID: 37dc011919f3b1358f9a833e213d0996983958fb9ee029613f358e4c9ba25a45
                                                                                                                                                                    • Opcode Fuzzy Hash: 9b629b237c488f6570121b27c448209f08593b0ec605445137fe85d2b2ac4caf
                                                                                                                                                                    • Instruction Fuzzy Hash: 3C815C70E00605ABCB24DFA5C881AEEFBB1BF48304F14453EE445B3791D739A949CB99
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00408D5E, Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                                    			E00408D5E(intOrPtr __ecx) {
				intOrPtr _t72;
				intOrPtr* _t78;
				intOrPtr* _t87;
				intOrPtr* _t109;
				signed int _t110;
				intOrPtr _t137;
				intOrPtr* _t140;
				void* _t142;

				E00413724(E00419976, _t142);
				_t137 = __ecx;
				_push(0x90);
				 *((intOrPtr*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				_t72 = E00403A3D();
				 *((intOrPtr*)(_t142 - 0x10)) = _t72;
				 *(_t142 - 4) = 0;
				if(_t72 == 0) {
					_t140 = 0;
					__eflags = 0;
				} else {
					_t140 = E00408F0B(_t72);
				}
				 *(_t142 - 4) =  *(_t142 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t142 - 0x10)) = _t140;
				if(_t140 != 0) {
					 *((intOrPtr*)( *_t140 + 4))(_t140);
				}
				 *((intOrPtr*)(_t140 + 0x7c)) =  *((intOrPtr*)(_t142 + 0x1c));
				 *(_t142 - 4) = 1;
				 *((intOrPtr*)(_t142 - 0x1c)) = 0;
				 *((intOrPtr*)(_t142 - 0x18)) = 0;
				 *((intOrPtr*)(_t142 - 0x14)) = 0;
				E0040218D(_t142 - 0x1c, 3);
				 *(_t142 - 4) = 2;
				 *((intOrPtr*)(_t142 - 0x28)) = 0;
				 *((intOrPtr*)(_t142 - 0x24)) = 0;
				 *((intOrPtr*)(_t142 - 0x20)) = 0;
				E0040218D(_t142 - 0x28, 3);
				 *(_t142 - 4) = 3;
				if( *((intOrPtr*)(_t142 + 0x14)) != 0) {
					L8:
					_t108 =  *((intOrPtr*)(_t142 + 0x18));
					_t31 = _t140 + 8; // 0x8
					 *((intOrPtr*)( *((intOrPtr*)(_t140 + 8)) + 0xc))(_t31,  *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x18)))));
				} else {
					_t150 =  *((char*)(_t142 + 0x10));
					if( *((char*)(_t142 + 0x10)) != 0) {
						goto L8;
					} else {
						_t108 =  *((intOrPtr*)(_t142 + 0x18));
						_push(_t142 - 0x28);
						E00405039( *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x18)))), _t142 - 0x1c, _t150);
						_push(_t142 - 0x28);
						_push(_t142 - 0x1c); // executed
						E00409070(_t140, _t150); // executed
					}
				}
				_t78 = E0040888F(_t137,  *((intOrPtr*)(_t142 + 8)),  *((intOrPtr*)(_t142 + 0xc)),  *((intOrPtr*)(_t142 + 0x10)),  *((intOrPtr*)(_t142 + 0x14)), _t108, _t140); // executed
				_t109 = _t78;
				if(_t109 == 0) {
					_push(_t142 - 0x28);
					_push(E00402635(_t142 - 0x34, _t142 - 0x1c));
					 *(_t142 - 4) = 4;
					E00403981(_t137 + 0x14);
					 *(_t142 - 4) = 3;
					E00403A63( *((intOrPtr*)(_t142 - 0x34)));
					_t110 = 0;
					__eflags =  *((intOrPtr*)(_t140 + 0x70));
					if( *((intOrPtr*)(_t140 + 0x70)) > 0) {
						do {
							_push( *((intOrPtr*)( *((intOrPtr*)(_t140 + 0x74)) + _t110 * 4)));
							_push(E00402635(_t142 - 0x34, _t142 - 0x1c));
							 *(_t142 - 4) = 5;
							E00403981(_t137 + 0x14);
							 *(_t142 - 4) = 3;
							E00403A63( *((intOrPtr*)(_t142 - 0x34)));
							_t110 = _t110 + 1;
							__eflags = _t110 -  *((intOrPtr*)(_t140 + 0x70));
						} while (_t110 <  *((intOrPtr*)(_t140 + 0x70)));
					}
					 *((intOrPtr*)(_t137 + 0x28)) =  *((intOrPtr*)(_t140 + 0x88));
					 *((intOrPtr*)(_t137 + 0x2c)) =  *((intOrPtr*)(_t140 + 0x8c));
					E00403A63( *((intOrPtr*)(_t142 - 0x28)));
					E00403A63( *((intOrPtr*)(_t142 - 0x1c)));
					 *(_t142 - 4) =  *(_t142 - 4) | 0xffffffff;
					__eflags = _t140;
					if(_t140 != 0) {
						 *((intOrPtr*)( *_t140 + 8))(_t140);
					}
					_t87 = 0;
					__eflags = 0;
				} else {
					E00403A63( *((intOrPtr*)(_t142 - 0x28)));
					E00403A63( *((intOrPtr*)(_t142 - 0x1c)));
					 *(_t142 - 4) =  *(_t142 - 4) | 0xffffffff;
					if(_t140 != 0) {
						 *((intOrPtr*)( *_t140 + 8))(_t140);
					}
					_t87 = _t109;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t142 - 0xc));
				return _t87;
			}











                                                                                                                                                                    0x00408d63
                                                                                                                                                                    0x00408d6e
                                                                                                                                                                    0x00408d72
                                                                                                                                                                    0x00408d77
                                                                                                                                                                    0x00408d7a
                                                                                                                                                                    0x00408d7d
                                                                                                                                                                    0x00408d83
                                                                                                                                                                    0x00408d88
                                                                                                                                                                    0x00408d8b
                                                                                                                                                                    0x00408d98
                                                                                                                                                                    0x00408d98
                                                                                                                                                                    0x00408d8d
                                                                                                                                                                    0x00408d94
                                                                                                                                                                    0x00408d94
                                                                                                                                                                    0x00408d9a
                                                                                                                                                                    0x00408da0
                                                                                                                                                                    0x00408da3
                                                                                                                                                                    0x00408da8
                                                                                                                                                                    0x00408da8
                                                                                                                                                                    0x00408db0
                                                                                                                                                                    0x00408db6
                                                                                                                                                                    0x00408dbd
                                                                                                                                                                    0x00408dc0
                                                                                                                                                                    0x00408dc3
                                                                                                                                                                    0x00408dc6
                                                                                                                                                                    0x00408dd0
                                                                                                                                                                    0x00408dd4
                                                                                                                                                                    0x00408dd7
                                                                                                                                                                    0x00408dda
                                                                                                                                                                    0x00408ddd
                                                                                                                                                                    0x00408de5
                                                                                                                                                                    0x00408de9
                                                                                                                                                                    0x00408e13
                                                                                                                                                                    0x00408e13
                                                                                                                                                                    0x00408e19
                                                                                                                                                                    0x00408e20
                                                                                                                                                                    0x00408deb
                                                                                                                                                                    0x00408deb
                                                                                                                                                                    0x00408def
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00408df1
                                                                                                                                                                    0x00408df1
                                                                                                                                                                    0x00408df7
                                                                                                                                                                    0x00408dfd
                                                                                                                                                                    0x00408e07
                                                                                                                                                                    0x00408e0b
                                                                                                                                                                    0x00408e0c
                                                                                                                                                                    0x00408e0c
                                                                                                                                                                    0x00408def
                                                                                                                                                                    0x00408e33
                                                                                                                                                                    0x00408e38
                                                                                                                                                                    0x00408e3c
                                                                                                                                                                    0x00408e6b
                                                                                                                                                                    0x00408e77
                                                                                                                                                                    0x00408e78
                                                                                                                                                                    0x00408e7c
                                                                                                                                                                    0x00408e84
                                                                                                                                                                    0x00408e88
                                                                                                                                                                    0x00408e8d
                                                                                                                                                                    0x00408e90
                                                                                                                                                                    0x00408e93
                                                                                                                                                                    0x00408e95
                                                                                                                                                                    0x00408e9e
                                                                                                                                                                    0x00408ea6
                                                                                                                                                                    0x00408eaa
                                                                                                                                                                    0x00408eae
                                                                                                                                                                    0x00408eb6
                                                                                                                                                                    0x00408eba
                                                                                                                                                                    0x00408ebf
                                                                                                                                                                    0x00408ec1
                                                                                                                                                                    0x00408ec1
                                                                                                                                                                    0x00408e95
                                                                                                                                                                    0x00408ecf
                                                                                                                                                                    0x00408ed8
                                                                                                                                                                    0x00408edb
                                                                                                                                                                    0x00408ee3
                                                                                                                                                                    0x00408ee8
                                                                                                                                                                    0x00408eed
                                                                                                                                                                    0x00408ef0
                                                                                                                                                                    0x00408ef5
                                                                                                                                                                    0x00408ef5
                                                                                                                                                                    0x00408ef8
                                                                                                                                                                    0x00408ef8
                                                                                                                                                                    0x00408e3e
                                                                                                                                                                    0x00408e41
                                                                                                                                                                    0x00408e49
                                                                                                                                                                    0x00408e4e
                                                                                                                                                                    0x00408e56
                                                                                                                                                                    0x00408e5b
                                                                                                                                                                    0x00408e5b
                                                                                                                                                                    0x00408e5e
                                                                                                                                                                    0x00408e5e
                                                                                                                                                                    0x00408f00
                                                                                                                                                                    0x00408f08

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00408D63
                                                                                                                                                                      • Part of subcall function 00408F0B: __EH_prolog.LIBCMT ref: 00408F10
                                                                                                                                                                      • Part of subcall function 00402635: __EH_prolog.LIBCMT ref: 0040263A
                                                                                                                                                                      • Part of subcall function 00403981: __EH_prolog.LIBCMT ref: 00403986
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: a7d89c665eca1327a3d631eb112decaf10f5b2416ec706b2aa5d4ac54510d8b8
                                                                                                                                                                    • Instruction ID: 2e5fef73c4a961ecd91826de13bda49669b7ee5ae1afd1ab178ba291f64b6413
                                                                                                                                                                    • Opcode Fuzzy Hash: a7d89c665eca1327a3d631eb112decaf10f5b2416ec706b2aa5d4ac54510d8b8
                                                                                                                                                                    • Instruction Fuzzy Hash: E5516D7190060AEFCF11DFA5C984A9EBBB4BF08314F10462EE556B72D1CB789A45CFA4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040DB62, Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                    			E0040DB62(void* __ecx, void* __eflags) {
				intOrPtr _t46;
				intOrPtr* _t51;
				intOrPtr _t52;
				intOrPtr _t54;
				intOrPtr* _t58;
				intOrPtr* _t63;
				intOrPtr _t67;
				intOrPtr _t75;
				void* _t78;
				void* _t82;
				intOrPtr* _t84;
				intOrPtr _t88;
				void* _t91;
				intOrPtr _t93;
				intOrPtr _t94;
				intOrPtr* _t95;
				void* _t97;
				intOrPtr _t99;
				void* _t100;
				void* _t102;
				void* _t103;
				void* _t105;

				E00413724(E0041A418, _t100);
				_t103 = _t102 - 0x18;
				_t97 = __ecx;
				_t91 = __ecx + 0x30;
				_t46 = E00407689(__eflags, 0x20); // executed
				if(_t46 == 0) {
					if(E0040DCEC(_t91) == 0) {
						 *((intOrPtr*)(_t100 - 0x20)) = 0;
						 *((intOrPtr*)(_t100 - 0x1c)) = 0;
						 *((intOrPtr*)(_t100 - 0x24)) = 0x41b824;
						 *((intOrPtr*)(_t100 - 4)) = 0;
						E004075EF(_t100 - 0x24, 0x10000);
						 *((intOrPtr*)(_t100 - 0x14)) =  *((intOrPtr*)(_t100 - 0x1c));
						E00413E60( *((intOrPtr*)(_t100 - 0x1c)), _t91, 0x20);
						_t93 =  *((intOrPtr*)(_t97 + 0x20));
						_t67 =  *((intOrPtr*)(_t97 + 0x24));
						_t105 = _t103 + 0xc;
						while(1) {
							L4:
							_t84 =  *((intOrPtr*)(_t100 + 0xc));
							__eflags = _t84;
							if(_t84 == 0) {
								goto L8;
							}
							_t78 = _t93 -  *((intOrPtr*)(_t97 + 0x20));
							asm("sbb eax, [esi+0x24]");
							__eflags = _t67 -  *((intOrPtr*)(_t84 + 4));
							if(__eflags > 0) {
								L22:
								 *((intOrPtr*)(_t100 - 0x24)) = 0x41b824;
								E00403A63( *((intOrPtr*)(_t100 - 0x1c)));
								_t46 = 1;
							} else {
								if(__eflags < 0) {
									goto L8;
								} else {
									__eflags = _t78 -  *_t84;
									if(_t78 >  *_t84) {
										goto L22;
									} else {
										goto L8;
									}
								}
							}
							goto L27;
							L8:
							_t51 =  *((intOrPtr*)(_t100 + 8));
							_t52 =  *((intOrPtr*)( *_t51 + 0xc))(_t51,  *((intOrPtr*)(_t100 - 0x14)) + 0x20, 0xffe0, _t100 - 0x18);
							__eflags = _t52;
							if(_t52 != 0) {
								L25:
								_t99 = _t52;
								goto L26;
							} else {
								_t75 =  *((intOrPtr*)(_t100 - 0x18));
								_push(1);
								__eflags = _t75;
								if(_t75 == 0) {
									_pop(_t99);
									L26:
									 *((intOrPtr*)(_t100 - 0x24)) = 0x41b824;
									E00403A63( *((intOrPtr*)(_t100 - 0x1c)));
									_t46 = _t99;
								} else {
									_pop(_t88);
									__eflags = _t75 - _t88;
									 *((intOrPtr*)(_t100 - 0x10)) = _t88;
									if(_t75 < _t88) {
										L20:
										_t54 =  *((intOrPtr*)(_t100 - 0x14));
										goto L21;
									} else {
										while(1) {
											_t54 =  *((intOrPtr*)(_t100 - 0x14));
											while(1) {
												L14:
												__eflags =  *((char*)(_t88 + _t54)) - 0x37;
												if( *((char*)(_t88 + _t54)) == 0x37) {
													break;
												}
												__eflags = _t88 - _t75;
												if(_t88 > _t75) {
													L21:
													_t93 = _t93 + _t75;
													asm("adc ebx, 0x0");
													E00413750(_t54, _t75 + _t54, 0x20);
													_t105 = _t105 + 0xc;
													goto L4;
												} else {
													_t88 = _t88 + 1;
													 *((intOrPtr*)(_t100 - 0x10)) = _t88;
													continue;
												}
												goto L27;
											}
											__eflags = _t88 - _t75;
											if(_t88 > _t75) {
												goto L21;
											} else {
												_t58 = E0040DCEC(_t88 + _t54);
												__eflags = _t58;
												if(_t58 != 0) {
													E00413E60(_t97 + 0x30,  *((intOrPtr*)(_t100 - 0x10)) +  *((intOrPtr*)(_t100 - 0x14)), 0x20);
													_t94 = _t93 +  *((intOrPtr*)(_t100 - 0x10));
													_t63 =  *((intOrPtr*)(_t100 + 8));
													 *((intOrPtr*)(_t97 + 0x20)) = _t94;
													_t82 = 0;
													asm("adc ebx, ecx");
													_t95 = _t94 + 0x20;
													__eflags = _t95;
													 *((intOrPtr*)(_t97 + 0x24)) = _t67;
													asm("adc ebx, ecx");
													_t52 =  *((intOrPtr*)( *_t63 + 0x10))(_t63, _t95, _t67, _t82, _t82);
													goto L25;
												} else {
													 *((intOrPtr*)(_t100 - 0x10)) =  *((intOrPtr*)(_t100 - 0x10)) + 1;
													_t75 =  *((intOrPtr*)(_t100 - 0x18));
													__eflags =  *((intOrPtr*)(_t100 - 0x10)) - _t75;
													if( *((intOrPtr*)(_t100 - 0x10)) <= _t75) {
														_t88 =  *((intOrPtr*)(_t100 - 0x10));
														_t54 =  *((intOrPtr*)(_t100 - 0x14));
														goto L14;
													} else {
														goto L20;
													}
												}
											}
											goto L27;
										}
									}
								}
							}
							goto L27;
						}
					} else {
						_t46 = 0;
					}
				}
				L27:
				 *[fs:0x0] =  *((intOrPtr*)(_t100 - 0xc));
				return _t46;
			}

























                                                                                                                                                                    0x0040db67
                                                                                                                                                                    0x0040db6c
                                                                                                                                                                    0x0040db71
                                                                                                                                                                    0x0040db79
                                                                                                                                                                    0x0040db7e
                                                                                                                                                                    0x0040db87
                                                                                                                                                                    0x0040db96
                                                                                                                                                                    0x0040db9f
                                                                                                                                                                    0x0040dba2
                                                                                                                                                                    0x0040dba5
                                                                                                                                                                    0x0040dbb4
                                                                                                                                                                    0x0040dbb7
                                                                                                                                                                    0x0040dbc3
                                                                                                                                                                    0x0040dbc6
                                                                                                                                                                    0x0040dbcb
                                                                                                                                                                    0x0040dbce
                                                                                                                                                                    0x0040dbd1
                                                                                                                                                                    0x0040dbd4
                                                                                                                                                                    0x0040dbd4
                                                                                                                                                                    0x0040dbd4
                                                                                                                                                                    0x0040dbd7
                                                                                                                                                                    0x0040dbd9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dbdf
                                                                                                                                                                    0x0040dbe2
                                                                                                                                                                    0x0040dbe5
                                                                                                                                                                    0x0040dbe8
                                                                                                                                                                    0x0040dc78
                                                                                                                                                                    0x0040dc7b
                                                                                                                                                                    0x0040dc82
                                                                                                                                                                    0x0040dc8a
                                                                                                                                                                    0x0040dbee
                                                                                                                                                                    0x0040dbee
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dbf0
                                                                                                                                                                    0x0040dbf0
                                                                                                                                                                    0x0040dbf2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dbf2
                                                                                                                                                                    0x0040dbee
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dbf8
                                                                                                                                                                    0x0040dbf8
                                                                                                                                                                    0x0040dc0e
                                                                                                                                                                    0x0040dc11
                                                                                                                                                                    0x0040dc13
                                                                                                                                                                    0x0040dcc7
                                                                                                                                                                    0x0040dcc7
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dc19
                                                                                                                                                                    0x0040dc19
                                                                                                                                                                    0x0040dc1c
                                                                                                                                                                    0x0040dc1e
                                                                                                                                                                    0x0040dc20
                                                                                                                                                                    0x0040dc8d
                                                                                                                                                                    0x0040dcc9
                                                                                                                                                                    0x0040dccc
                                                                                                                                                                    0x0040dcd3
                                                                                                                                                                    0x0040dcd9
                                                                                                                                                                    0x0040dc22
                                                                                                                                                                    0x0040dc22
                                                                                                                                                                    0x0040dc23
                                                                                                                                                                    0x0040dc25
                                                                                                                                                                    0x0040dc28
                                                                                                                                                                    0x0040dc5d
                                                                                                                                                                    0x0040dc5d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dc2a
                                                                                                                                                                    0x0040dc2f
                                                                                                                                                                    0x0040dc2f
                                                                                                                                                                    0x0040dc32
                                                                                                                                                                    0x0040dc32
                                                                                                                                                                    0x0040dc32
                                                                                                                                                                    0x0040dc36
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dc38
                                                                                                                                                                    0x0040dc3a
                                                                                                                                                                    0x0040dc60
                                                                                                                                                                    0x0040dc60
                                                                                                                                                                    0x0040dc64
                                                                                                                                                                    0x0040dc6b
                                                                                                                                                                    0x0040dc70
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dc3c
                                                                                                                                                                    0x0040dc3c
                                                                                                                                                                    0x0040dc3d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dc3d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dc3a
                                                                                                                                                                    0x0040dc42
                                                                                                                                                                    0x0040dc44
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dc46
                                                                                                                                                                    0x0040dc49
                                                                                                                                                                    0x0040dc4e
                                                                                                                                                                    0x0040dc50
                                                                                                                                                                    0x0040dc9f
                                                                                                                                                                    0x0040dca7
                                                                                                                                                                    0x0040dcaa
                                                                                                                                                                    0x0040dcaf
                                                                                                                                                                    0x0040dcb2
                                                                                                                                                                    0x0040dcb3
                                                                                                                                                                    0x0040dcb5
                                                                                                                                                                    0x0040dcb5
                                                                                                                                                                    0x0040dcb8
                                                                                                                                                                    0x0040dcbf
                                                                                                                                                                    0x0040dcc4
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dc52
                                                                                                                                                                    0x0040dc52
                                                                                                                                                                    0x0040dc55
                                                                                                                                                                    0x0040dc58
                                                                                                                                                                    0x0040dc5b
                                                                                                                                                                    0x0040dc2c
                                                                                                                                                                    0x0040dc2f
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dc5b
                                                                                                                                                                    0x0040dc50
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dc44
                                                                                                                                                                    0x0040dc2f
                                                                                                                                                                    0x0040dc28
                                                                                                                                                                    0x0040dc20
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040dc13
                                                                                                                                                                    0x0040db98
                                                                                                                                                                    0x0040db98
                                                                                                                                                                    0x0040db98
                                                                                                                                                                    0x0040db96
                                                                                                                                                                    0x0040dcdb
                                                                                                                                                                    0x0040dce1
                                                                                                                                                                    0x0040dce9

                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: 6102bc3ab49ae424949eee4761875b821dd30f392df23a536a372274e60046df
                                                                                                                                                                    • Instruction ID: 67e57bbcfb5e62c28ba97e2c762051c7e2fb602a8ee489b014dcb5d1e96c76cd
                                                                                                                                                                    • Opcode Fuzzy Hash: 6102bc3ab49ae424949eee4761875b821dd30f392df23a536a372274e60046df
                                                                                                                                                                    • Instruction Fuzzy Hash: DA419EB1E042059BEB14DF99C985ABEB7B5FF48304F14453EE402B7381D7B8A945CBA8
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00401B11, Relevance: 1.6, APIs: 1, Instructions: 132COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                    			E00401B11(void* __ecx, intOrPtr __edx, void* __eflags) {
				signed char** _t64;
				char* _t67;
				void* _t71;
				signed int _t73;
				intOrPtr _t74;
				void* _t75;
				void* _t81;
				void* _t83;
				char _t84;
				signed int _t89;
				signed int _t91;
				void* _t92;
				signed int _t103;
				void* _t107;
				void* _t109;
				void* _t110;
				void* _t112;

				_t92 = __ecx;
				E00413724(E00418E98, _t110);
				E00413A90(0x1024, __ecx);
				_t64 =  *(_t110 + 0xc);
				_t103 = 0;
				_t64[1] = 0;
				 *((intOrPtr*)(_t110 - 0x30)) = __edx;
				 *( *_t64) =  *( *_t64) & 0x00000000;
				 *(_t110 - 0x1c) =  *(_t110 - 0x1c) | 0xffffffff;
				 *(_t110 - 4) = 0;
				if(E00405A0F(_t92) != 0) {
					 *((intOrPtr*)(_t110 - 0x14)) = 0;
					if( *((char*)(__edx)) != 0) {
						do {
							 *((intOrPtr*)(_t110 - 0x14)) =  *((intOrPtr*)(_t110 - 0x14)) + 1;
						} while ( *((char*)( *((intOrPtr*)(_t110 - 0x14)) + __edx)) != 0);
					}
					_t67 =  *((intOrPtr*)(_t110 + 8));
					 *((intOrPtr*)(_t110 - 0x18)) = _t103;
					if( *_t67 != 0) {
						do {
							 *((intOrPtr*)(_t110 - 0x18)) =  *((intOrPtr*)(_t110 - 0x18)) + 1;
						} while ( *((char*)( *((intOrPtr*)(_t110 - 0x18)) + _t67)) != 0);
					}
					_t107 = 0;
					 *(_t110 - 0xd) =  *(_t110 - 0xd) & 0x00000000;
					 *((intOrPtr*)(_t110 - 0x24)) = _t103;
					 *((intOrPtr*)(_t110 - 0x20)) = _t103;
					while(1) {
						L8:
						_t71 = E00405A6C(_t110 - 0x1c, _t110 + _t107 - 0x1030, 0x1000 - _t107, _t110 - 0x28); // executed
						if(_t71 == 0) {
							break;
						}
						_t74 =  *((intOrPtr*)(_t110 - 0x28));
						if(_t74 == _t103) {
							L23:
							_t89 = 1;
						} else {
							_t109 = _t107 + _t74;
							_t91 = _t110 - 0x1030;
							while(1) {
								_t75 = _t109;
								if( *(_t110 - 0xd) != 0) {
								}
								L12:
								if(_t103 > _t75 -  *((intOrPtr*)(_t110 - 0x18))) {
									L20:
									_t107 = _t109 - _t103;
									 *((intOrPtr*)(_t110 - 0x24)) =  *((intOrPtr*)(_t110 - 0x24)) + _t103;
									asm("adc dword [ebp-0x20], 0x0");
									E00413750(_t110 - 0x1030, _t110 + _t103 - 0x1030, _t107);
									_t112 = _t112 + 0xc;
									if( *((intOrPtr*)(_t110 - 0x20)) > 0 ||  *((intOrPtr*)(_t110 - 0x24)) > 0x100000) {
										_t89 = _t91 & 0xffffff00 | ( *(_t110 + 0xc))[1] == 0x00000000;
									} else {
										_t103 = 0;
										goto L8;
									}
								} else {
									_t83 = E004132A0(_t91,  *((intOrPtr*)(_t110 + 8)),  *((intOrPtr*)(_t110 - 0x18)));
									_t112 = _t112 + 0xc;
									if(_t83 == 0) {
										goto L23;
									} else {
										_t84 =  *_t91;
										 *((char*)(_t110 - 0x2c)) = _t84;
										if(_t84 == 0) {
											goto L24;
										} else {
											E00401F02( *(_t110 + 0xc),  *((intOrPtr*)(_t110 - 0x2c)));
											L16:
											_t103 = _t103 + 1;
											_t91 = _t91 + 1;
											while(1) {
												_t75 = _t109;
												if( *(_t110 - 0xd) != 0) {
												}
												goto L17;
											}
											goto L12;
										}
									}
								}
								goto L25;
								L17:
								if(_t103 > _t75 -  *((intOrPtr*)(_t110 - 0x14))) {
									goto L20;
								} else {
									_t81 = E004132A0(_t91,  *((intOrPtr*)(_t110 - 0x30)),  *((intOrPtr*)(_t110 - 0x14)));
									_t112 = _t112 + 0xc;
									if(_t81 != 0) {
										goto L16;
									} else {
										_t103 = _t103 +  *((intOrPtr*)(_t110 - 0x14));
										_t91 = _t91 +  *((intOrPtr*)(_t110 - 0x14));
										 *(_t110 - 0xd) = 1;
										continue;
									}
									goto L26;
								}
								goto L25;
							}
						}
						L25:
						 *(_t110 - 4) =  *(_t110 - 4) | 0xffffffff;
						E0040588D(_t110 - 0x1c);
						_t73 = _t89;
						goto L26;
					}
					L24:
					_t89 = 0;
					goto L25;
				} else {
					 *(_t110 - 4) =  *(_t110 - 4) | 0xffffffff;
					E0040588D(_t110 - 0x1c);
					_t73 = 0;
				}
				L26:
				 *[fs:0x0] =  *((intOrPtr*)(_t110 - 0xc));
				return _t73;
			}




















                                                                                                                                                                    0x00401b11
                                                                                                                                                                    0x00401b16
                                                                                                                                                                    0x00401b20
                                                                                                                                                                    0x00401b25
                                                                                                                                                                    0x00401b2a
                                                                                                                                                                    0x00401b2e
                                                                                                                                                                    0x00401b33
                                                                                                                                                                    0x00401b36
                                                                                                                                                                    0x00401b39
                                                                                                                                                                    0x00401b41
                                                                                                                                                                    0x00401b4b
                                                                                                                                                                    0x00401b63
                                                                                                                                                                    0x00401b66
                                                                                                                                                                    0x00401b68
                                                                                                                                                                    0x00401b68
                                                                                                                                                                    0x00401b6e
                                                                                                                                                                    0x00401b68
                                                                                                                                                                    0x00401b74
                                                                                                                                                                    0x00401b77
                                                                                                                                                                    0x00401b7d
                                                                                                                                                                    0x00401b7f
                                                                                                                                                                    0x00401b7f
                                                                                                                                                                    0x00401b85
                                                                                                                                                                    0x00401b7f
                                                                                                                                                                    0x00401b8b
                                                                                                                                                                    0x00401b8d
                                                                                                                                                                    0x00401b92
                                                                                                                                                                    0x00401b95
                                                                                                                                                                    0x00401b9c
                                                                                                                                                                    0x00401b9c
                                                                                                                                                                    0x00401bb3
                                                                                                                                                                    0x00401bba
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401bc0
                                                                                                                                                                    0x00401bc5
                                                                                                                                                                    0x00401c73
                                                                                                                                                                    0x00401c73
                                                                                                                                                                    0x00401bcb
                                                                                                                                                                    0x00401bcb
                                                                                                                                                                    0x00401bcd
                                                                                                                                                                    0x00401bd3
                                                                                                                                                                    0x00401bd7
                                                                                                                                                                    0x00401bd9
                                                                                                                                                                    0x00401bd9
                                                                                                                                                                    0x00401bdb
                                                                                                                                                                    0x00401be0
                                                                                                                                                                    0x00401c33
                                                                                                                                                                    0x00401c33
                                                                                                                                                                    0x00401c35
                                                                                                                                                                    0x00401c47
                                                                                                                                                                    0x00401c4c
                                                                                                                                                                    0x00401c51
                                                                                                                                                                    0x00401c58
                                                                                                                                                                    0x00401c6e
                                                                                                                                                                    0x00401b9a
                                                                                                                                                                    0x00401b9a
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401b9a
                                                                                                                                                                    0x00401be2
                                                                                                                                                                    0x00401be9
                                                                                                                                                                    0x00401bee
                                                                                                                                                                    0x00401bf3
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401bf5
                                                                                                                                                                    0x00401bf5
                                                                                                                                                                    0x00401bf9
                                                                                                                                                                    0x00401bfc
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401bfe
                                                                                                                                                                    0x00401c04
                                                                                                                                                                    0x00401c09
                                                                                                                                                                    0x00401c09
                                                                                                                                                                    0x00401c0a
                                                                                                                                                                    0x00401bd3
                                                                                                                                                                    0x00401bd7
                                                                                                                                                                    0x00401bd9
                                                                                                                                                                    0x00401bd9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401bd9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401bd3
                                                                                                                                                                    0x00401bfc
                                                                                                                                                                    0x00401bf3
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401c0d
                                                                                                                                                                    0x00401c12
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401c14
                                                                                                                                                                    0x00401c1b
                                                                                                                                                                    0x00401c20
                                                                                                                                                                    0x00401c25
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401c27
                                                                                                                                                                    0x00401c27
                                                                                                                                                                    0x00401c2a
                                                                                                                                                                    0x00401c2d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401c2d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401c25
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401c12
                                                                                                                                                                    0x00401bd3
                                                                                                                                                                    0x00401c79
                                                                                                                                                                    0x00401c79
                                                                                                                                                                    0x00401c80
                                                                                                                                                                    0x00401c85
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401c87
                                                                                                                                                                    0x00401c77
                                                                                                                                                                    0x00401c77
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00401b4d
                                                                                                                                                                    0x00401b4d
                                                                                                                                                                    0x00401b54
                                                                                                                                                                    0x00401b59
                                                                                                                                                                    0x00401b59
                                                                                                                                                                    0x00401c88
                                                                                                                                                                    0x00401c8d
                                                                                                                                                                    0x00401c95

                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: 4a7b8dc75b00dab3078b6f2c0b685c16519ae0cc3006f02a661cb725d39e4b70
                                                                                                                                                                    • Instruction ID: dc66995ee082b2e59fd72de07b50a9d1ecefa8465c91578acc64d6d85ae5b981
                                                                                                                                                                    • Opcode Fuzzy Hash: 4a7b8dc75b00dab3078b6f2c0b685c16519ae0cc3006f02a661cb725d39e4b70
                                                                                                                                                                    • Instruction Fuzzy Hash: 7A51D071C042499FDF21DFA4C940BEEBBB4AF05394F14416AE851732E2E7789A41CB68
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00402EFE, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                                                    			E00402EFE(intOrPtr __ecx, void* __edx, void* __eflags) {
				intOrPtr _t57;
				void* _t73;
				intOrPtr _t90;
				void* _t109;
				intOrPtr _t115;
				intOrPtr _t116;
				void* _t118;

				E00413724(E00419039, _t118);
				 *((char*)( *((intOrPtr*)(_t118 + 0x10)))) = 0;
				E0040335F(_t118 - 0x94);
				 *(_t118 - 4) = 0;
				 *((intOrPtr*)(_t118 - 0x94)) = __ecx;
				E00401DAF(_t118 - 0x90, __edx);
				E00401DAF(_t118 - 0x84,  *((intOrPtr*)(_t118 + 8)));
				_push(0xf0);
				_t90 = E00403A3D();
				 *((intOrPtr*)(_t118 + 8)) = _t90;
				 *(_t118 - 4) = 1;
				if(_t90 == 0) {
					_t57 = 0;
					__eflags = 0;
				} else {
					_t57 = E004034CC(_t90);
				}
				 *(_t118 - 4) = 0;
				 *((intOrPtr*)(_t118 - 0x78)) = _t57;
				E004062E7(_t118 - 0x74, _t57);
				if( *((intOrPtr*)(_t118 + 0xc)) == 0) {
					E004030FC(_t118 - 0x94, __eflags);
					goto L8;
				} else {
					 *((intOrPtr*)( *((intOrPtr*)(_t118 - 0x78)) + 0xd8)) = 1;
					 *((intOrPtr*)(_t118 + 0xc)) = 0;
					 *(_t118 - 4) = 2;
					_t116 = E00412FF0(_t118 + 0xc, E004032CA, _t118 - 0x94);
					if(_t116 == 0) {
						 *((intOrPtr*)(_t118 - 0x18)) = 0;
						 *((intOrPtr*)(_t118 - 0x14)) = 0;
						 *((intOrPtr*)(_t118 - 0x10)) = 0;
						E0040218D(_t118 - 0x18, 3);
						_t109 = 0x45;
						 *(_t118 - 4) = 3;
						_t73 = E00405ED1(_t109);
						 *(_t118 - 4) = 4;
						E00401DAF(_t118 - 0x18, _t73);
						 *(_t118 - 4) = 3;
						E00403A63( *((intOrPtr*)(_t118 - 0x24)));
						E00403086( *((intOrPtr*)(_t118 - 0x78)), _t118 - 0x18, _t118 + 0xc); // executed
						E00403A63( *((intOrPtr*)(_t118 - 0x18)));
						 *(_t118 - 4) = 0;
						E00412FB0(_t118 + 0xc);
						L8:
						_t115 =  *((intOrPtr*)(_t118 + 0x14));
						E00401DAF(_t115, _t118 - 0x30);
						__eflags =  *((intOrPtr*)(_t115 + 4));
						if(__eflags == 0) {
							__eflags =  *((intOrPtr*)(_t118 - 0x78)) + 0xe4;
							E00401DAF(_t115,  *((intOrPtr*)(_t118 - 0x78)) + 0xe4);
						}
						_t116 =  *((intOrPtr*)(_t118 - 0x34));
						 *((char*)( *((intOrPtr*)(_t118 + 0x10)))) =  *((intOrPtr*)( *((intOrPtr*)(_t118 - 0x78)) + 0xe0));
					} else {
						E00412FB0(_t118 + 0xc);
					}
				}
				 *(_t118 - 4) =  *(_t118 - 4) | 0xffffffff;
				E00403473(_t118 - 0x94,  *(_t118 - 4)); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t118 - 0xc));
				return _t116;
			}










                                                                                                                                                                    0x00402f03
                                                                                                                                                                    0x00402f20
                                                                                                                                                                    0x00402f22
                                                                                                                                                                    0x00402f2e
                                                                                                                                                                    0x00402f31
                                                                                                                                                                    0x00402f37
                                                                                                                                                                    0x00402f45
                                                                                                                                                                    0x00402f4a
                                                                                                                                                                    0x00402f55
                                                                                                                                                                    0x00402f57
                                                                                                                                                                    0x00402f5c
                                                                                                                                                                    0x00402f60
                                                                                                                                                                    0x00402f69
                                                                                                                                                                    0x00402f69
                                                                                                                                                                    0x00402f62
                                                                                                                                                                    0x00402f62
                                                                                                                                                                    0x00402f62
                                                                                                                                                                    0x00402f6f
                                                                                                                                                                    0x00402f72
                                                                                                                                                                    0x00402f75
                                                                                                                                                                    0x00402f7d
                                                                                                                                                                    0x00403026
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00402f83
                                                                                                                                                                    0x00402f86
                                                                                                                                                                    0x00402f90
                                                                                                                                                                    0x00402fa2
                                                                                                                                                                    0x00402fab
                                                                                                                                                                    0x00402faf
                                                                                                                                                                    0x00402fc3
                                                                                                                                                                    0x00402fc6
                                                                                                                                                                    0x00402fc9
                                                                                                                                                                    0x00402fcc
                                                                                                                                                                    0x00402fd6
                                                                                                                                                                    0x00402fd7
                                                                                                                                                                    0x00402fdb
                                                                                                                                                                    0x00402fe4
                                                                                                                                                                    0x00402fe8
                                                                                                                                                                    0x00402fed
                                                                                                                                                                    0x00402ff4
                                                                                                                                                                    0x00403005
                                                                                                                                                                    0x0040300d
                                                                                                                                                                    0x00403013
                                                                                                                                                                    0x00403019
                                                                                                                                                                    0x0040302b
                                                                                                                                                                    0x0040302b
                                                                                                                                                                    0x00403034
                                                                                                                                                                    0x00403039
                                                                                                                                                                    0x0040303c
                                                                                                                                                                    0x00403043
                                                                                                                                                                    0x00403049
                                                                                                                                                                    0x00403049
                                                                                                                                                                    0x00403054
                                                                                                                                                                    0x0040305d
                                                                                                                                                                    0x00402fb1
                                                                                                                                                                    0x00402fb4
                                                                                                                                                                    0x00402fb4
                                                                                                                                                                    0x00402faf
                                                                                                                                                                    0x0040305f
                                                                                                                                                                    0x00403069
                                                                                                                                                                    0x00403076
                                                                                                                                                                    0x0040307e

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00402F03
                                                                                                                                                                      • Part of subcall function 0040335F: __EH_prolog.LIBCMT ref: 00403364
                                                                                                                                                                      • Part of subcall function 004034CC: __EH_prolog.LIBCMT ref: 004034D1
                                                                                                                                                                      • Part of subcall function 00403086: __EH_prolog.LIBCMT ref: 0040308B
                                                                                                                                                                      • Part of subcall function 00403086: ShowWindow.USER32(004149B4,00000001,000001F4,00000000,?,?,00000000,00000003,00000000,00000000), ref: 004030E4
                                                                                                                                                                      • Part of subcall function 00412FB0: FindCloseChangeNotification.KERNELBASE(00000000,00000000,0040301E,?,?,00000000,00000003,?,00000000,?,?,00000003,00000000,00000000), ref: 00412FBA
                                                                                                                                                                      • Part of subcall function 00412FB0: GetLastError.KERNEL32(?,00000003,00000000,00000000), ref: 00412FC4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog$ChangeCloseErrorFindLastNotificationShowWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4218304303-0
                                                                                                                                                                    • Opcode ID: 03af04828066c1c60b316f1f38589fe52917e01f11487da650230ab208b49848
                                                                                                                                                                    • Instruction ID: 576321bfec054c9ee934bf83a6d4a944d332aa9064831fab6676e01313dc7821
                                                                                                                                                                    • Opcode Fuzzy Hash: 03af04828066c1c60b316f1f38589fe52917e01f11487da650230ab208b49848
                                                                                                                                                                    • Instruction Fuzzy Hash: FF419C71900248DBCB11EFA5C991AEDBBB4AF04304F1080BFE90AB72D2DA785B45CB59
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040C557, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E0040C557(void* __ecx) {
				intOrPtr _t59;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr _t64;
				intOrPtr* _t66;
				intOrPtr _t68;
				intOrPtr* _t69;
				intOrPtr _t70;
				intOrPtr* _t72;
				intOrPtr _t83;
				signed int _t97;
				void* _t100;
				intOrPtr* _t101;
				intOrPtr _t102;
				void* _t104;

				E00413724(E0041A118, _t104);
				_t100 = __ecx;
				_t59 =  *((intOrPtr*)(__ecx + 0x28));
				if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x18)) + 0xc)) + _t59)) == 0) {
					 *(_t104 - 0x10) = 2;
				} else {
					 *(_t104 - 0x10) = 0 |  *((intOrPtr*)(__ecx + 0x2c)) != 0x00000000;
				}
				 *((intOrPtr*)(_t104 - 0x14)) = 0;
				_t97 =  *((intOrPtr*)(_t100 + 0x24)) + _t59;
				_t60 =  *((intOrPtr*)(_t100 + 0x1c));
				 *(_t104 - 4) = 0;
				_t61 =  *((intOrPtr*)( *_t60 + 0x14))(_t60,  *((intOrPtr*)(_t100 + 0x20)) + _t97, _t104 - 0x14,  *(_t104 - 0x10));
				 *((intOrPtr*)(_t104 - 0x18)) = _t61;
				if(_t61 == 0) {
					E004062E7( *((intOrPtr*)(_t100 + 0xc)) + 8,  *((intOrPtr*)(_t104 - 0x14)));
					_t64 =  *((intOrPtr*)(_t100 + 0xc));
					 *(_t64 + 0x18) =  *(_t64 + 0x18) | 0xffffffff;
					 *((intOrPtr*)(_t64 + 0x10)) = 0;
					 *((intOrPtr*)(_t64 + 0x14)) = 0;
					 *((char*)(_t64 + 0x1c)) =  *((intOrPtr*)(_t100 + 0x2d));
					_t83 =  *((intOrPtr*)(_t100 + 0x14));
					 *((char*)(_t100 + 0x2e)) = 1;
					_t66 =  *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x70)) + _t97 * 4));
					 *((intOrPtr*)(_t100 + 0x30)) =  *_t66;
					 *((intOrPtr*)(_t100 + 0x34)) =  *((intOrPtr*)(_t66 + 4));
					if( *(_t104 - 0x10) == 0 &&  *((intOrPtr*)(_t104 - 0x14)) == 0 && (_t97 >=  *((intOrPtr*)(_t83 + 0x120)) ||  *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x124)) + _t97)) == 0) &&  *((intOrPtr*)(_t66 + 0x1d)) == 0) {
						 *(_t104 - 0x10) = 2;
					}
					_t101 =  *((intOrPtr*)(_t100 + 0x1c));
					_t68 =  *((intOrPtr*)( *_t101 + 0x18))(_t101,  *(_t104 - 0x10));
					 *(_t104 - 4) =  *(_t104 - 4) | 0xffffffff;
					_t102 = _t68;
					_t69 =  *((intOrPtr*)(_t104 - 0x14));
					if(_t69 != 0) {
						 *((intOrPtr*)( *_t69 + 8))(_t69);
					}
					_t70 = _t102;
				} else {
					_t72 =  *((intOrPtr*)(_t104 - 0x14));
					 *(_t104 - 4) =  *(_t104 - 4) | 0xffffffff;
					if(_t72 != 0) {
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t70 =  *((intOrPtr*)(_t104 - 0x18));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t104 - 0xc));
				return _t70;
			}


















                                                                                                                                                                    0x0040c55c
                                                                                                                                                                    0x0040c566
                                                                                                                                                                    0x0040c56e
                                                                                                                                                                    0x0040c577
                                                                                                                                                                    0x0040c586
                                                                                                                                                                    0x0040c579
                                                                                                                                                                    0x0040c581
                                                                                                                                                                    0x0040c581
                                                                                                                                                                    0x0040c58d
                                                                                                                                                                    0x0040c599
                                                                                                                                                                    0x0040c59b
                                                                                                                                                                    0x0040c5a2
                                                                                                                                                                    0x0040c5ab
                                                                                                                                                                    0x0040c5b0
                                                                                                                                                                    0x0040c5b3
                                                                                                                                                                    0x0040c5d7
                                                                                                                                                                    0x0040c5dc
                                                                                                                                                                    0x0040c5e2
                                                                                                                                                                    0x0040c5e6
                                                                                                                                                                    0x0040c5e9
                                                                                                                                                                    0x0040c5ec
                                                                                                                                                                    0x0040c5ef
                                                                                                                                                                    0x0040c5f2
                                                                                                                                                                    0x0040c5fc
                                                                                                                                                                    0x0040c601
                                                                                                                                                                    0x0040c607
                                                                                                                                                                    0x0040c60a
                                                                                                                                                                    0x0040c629
                                                                                                                                                                    0x0040c629
                                                                                                                                                                    0x0040c630
                                                                                                                                                                    0x0040c639
                                                                                                                                                                    0x0040c63c
                                                                                                                                                                    0x0040c640
                                                                                                                                                                    0x0040c642
                                                                                                                                                                    0x0040c647
                                                                                                                                                                    0x0040c64c
                                                                                                                                                                    0x0040c64c
                                                                                                                                                                    0x0040c64f
                                                                                                                                                                    0x0040c5b5
                                                                                                                                                                    0x0040c5b5
                                                                                                                                                                    0x0040c5b8
                                                                                                                                                                    0x0040c5be
                                                                                                                                                                    0x0040c5c3
                                                                                                                                                                    0x0040c5c3
                                                                                                                                                                    0x0040c5c6
                                                                                                                                                                    0x0040c5c6
                                                                                                                                                                    0x0040c657
                                                                                                                                                                    0x0040c65f

                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: 039900a8d840d8f65cf18cf377fd5bff5d9e595a8fad608146d0eb9be483e555
                                                                                                                                                                    • Instruction ID: 41554ca9dc53ee1e5d6d797d633c48513fe02739bc2a4d97afccdd4c6a3ff44e
                                                                                                                                                                    • Opcode Fuzzy Hash: 039900a8d840d8f65cf18cf377fd5bff5d9e595a8fad608146d0eb9be483e555
                                                                                                                                                                    • Instruction Fuzzy Hash: 89416C71A00645DFCB24CF68C48486ABBF1FF48314B244AAED096AB791C731ED46CF91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040CF82, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                    			E0040CF82() {
				intOrPtr* _t44;
				intOrPtr _t50;
				void* _t61;
				intOrPtr* _t62;
				void* _t75;
				intOrPtr _t76;
				void* _t79;
				intOrPtr* _t80;
				void* _t82;
				void* _t84;

				E00413724(E0041A338, _t82);
				 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
				_t62 =  *((intOrPtr*)(_t82 + 8));
				 *((intOrPtr*)(_t82 - 0x10)) = _t84 - 0x60;
				 *((intOrPtr*)( *_t62 + 0x10))(_t62, _t75, _t79, _t61);
				_t80 =  *((intOrPtr*)(_t82 + 0x14));
				 *(_t82 - 4) = 1;
				_t87 = _t80;
				 *((intOrPtr*)(_t82 - 0x14)) = _t80;
				if(_t80 != 0) {
					 *((intOrPtr*)( *_t80 + 4))(_t80);
				}
				 *(_t82 - 0x6c) =  *(_t82 - 0x6c) & 0x00000000;
				 *(_t82 - 4) = 3;
				E00402172(_t82 - 0x68);
				 *((intOrPtr*)(_t82 - 0x68)) = 0x41b814;
				_push( *((intOrPtr*)(_t82 + 0x10)));
				 *(_t82 - 4) = 4;
				_t76 = E0040DD29(_t82 - 0x6c, _t82, _t87,  *((intOrPtr*)(_t82 + 0xc)));
				_t88 = _t76;
				if(_t76 == 0) {
					_t77 = _t62 + 0x10;
					_push(_t62 + 0x10); // executed
					_t44 = E0040F6E0(_t82 - 0x6c, __eflags); // executed
					__eflags = _t44;
					 *((intOrPtr*)(_t82 + 0x14)) = _t44;
					if(__eflags == 0) {
						E0040F2D9(_t77);
						E0040F31B();
						E0040F370(_t77);
						E004062E7(_t62 + 8,  *((intOrPtr*)(_t82 + 0xc)));
						 *(_t82 - 4) = 2;
						E0040D0A6(_t82 - 0x6c, __eflags);
						__eflags = _t80;
						 *(_t82 - 4) = 1;
						if(_t80 != 0) {
							 *((intOrPtr*)( *_t80 + 8))(_t80);
						}
						_t50 = 0;
					} else {
						 *(_t82 - 4) = 2;
						E0040D0A6(_t82 - 0x6c, __eflags);
						__eflags = _t80;
						 *(_t82 - 4) = 1;
						if(_t80 != 0) {
							 *((intOrPtr*)( *_t80 + 8))(_t80);
						}
						_t50 =  *((intOrPtr*)(_t82 + 0x14));
					}
				} else {
					 *(_t82 - 4) = 2;
					E0040D0A6(_t82 - 0x6c, _t88);
					 *(_t82 - 4) = 1;
					if(_t80 != 0) {
						 *((intOrPtr*)( *_t80 + 8))(_t80);
					}
					_t50 = _t76;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0xc));
				return _t50;
			}













                                                                                                                                                                    0x0040cf87
                                                                                                                                                                    0x0040cf8f
                                                                                                                                                                    0x0040cf94
                                                                                                                                                                    0x0040cf9b
                                                                                                                                                                    0x0040cf9f
                                                                                                                                                                    0x0040cfa2
                                                                                                                                                                    0x0040cfa5
                                                                                                                                                                    0x0040cfa9
                                                                                                                                                                    0x0040cfab
                                                                                                                                                                    0x0040cfae
                                                                                                                                                                    0x0040cfb3
                                                                                                                                                                    0x0040cfb3
                                                                                                                                                                    0x0040cfb6
                                                                                                                                                                    0x0040cfbd
                                                                                                                                                                    0x0040cfc1
                                                                                                                                                                    0x0040cfc6
                                                                                                                                                                    0x0040cfcd
                                                                                                                                                                    0x0040cfd3
                                                                                                                                                                    0x0040cfdf
                                                                                                                                                                    0x0040cfe1
                                                                                                                                                                    0x0040cfe3
                                                                                                                                                                    0x0040d006
                                                                                                                                                                    0x0040d00c
                                                                                                                                                                    0x0040d00d
                                                                                                                                                                    0x0040d012
                                                                                                                                                                    0x0040d014
                                                                                                                                                                    0x0040d017
                                                                                                                                                                    0x0040d03a
                                                                                                                                                                    0x0040d041
                                                                                                                                                                    0x0040d048
                                                                                                                                                                    0x0040d053
                                                                                                                                                                    0x0040d05b
                                                                                                                                                                    0x0040d05f
                                                                                                                                                                    0x0040d064
                                                                                                                                                                    0x0040d066
                                                                                                                                                                    0x0040d06a
                                                                                                                                                                    0x0040d06f
                                                                                                                                                                    0x0040d06f
                                                                                                                                                                    0x0040d072
                                                                                                                                                                    0x0040d019
                                                                                                                                                                    0x0040d01c
                                                                                                                                                                    0x0040d020
                                                                                                                                                                    0x0040d025
                                                                                                                                                                    0x0040d027
                                                                                                                                                                    0x0040d02b
                                                                                                                                                                    0x0040d030
                                                                                                                                                                    0x0040d030
                                                                                                                                                                    0x0040d033
                                                                                                                                                                    0x0040d033
                                                                                                                                                                    0x0040cfe5
                                                                                                                                                                    0x0040cfe8
                                                                                                                                                                    0x0040cfec
                                                                                                                                                                    0x0040cff3
                                                                                                                                                                    0x0040cff7
                                                                                                                                                                    0x0040cffc
                                                                                                                                                                    0x0040cffc
                                                                                                                                                                    0x0040cfff
                                                                                                                                                                    0x0040cfff
                                                                                                                                                                    0x0040d09a
                                                                                                                                                                    0x0040d0a3

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040CF87
                                                                                                                                                                      • Part of subcall function 0040F6E0: __EH_prolog.LIBCMT ref: 0040F6E5
                                                                                                                                                                      • Part of subcall function 0040D0A6: __EH_prolog.LIBCMT ref: 0040D0AB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: 247e6e783af1532b670e604df5ee4666ee67329ca8b2db34e45a1f618534d241
                                                                                                                                                                    • Instruction ID: 59bb91874275df73172cd70bf395014d1b371f9bee4586dc4e729df687399cc5
                                                                                                                                                                    • Opcode Fuzzy Hash: 247e6e783af1532b670e604df5ee4666ee67329ca8b2db34e45a1f618534d241
                                                                                                                                                                    • Instruction Fuzzy Hash: 87319630D01248DFCB11DFA9C548BEDBBB5AF15308F14406EE8457B381C7789A49DB66
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004061BF, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 44%
                                                                                                                                                                    			E004061BF(intOrPtr __ecx, intOrPtr __edx) {
				intOrPtr _t26;
				void* _t31;
				void* _t32;
				intOrPtr _t42;
				intOrPtr* _t45;
				signed int _t50;
				void* _t58;
				intOrPtr* _t59;
				void* _t60;

				E00413724(E0041959A, _t60);
				_push(__ecx);
				_push(__ecx);
				_t26 =  *0x423290; // 0x5
				 *((intOrPtr*)(_t60 - 0x14)) = __edx;
				_t50 = 0;
				 *((intOrPtr*)(_t60 - 0x10)) = __ecx;
				if(_t26 <= 0) {
					L17:
					if( *((intOrPtr*)(_t60 + 0x18)) != 0) {
						_t53 =  *((intOrPtr*)(_t60 - 0x10));
						if( *( *((intOrPtr*)(_t60 - 0x10))) != 0) {
							_push(0x60);
							_t42 = E00403A3D();
							 *((intOrPtr*)(_t60 + 0x14)) = _t42;
							 *(_t60 - 4) = 0;
							if(_t42 == 0) {
								_t58 = 0;
							} else {
								_t31 = E004066FD(_t42); // executed
								_t58 = _t31;
							}
							 *(_t60 - 4) =  *(_t60 - 4) | 0xffffffff;
							E004062E7( *((intOrPtr*)(_t60 - 0x14)), _t58);
							_t22 = _t58 + 0x58; // 0x58
							E004062E7(_t22,  *_t53);
						}
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t60 - 0xc));
					return 0;
				} else {
					_t45 = 0x423190;
					do {
						_t59 =  *_t45;
						if( *((intOrPtr*)(_t59 + 8)) ==  *((intOrPtr*)(_t60 + 8)) &&  *((intOrPtr*)(_t59 + 0xc)) ==  *((intOrPtr*)(_t60 + 0xc))) {
							if( *((intOrPtr*)(_t60 + 0x14)) == 0) {
								if( *_t59 != 0) {
									_t32 =  *_t59();
									L11:
									if( *((intOrPtr*)(_t59 + 0x18)) == 0) {
										_push(_t32);
										if( *((intOrPtr*)(_t59 + 0x14)) != 1) {
											E004062E7( *((intOrPtr*)(_t60 + 0x10)));
										} else {
											E004062E7( *((intOrPtr*)(_t60 - 0x14)));
										}
									} else {
										E004062E7( *((intOrPtr*)(_t60 - 0x10)), _t32);
									}
									goto L17;
								}
								goto L8;
							}
							if( *((intOrPtr*)(_t59 + 4)) != 0) {
								_t32 =  *((intOrPtr*)(_t59 + 4))();
								goto L11;
							} else {
								goto L8;
							}
						}
						L8:
						_t50 = _t50 + 1;
						_t45 = _t45 + 4;
					} while (_t50 < _t26);
					goto L17;
				}
			}












                                                                                                                                                                    0x004061c4
                                                                                                                                                                    0x004061c9
                                                                                                                                                                    0x004061ca
                                                                                                                                                                    0x004061cb
                                                                                                                                                                    0x004061d1
                                                                                                                                                                    0x004061d6
                                                                                                                                                                    0x004061dc
                                                                                                                                                                    0x004061df
                                                                                                                                                                    0x00406242
                                                                                                                                                                    0x00406245
                                                                                                                                                                    0x00406247
                                                                                                                                                                    0x0040624c
                                                                                                                                                                    0x0040624e
                                                                                                                                                                    0x00406256
                                                                                                                                                                    0x00406258
                                                                                                                                                                    0x0040625d
                                                                                                                                                                    0x00406260
                                                                                                                                                                    0x0040626b
                                                                                                                                                                    0x00406262
                                                                                                                                                                    0x00406262
                                                                                                                                                                    0x00406267
                                                                                                                                                                    0x00406267
                                                                                                                                                                    0x00406270
                                                                                                                                                                    0x00406275
                                                                                                                                                                    0x0040627c
                                                                                                                                                                    0x0040627f
                                                                                                                                                                    0x0040627f
                                                                                                                                                                    0x0040624c
                                                                                                                                                                    0x0040628c
                                                                                                                                                                    0x00406294
                                                                                                                                                                    0x004061e1
                                                                                                                                                                    0x004061e1
                                                                                                                                                                    0x004061e6
                                                                                                                                                                    0x004061e6
                                                                                                                                                                    0x004061ee
                                                                                                                                                                    0x004061fb
                                                                                                                                                                    0x00406206
                                                                                                                                                                    0x00406236
                                                                                                                                                                    0x00406215
                                                                                                                                                                    0x00406218
                                                                                                                                                                    0x00406229
                                                                                                                                                                    0x0040622a
                                                                                                                                                                    0x0040623d
                                                                                                                                                                    0x0040622c
                                                                                                                                                                    0x0040622f
                                                                                                                                                                    0x0040622f
                                                                                                                                                                    0x0040621a
                                                                                                                                                                    0x0040621e
                                                                                                                                                                    0x0040621e
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00406218
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00406206
                                                                                                                                                                    0x00406200
                                                                                                                                                                    0x00406212
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00406202
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00406202
                                                                                                                                                                    0x00406200
                                                                                                                                                                    0x00406208
                                                                                                                                                                    0x00406208
                                                                                                                                                                    0x00406209
                                                                                                                                                                    0x0040620c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00406210

                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: 04bfb4e6687a3d80e002f7d17c42c29bcd668ab7ffb01b2ce04c518ed3074d59
                                                                                                                                                                    • Instruction ID: a24cbab5944e5cd80d4d0b45cab95027a2511e7323fd1c0fe5e5f9bfcab47c11
                                                                                                                                                                    • Opcode Fuzzy Hash: 04bfb4e6687a3d80e002f7d17c42c29bcd668ab7ffb01b2ce04c518ed3074d59
                                                                                                                                                                    • Instruction Fuzzy Hash: 97218F71A05246DBCB24FFA5C44046FB7A1AB4130472285BFE053772C1C738AE61CB6A
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00413C73, Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 24%
                                                                                                                                                                    			E00413C73(unsigned int _a4) {
				signed int _v8;
				intOrPtr _v20;
				void* _v32;
				intOrPtr _t19;
				void* _t20;
				signed char _t22;
				void* _t23;
				void* _t24;
				void* _t36;
				unsigned int _t44;
				unsigned int _t46;
				intOrPtr _t47;
				void* _t50;

				_push(0xffffffff);
				_push(0x41b990);
				_push(E004147FC);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t47;
				_t19 =  *0x425a58; // 0x1
				if(_t19 != 3) {
					__eflags = _t19 - 2;
					if(_t19 != 2) {
						goto L11;
					} else {
						_t24 = _a4;
						__eflags = _t24;
						if(_t24 == 0) {
							_t44 = 0x10;
						} else {
							_t9 = _t24 + 0xf; // 0xf
							_t44 = _t9 & 0xfffffff0;
						}
						_a4 = _t44;
						__eflags = _t44 -  *0x42285c; // 0x1e0
						if(__eflags > 0) {
							L10:
							_push(_t44);
							goto L14;
						} else {
							E004154DA(9);
							_pop(_t36);
							_v8 = 1;
							_v32 = E00416664(_t36, _t44 >> 4);
							_v8 = _v8 | 0xffffffff;
							E00413D39();
							_t23 = _v32;
							__eflags = _t23;
							if(_t23 == 0) {
								goto L10;
							}
						}
					}
				} else {
					_t46 = _a4;
					_t50 = _t46 -  *0x425a50; // 0x0
					if(_t50 > 0) {
						L11:
						_t20 = _a4;
						__eflags = _t20;
						if(_t20 == 0) {
							_t20 = 1;
						}
						_t22 = _t20 + 0x0000000f & 0x000000f0;
						__eflags = _t22;
						_push(_t22);
						L14:
						_push(0);
						_t23 = RtlAllocateHeap( *0x425a54); // executed
					} else {
						E004154DA(9);
						_v8 = _v8 & 0x00000000;
						_push(_t46);
						_v32 = E00415BC1();
						_v8 = _v8 | 0xffffffff;
						E00413CDA();
						_t23 = _v32;
						if(_t23 == 0) {
							goto L11;
						} else {
						}
					}
				}
				 *[fs:0x0] = _v20;
				return _t23;
			}
















                                                                                                                                                                    0x00413c76
                                                                                                                                                                    0x00413c78
                                                                                                                                                                    0x00413c7d
                                                                                                                                                                    0x00413c88
                                                                                                                                                                    0x00413c89
                                                                                                                                                                    0x00413c96
                                                                                                                                                                    0x00413c9e
                                                                                                                                                                    0x00413ce3
                                                                                                                                                                    0x00413ce6
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00413ce8
                                                                                                                                                                    0x00413ce8
                                                                                                                                                                    0x00413ceb
                                                                                                                                                                    0x00413ced
                                                                                                                                                                    0x00413cf9
                                                                                                                                                                    0x00413cef
                                                                                                                                                                    0x00413cef
                                                                                                                                                                    0x00413cf2
                                                                                                                                                                    0x00413cf2
                                                                                                                                                                    0x00413cfa
                                                                                                                                                                    0x00413cfd
                                                                                                                                                                    0x00413d03
                                                                                                                                                                    0x00413d33
                                                                                                                                                                    0x00413d33
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00413d05
                                                                                                                                                                    0x00413d07
                                                                                                                                                                    0x00413d0c
                                                                                                                                                                    0x00413d0d
                                                                                                                                                                    0x00413d20
                                                                                                                                                                    0x00413d23
                                                                                                                                                                    0x00413d27
                                                                                                                                                                    0x00413d2c
                                                                                                                                                                    0x00413d2f
                                                                                                                                                                    0x00413d31
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00413d31
                                                                                                                                                                    0x00413d03
                                                                                                                                                                    0x00413ca0
                                                                                                                                                                    0x00413ca0
                                                                                                                                                                    0x00413ca3
                                                                                                                                                                    0x00413ca9
                                                                                                                                                                    0x00413d42
                                                                                                                                                                    0x00413d42
                                                                                                                                                                    0x00413d45
                                                                                                                                                                    0x00413d47
                                                                                                                                                                    0x00413d4b
                                                                                                                                                                    0x00413d4b
                                                                                                                                                                    0x00413d4f
                                                                                                                                                                    0x00413d4f
                                                                                                                                                                    0x00413d51
                                                                                                                                                                    0x00413d52
                                                                                                                                                                    0x00413d52
                                                                                                                                                                    0x00413d5a
                                                                                                                                                                    0x00413caf
                                                                                                                                                                    0x00413cb1
                                                                                                                                                                    0x00413cb7
                                                                                                                                                                    0x00413cbb
                                                                                                                                                                    0x00413cc2
                                                                                                                                                                    0x00413cc5
                                                                                                                                                                    0x00413cc9
                                                                                                                                                                    0x00413cce
                                                                                                                                                                    0x00413cd3
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00413cd5
                                                                                                                                                                    0x00413cd3
                                                                                                                                                                    0x00413ca9
                                                                                                                                                                    0x00413d63
                                                                                                                                                                    0x00413d6e

                                                                                                                                                                    APIs
                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 00413D5A
                                                                                                                                                                      • Part of subcall function 004154DA: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415517
                                                                                                                                                                      • Part of subcall function 004154DA: EnterCriticalSection.KERNEL32(?,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415532
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1616793339-0
                                                                                                                                                                    • Opcode ID: cdeed90e400f99c9328ec8b59033d7a90e074e0a5ab5361bfbc3574a04fde8a1
                                                                                                                                                                    • Instruction ID: 026ee179866774db734838c78619ddc809868a86b22b68076f663e2312d1f49b
                                                                                                                                                                    • Opcode Fuzzy Hash: cdeed90e400f99c9328ec8b59033d7a90e074e0a5ab5361bfbc3574a04fde8a1
                                                                                                                                                                    • Instruction Fuzzy Hash: D4219772A00605EBDB10DF69EC42BDA7764FB00765F20411BF421EB6D0D77CAAC28A9C
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00413D6F, Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 30%
                                                                                                                                                                    			E00413D6F(intOrPtr _a4) {
				signed int _v8;
				char _v20;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _t19;
				intOrPtr _t20;
				intOrPtr _t24;
				intOrPtr _t27;
				intOrPtr _t40;
				char _t42;
				intOrPtr _t49;

				_push(0xffffffff);
				_push(0x41b9a8);
				_push(E004147FC);
				_t19 =  *[fs:0x0];
				_push(_t19);
				 *[fs:0x0] = _t42;
				_t40 = _a4;
				if(_t40 != 0) {
					_t20 =  *0x425a58; // 0x1
					if(_t20 != 3) {
						if(_t20 != 2) {
							_push(_t40);
							goto L12;
						} else {
							E004154DA(9);
							_v8 = 1;
							_t24 = E004165C8(_t40,  &_v44,  &_v36);
							_v40 = _t24;
							if(_t24 != 0) {
								E0041661F(_v44, _v36, _t24);
							}
							_v8 = _v8 | 0xffffffff;
							_t19 = E00413E31();
							goto L9;
						}
					} else {
						E004154DA(9);
						_v8 = _v8 & 0x00000000;
						_t27 = E0041586D(_t40);
						_v32 = _t27;
						if(_t27 != 0) {
							_push(_t40);
							_push(_t27);
							E00415898();
						}
						_v8 = _v8 | 0xffffffff;
						_t19 = E00413DD9();
						_t49 = _v32;
						L9:
						if(_t49 == 0) {
							_push(_a4);
							L12:
							_push(0);
							_t19 = RtlFreeHeap( *0x425a54); // executed
						}
					}
				}
				 *[fs:0x0] = _v20;
				return _t19;
			}
















                                                                                                                                                                    0x00413d72
                                                                                                                                                                    0x00413d74
                                                                                                                                                                    0x00413d79
                                                                                                                                                                    0x00413d7e
                                                                                                                                                                    0x00413d84
                                                                                                                                                                    0x00413d85
                                                                                                                                                                    0x00413d92
                                                                                                                                                                    0x00413d97
                                                                                                                                                                    0x00413d9d
                                                                                                                                                                    0x00413da5
                                                                                                                                                                    0x00413de5
                                                                                                                                                                    0x00413e3a
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00413de7
                                                                                                                                                                    0x00413de9
                                                                                                                                                                    0x00413def
                                                                                                                                                                    0x00413dff
                                                                                                                                                                    0x00413e07
                                                                                                                                                                    0x00413e0c
                                                                                                                                                                    0x00413e15
                                                                                                                                                                    0x00413e1a
                                                                                                                                                                    0x00413e1d
                                                                                                                                                                    0x00413e21
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00413e26
                                                                                                                                                                    0x00413da7
                                                                                                                                                                    0x00413da9
                                                                                                                                                                    0x00413daf
                                                                                                                                                                    0x00413db4
                                                                                                                                                                    0x00413dba
                                                                                                                                                                    0x00413dbf
                                                                                                                                                                    0x00413dc1
                                                                                                                                                                    0x00413dc2
                                                                                                                                                                    0x00413dc3
                                                                                                                                                                    0x00413dc9
                                                                                                                                                                    0x00413dca
                                                                                                                                                                    0x00413dce
                                                                                                                                                                    0x00413dd3
                                                                                                                                                                    0x00413e2a
                                                                                                                                                                    0x00413e2a
                                                                                                                                                                    0x00413e2c
                                                                                                                                                                    0x00413e3b
                                                                                                                                                                    0x00413e3b
                                                                                                                                                                    0x00413e43
                                                                                                                                                                    0x00413e43
                                                                                                                                                                    0x00413e2a
                                                                                                                                                                    0x00413da5
                                                                                                                                                                    0x00413e4c
                                                                                                                                                                    0x00413e57

                                                                                                                                                                    APIs
                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000,00000000,00000000,?,00000000,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074), ref: 00413E43
                                                                                                                                                                      • Part of subcall function 004154DA: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415517
                                                                                                                                                                      • Part of subcall function 004154DA: EnterCriticalSection.KERNEL32(?,?,?,00416D82,00000009,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00415532
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalSection$EnterFreeHeapInitialize
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 641406236-0
                                                                                                                                                                    • Opcode ID: 841176424f551508ca039d1f5d574a0052902f767b8dc575c65ddda1a9f22b4e
                                                                                                                                                                    • Instruction ID: 5a14261a50f2f4ae8fe925cd7ff68077a924e970bbdc1eb83d0c2eed9fb11c58
                                                                                                                                                                    • Opcode Fuzzy Hash: 841176424f551508ca039d1f5d574a0052902f767b8dc575c65ddda1a9f22b4e
                                                                                                                                                                    • Instruction Fuzzy Hash: 2421C272901705FADB10AF96DC02BDE7BB8EB04725F24012BF414B21C0D77C9AC08AA9
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004052CF, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                                                    			E004052CF(char* __ecx, void* __eflags) {
				void* _t17;
				intOrPtr* _t20;
				signed char _t22;
				void* _t28;
				void* _t29;
				char* _t46;
				void* _t48;

				E00413724(E0041948C, _t48);
				_t46 = __ecx;
				_t17 = E0040536A(__ecx);
				if(_t17 != 0) {
					 *((intOrPtr*)(_t48 - 0x18)) = 0;
					 *((intOrPtr*)(_t48 - 0x14)) = 0;
					 *((intOrPtr*)(_t48 - 0x10)) = 0;
					E0040218D(_t48 - 0x18, 3);
					 *((intOrPtr*)(_t48 - 4)) = 0;
					if(E004050EE(_t48 - 0x18) != 0) {
						_push( *((intOrPtr*)(_t48 + 8)));
						_t20 = E0040485A(_t48 - 0x24, _t48 - 0x18);
						 *((char*)(_t48 - 4)) = 1;
						_t22 = E004051B7( *_t20, 1, _t46 + 4, 0); // executed
						asm("sbb bl, bl");
						_t28 =  ~_t22 + 1;
						E00403A63( *((intOrPtr*)(_t48 - 0x24)));
						if(_t28 != 0) {
							goto L2;
						} else {
							 *_t46 = 1;
							_t29 = _t28 + 1;
						}
					} else {
						L2:
						_t29 = 0;
					}
					E00403A63( *((intOrPtr*)(_t48 - 0x18)));
					_t17 = _t29;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t48 - 0xc));
				return _t17;
			}










                                                                                                                                                                    0x004052d4
                                                                                                                                                                    0x004052dd
                                                                                                                                                                    0x004052df
                                                                                                                                                                    0x004052e6
                                                                                                                                                                    0x004052f1
                                                                                                                                                                    0x004052f4
                                                                                                                                                                    0x004052f7
                                                                                                                                                                    0x004052fa
                                                                                                                                                                    0x00405302
                                                                                                                                                                    0x0040530c
                                                                                                                                                                    0x00405312
                                                                                                                                                                    0x0040531b
                                                                                                                                                                    0x0040532b
                                                                                                                                                                    0x0040532f
                                                                                                                                                                    0x0040533b
                                                                                                                                                                    0x0040533d
                                                                                                                                                                    0x0040533f
                                                                                                                                                                    0x00405347
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00405349
                                                                                                                                                                    0x00405349
                                                                                                                                                                    0x0040534c
                                                                                                                                                                    0x0040534c
                                                                                                                                                                    0x0040530e
                                                                                                                                                                    0x0040530e
                                                                                                                                                                    0x0040530e
                                                                                                                                                                    0x0040530e
                                                                                                                                                                    0x00405351
                                                                                                                                                                    0x00405357
                                                                                                                                                                    0x0040535a
                                                                                                                                                                    0x0040535f
                                                                                                                                                                    0x00405367

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 004052D4
                                                                                                                                                                      • Part of subcall function 004050EE: __EH_prolog.LIBCMT ref: 004050F3
                                                                                                                                                                      • Part of subcall function 004050EE: GetTempPathA.KERNEL32(00000105,?,00000000,?,00000000), ref: 00405127
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog$PathTemp
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3652545363-0
                                                                                                                                                                    • Opcode ID: 1ef5fa40e20091595c8a07c7add8e04f0ea87ba7b14c6b9ab7bd2a47fc7370d7
                                                                                                                                                                    • Instruction ID: 884fa5787797a708672a5e156f09df22a5f972d3b51e26f7068c24b8b673b68a
                                                                                                                                                                    • Opcode Fuzzy Hash: 1ef5fa40e20091595c8a07c7add8e04f0ea87ba7b14c6b9ab7bd2a47fc7370d7
                                                                                                                                                                    • Instruction Fuzzy Hash: 5211A3759401059ACF00EFA5C552AEFBBB8EF95348F14402FE841732D1C7B90A49DE54
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040948B, Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                                    			E0040948B(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t16;
				long _t19;
				void* _t22;
				intOrPtr _t23;
				void* _t25;
				intOrPtr _t28;
				void* _t29;
				intOrPtr _t30;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				void* _t35;
				void* _t37;
				void* _t39;

				_t33 = _a8;
				_t32 = __ecx;
				_t30 =  *((intOrPtr*)(__ecx + 0x2c));
				_t16 =  *((intOrPtr*)(__ecx + 0x28));
				_t35 = _t33 - _t30;
				if(_t35 > 0 || _t35 >= 0 && _a4 >= _t16) {
					L9:
					_t23 = _a4;
					_t34 = _a8;
					_t19 = SendMessageA( *(_t32 + 0x30), 0x402, E00414340(_t23,  *((intOrPtr*)(_t32 + 0x18)), _t34), 0); // executed
					 *((intOrPtr*)(_t32 + 0x20)) = _t23;
					 *((intOrPtr*)(_t32 + 0x24)) = _t34;
					return _t19;
				}
				_t28 =  *((intOrPtr*)(_t32 + 0x20));
				_t37 = _t33 -  *((intOrPtr*)(_t32 + 0x24));
				if(_t37 < 0 || _t37 <= 0 && _a4 <= _t28) {
					goto L9;
				}
				_t25 = _a4 - _t28;
				_t29 = 0xa;
				asm("sbb esi, eax");
				_t22 = E00414340( *((intOrPtr*)(_t32 + 0x28)), _t29, _t30);
				_t39 = _t33 - _t30;
				if(_t39 >= 0 && (_t39 > 0 || _t25 >= _t22)) {
					goto L9;
				}
				return _t22;
			}

















                                                                                                                                                                    0x00409490
                                                                                                                                                                    0x00409494
                                                                                                                                                                    0x00409496
                                                                                                                                                                    0x00409499
                                                                                                                                                                    0x0040949c
                                                                                                                                                                    0x0040949e
                                                                                                                                                                    0x004094d4
                                                                                                                                                                    0x004094d4
                                                                                                                                                                    0x004094d7
                                                                                                                                                                    0x004094f1
                                                                                                                                                                    0x004094f7
                                                                                                                                                                    0x004094fa
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004094fa
                                                                                                                                                                    0x004094aa
                                                                                                                                                                    0x004094ad
                                                                                                                                                                    0x004094af
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004094bd
                                                                                                                                                                    0x004094bf
                                                                                                                                                                    0x004094c0
                                                                                                                                                                    0x004094c5
                                                                                                                                                                    0x004094ca
                                                                                                                                                                    0x004094cc
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00409501

                                                                                                                                                                    APIs
                                                                                                                                                                    • SendMessageA.USER32(?,00000402,00000000,00000000), ref: 004094F1
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                    • Opcode ID: c882695706ad5fcb5fe52963bd5f9c0226dc079efd4c61257d75d8f15ce9ae72
                                                                                                                                                                    • Instruction ID: 229f6cef9eb66390c3a55804c9d5625cc56256ae01cd5e0c7b7e4f7e7b7520eb
                                                                                                                                                                    • Opcode Fuzzy Hash: c882695706ad5fcb5fe52963bd5f9c0226dc079efd4c61257d75d8f15ce9ae72
                                                                                                                                                                    • Instruction Fuzzy Hash: 8301C436704216BBCB14DE69D480989F3A5FB48760B048237E908A7BD2D734FC518BDC
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00409DFC, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                    			E00409DFC(signed int __ecx, void* __eflags) {
				void* _t30;
				intOrPtr* _t44;
				intOrPtr* _t45;
				signed int _t48;
				void* _t51;

				E00413724(E00419C51, _t51);
				_push(__ecx);
				_push(__ecx);
				_t48 = __ecx;
				 *((intOrPtr*)(_t51 - 0x10)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x41b6b4;
				 *(_t51 - 4) = 5;
				E00407782(__ecx);
				 *(_t51 - 4) = 4;
				E00404320(_t48 + 0xb4);
				 *(_t51 - 4) = 3;
				E00404320(_t48 + 0xa0);
				_t44 = _t48 + 0x8c;
				 *((intOrPtr*)(_t51 - 0x14)) = _t44;
				 *_t44 = 0x41b6c8;
				 *(_t51 - 4) = 6;
				E00404349();
				 *(_t51 - 4) = 2;
				E00404320(_t44);
				_t45 = _t48 + 0x78;
				 *((intOrPtr*)(_t51 - 0x14)) = _t45;
				 *_t45 = 0x41b6d0;
				 *(_t51 - 4) = 7;
				E00404349();
				 *(_t51 - 4) = 1;
				E00404320(_t45);
				 *(_t51 - 4) =  *(_t51 - 4) & 0x00000000;
				E004099F1(_t48);
				 *(_t51 - 4) =  *(_t51 - 4) | 0xffffffff;
				asm("sbb ecx, ecx");
				_t30 = E00409A39( ~_t48 & _t48 + 0x00000014,  ~_t48 & _t48 + 0x00000014); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t51 - 0xc));
				return _t30;
			}








                                                                                                                                                                    0x00409e01
                                                                                                                                                                    0x00409e06
                                                                                                                                                                    0x00409e07
                                                                                                                                                                    0x00409e09
                                                                                                                                                                    0x00409e0c
                                                                                                                                                                    0x00409e0f
                                                                                                                                                                    0x00409e15
                                                                                                                                                                    0x00409e1c
                                                                                                                                                                    0x00409e27
                                                                                                                                                                    0x00409e2b
                                                                                                                                                                    0x00409e36
                                                                                                                                                                    0x00409e3a
                                                                                                                                                                    0x00409e3f
                                                                                                                                                                    0x00409e45
                                                                                                                                                                    0x00409e48
                                                                                                                                                                    0x00409e50
                                                                                                                                                                    0x00409e54
                                                                                                                                                                    0x00409e5b
                                                                                                                                                                    0x00409e5f
                                                                                                                                                                    0x00409e64
                                                                                                                                                                    0x00409e67
                                                                                                                                                                    0x00409e6a
                                                                                                                                                                    0x00409e72
                                                                                                                                                                    0x00409e76
                                                                                                                                                                    0x00409e7d
                                                                                                                                                                    0x00409e81
                                                                                                                                                                    0x00409e86
                                                                                                                                                                    0x00409e8c
                                                                                                                                                                    0x00409e91
                                                                                                                                                                    0x00409e9c
                                                                                                                                                                    0x00409ea0
                                                                                                                                                                    0x00409eaa
                                                                                                                                                                    0x00409eb2

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00409E01
                                                                                                                                                                      • Part of subcall function 004099F1: __EH_prolog.LIBCMT ref: 004099F6
                                                                                                                                                                      • Part of subcall function 00409A39: __EH_prolog.LIBCMT ref: 00409A3E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: e2be988a2ed4eac1d18d94ffb3dcbee280352d40f72ce7d9b7b55f505c73744e
                                                                                                                                                                    • Instruction ID: 728224cdcdeea9a50de84ff331f734dd83e0a6071a74e90d77f9a4778d081c57
                                                                                                                                                                    • Opcode Fuzzy Hash: e2be988a2ed4eac1d18d94ffb3dcbee280352d40f72ce7d9b7b55f505c73744e
                                                                                                                                                                    • Instruction Fuzzy Hash: 931182B0A01254DADB09EBAAC1153DDFBF59FA1318F54415F9552732C2CBF82B0487A6
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00409070, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                                    			E00409070(void* __ecx, void* __eflags) {
				intOrPtr* _t21;
				signed char _t22;
				void* _t24;
				void* _t45;
				void* _t47;
				void* _t52;

				_t52 = __eflags;
				E00413724(E004199A8, _t47);
				_t45 = __ecx;
				E00401DAF(__ecx + 0x10,  *((intOrPtr*)(_t47 + 8)));
				_push( *((intOrPtr*)(_t47 + 0xc)));
				_t21 = E00402635(_t47 - 0x18, __ecx + 0x10);
				 *(_t47 - 4) = 0;
				_t22 = E00405620(__ecx + 0x20, _t52,  *_t21); // executed
				asm("sbb bl, bl");
				 *(_t47 - 4) =  *(_t47 - 4) | 0xffffffff;
				E00403A63( *((intOrPtr*)(_t47 - 0x18)));
				if( ~_t22 + 1 != 0) {
					 *((intOrPtr*)(_t47 + 8)) = 1;
					E00413B0D(_t47 + 8, 0x41c4c8);
				}
				_t24 = E00404349();
				 *(_t45 + 0x58) =  *(_t45 + 0x58) & 0x00000000;
				 *((intOrPtr*)(_t45 + 0x88)) = 0;
				 *((intOrPtr*)(_t45 + 0x8c)) = 0;
				 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0xc));
				return _t24;
			}









                                                                                                                                                                    0x00409070
                                                                                                                                                                    0x00409075
                                                                                                                                                                    0x0040907f
                                                                                                                                                                    0x0040908a
                                                                                                                                                                    0x0040908f
                                                                                                                                                                    0x00409097
                                                                                                                                                                    0x004090a3
                                                                                                                                                                    0x004090a6
                                                                                                                                                                    0x004090b2
                                                                                                                                                                    0x004090b4
                                                                                                                                                                    0x004090ba
                                                                                                                                                                    0x004090c2
                                                                                                                                                                    0x004090cd
                                                                                                                                                                    0x004090d4
                                                                                                                                                                    0x004090d4
                                                                                                                                                                    0x004090dc
                                                                                                                                                                    0x004090e1
                                                                                                                                                                    0x004090e8
                                                                                                                                                                    0x004090ee
                                                                                                                                                                    0x004090f7
                                                                                                                                                                    0x004090ff

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00409075
                                                                                                                                                                      • Part of subcall function 00402635: __EH_prolog.LIBCMT ref: 0040263A
                                                                                                                                                                      • Part of subcall function 00405620: __EH_prolog.LIBCMT ref: 00405625
                                                                                                                                                                      • Part of subcall function 00413B0D: RaiseException.KERNEL32(00000003,00000000,00000003,?,00000003,?,00000003,00000000,00000000,00401055,00000003,?,00000000), ref: 00413B3B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog$ExceptionRaise
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2062786585-0
                                                                                                                                                                    • Opcode ID: ea86ed0e652585005991638c1457c0c7c3a7cc5aae0f600e2a7d0650e0336acf
                                                                                                                                                                    • Instruction ID: c87fc69b1ce411278b5c4cd36917e57d7785db396d8ca4da128de4c157d2198f
                                                                                                                                                                    • Opcode Fuzzy Hash: ea86ed0e652585005991638c1457c0c7c3a7cc5aae0f600e2a7d0650e0336acf
                                                                                                                                                                    • Instruction Fuzzy Hash: 1601D2B5A402049ECB10EF26C451ADEBBB1FF84314F10852FE896A32E1CB796649CB54
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004027A7, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E004027A7(void* __ecx) {
				void* _t17;
				signed int _t31;
				intOrPtr _t34;
				void* _t36;

				E00413724(E00418F6C, _t36);
				E00401D16(_t36 - 0x18, __ecx + 0x10);
				_t34 =  *((intOrPtr*)(_t36 + 8));
				_t31 = 0;
				 *((intOrPtr*)(_t36 - 4)) = 0;
				if( *((intOrPtr*)(_t34 + 8)) > 0) {
					do {
						E00401E18(_t36 - 0x18,  *((intOrPtr*)( *((intOrPtr*)(_t34 + 0xc)) + _t31 * 4)));
						E004049F4( *((intOrPtr*)(_t36 - 0x18))); // executed
						E00401DED(_t36 - 0x18, 0x5c);
						_t31 = _t31 + 1;
					} while (_t31 <  *((intOrPtr*)(_t34 + 8)));
				}
				_t17 = E00403A63( *((intOrPtr*)(_t36 - 0x18)));
				 *[fs:0x0] =  *((intOrPtr*)(_t36 - 0xc));
				return _t17;
			}







                                                                                                                                                                    0x004027ac
                                                                                                                                                                    0x004027bd
                                                                                                                                                                    0x004027c2
                                                                                                                                                                    0x004027c5
                                                                                                                                                                    0x004027c7
                                                                                                                                                                    0x004027cd
                                                                                                                                                                    0x004027cf
                                                                                                                                                                    0x004027d8
                                                                                                                                                                    0x004027e0
                                                                                                                                                                    0x004027ea
                                                                                                                                                                    0x004027ef
                                                                                                                                                                    0x004027f0
                                                                                                                                                                    0x004027cf
                                                                                                                                                                    0x004027f8
                                                                                                                                                                    0x00402803
                                                                                                                                                                    0x0040280b

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 004027AC
                                                                                                                                                                      • Part of subcall function 004049F4: CreateDirectoryA.KERNEL32(?,00000000,00000000,00000000,?,00000000,?,?,00405334,?,00000000,?,00000003), ref: 00404A13
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateDirectoryH_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3554458247-0
                                                                                                                                                                    • Opcode ID: c3f9e87122b5f66eda9ea07844d50c49cbaa55343be1246a3749dcb7463488c0
                                                                                                                                                                    • Instruction ID: aa96bd448e9fa33173a2259148c0e22656dcd3e9b7c7d25cba760d9f6e75f00f
                                                                                                                                                                    • Opcode Fuzzy Hash: c3f9e87122b5f66eda9ea07844d50c49cbaa55343be1246a3749dcb7463488c0
                                                                                                                                                                    • Instruction Fuzzy Hash: 55F03C729005069BCB05EB5AC8429EEBBB5EF94308F10403FE152775E2DA786986DB94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00406297, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                                                    			E00406297(intOrPtr __ecx, void* __edx, void* __eflags) {
				void* _t17;
				signed int _t18;
				void* _t28;
				void* _t30;

				E00413724(E004195AC, _t30);
				_push(__ecx);
				 *(_t30 - 0x10) =  *(_t30 - 0x10) & 0x00000000;
				 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
				_t17 = E004061BF(_t30 - 0x10, __ecx,  *((intOrPtr*)(_t30 + 8)),  *((intOrPtr*)(_t30 + 0xc)), __edx,  *((intOrPtr*)(_t30 + 0x10)), 1); // executed
				 *(_t30 - 4) =  *(_t30 - 4) | 0xffffffff;
				_t28 = _t17;
				_t18 =  *(_t30 - 0x10);
				if(_t18 != 0) {
					 *((intOrPtr*)( *_t18 + 8))(_t18);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t30 - 0xc));
				return _t28;
			}







                                                                                                                                                                    0x0040629c
                                                                                                                                                                    0x004062a1
                                                                                                                                                                    0x004062a2
                                                                                                                                                                    0x004062ab
                                                                                                                                                                    0x004062be
                                                                                                                                                                    0x004062c3
                                                                                                                                                                    0x004062c7
                                                                                                                                                                    0x004062c9
                                                                                                                                                                    0x004062ce
                                                                                                                                                                    0x004062d3
                                                                                                                                                                    0x004062d3
                                                                                                                                                                    0x004062dc
                                                                                                                                                                    0x004062e4

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040629C
                                                                                                                                                                      • Part of subcall function 004061BF: __EH_prolog.LIBCMT ref: 004061C4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: 6c2e6a82ad44a3596cf000a5615c5b739901b0aaac1cec813de11ba17f646bcd
                                                                                                                                                                    • Instruction ID: d002f29cd99a7d9c36b9a014c837f136803fcb54798139eb5382dd41199f51d8
                                                                                                                                                                    • Opcode Fuzzy Hash: 6c2e6a82ad44a3596cf000a5615c5b739901b0aaac1cec813de11ba17f646bcd
                                                                                                                                                                    • Instruction Fuzzy Hash: 2BF03A72A00218EFDB15DF94CC01BEEB779FB48315F10816AB422E72D0C7798A10CB14
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040C96C, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                                    			E0040C96C(intOrPtr __ecx, void* __eflags) {
				void* _t23;
				void* _t35;

				E00413724(E0041A194, _t35);
				_push(__ecx);
				 *((intOrPtr*)(_t35 - 0x10)) = __ecx;
				 *(_t35 - 4) = 4;
				E00404320(__ecx + 0x1ac);
				 *(_t35 - 4) = 3;
				E00404320(__ecx + 0x198);
				 *(_t35 - 4) = 2;
				E00404320(__ecx + 0x184);
				 *(_t35 - 4) = 1;
				E00404320(__ecx + 0x170);
				 *(_t35 - 4) =  *(_t35 - 4) & 0x00000000;
				E00404320(__ecx + 0x158);
				_t13 = _t35 - 4;
				 *(_t35 - 4) =  *(_t35 - 4) | 0xffffffff;
				_t23 = E0040C9E3(__ecx,  *_t13); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t35 - 0xc));
				return _t23;
			}





                                                                                                                                                                    0x0040c971
                                                                                                                                                                    0x0040c976
                                                                                                                                                                    0x0040c97a
                                                                                                                                                                    0x0040c983
                                                                                                                                                                    0x0040c98a
                                                                                                                                                                    0x0040c995
                                                                                                                                                                    0x0040c999
                                                                                                                                                                    0x0040c9a4
                                                                                                                                                                    0x0040c9a8
                                                                                                                                                                    0x0040c9b3
                                                                                                                                                                    0x0040c9b7
                                                                                                                                                                    0x0040c9bc
                                                                                                                                                                    0x0040c9c6
                                                                                                                                                                    0x0040c9cb
                                                                                                                                                                    0x0040c9cb
                                                                                                                                                                    0x0040c9d1
                                                                                                                                                                    0x0040c9da
                                                                                                                                                                    0x0040c9e2

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040C971
                                                                                                                                                                      • Part of subcall function 0040C9E3: __EH_prolog.LIBCMT ref: 0040C9E8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: 97d13476a1578dbbb8b7321e23e8bd518515a52fd3c7649a69e8943f484a5e8b
                                                                                                                                                                    • Instruction ID: 180fbe891bab88941c19a906eef3a01802dada044b7360aafa1ebd8752043cfb
                                                                                                                                                                    • Opcode Fuzzy Hash: 97d13476a1578dbbb8b7321e23e8bd518515a52fd3c7649a69e8943f484a5e8b
                                                                                                                                                                    • Instruction Fuzzy Hash: 66F0FCB0911640DEC719EB74D1153DDFBB4AF55308F50419E9956736C2CFB81708C765
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004032D8, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E004032D8(intOrPtr* __ecx, void* __eflags) {
				void* _t14;
				void* _t26;
				void* _t28;

				E00413724(E00419094, _t26);
				 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
				 *((intOrPtr*)(_t26 - 0x10)) = _t28 - 0xc;
				 *((intOrPtr*)(_t26 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t26 - 0x18)) =  *((intOrPtr*)(__ecx + 0x1c)) + 0x68;
				 *(_t26 - 4) = 1;
				E004030FC(__ecx, __eflags); // executed
				 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
				_t14 = E0040332E( *((intOrPtr*)(__ecx + 0x1c)) + 0x68);
				 *[fs:0x0] =  *((intOrPtr*)(_t26 - 0xc));
				return _t14;
			}






                                                                                                                                                                    0x004032dd
                                                                                                                                                                    0x004032e5
                                                                                                                                                                    0x004032f2
                                                                                                                                                                    0x004032f5
                                                                                                                                                                    0x004032f8
                                                                                                                                                                    0x004032fb
                                                                                                                                                                    0x004032ff
                                                                                                                                                                    0x00403304
                                                                                                                                                                    0x0040330a
                                                                                                                                                                    0x00403314
                                                                                                                                                                    0x0040331d

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 004032DD
                                                                                                                                                                      • Part of subcall function 004030FC: __EH_prolog.LIBCMT ref: 00403101
                                                                                                                                                                      • Part of subcall function 0040332E: PostMessageA.USER32 ref: 0040334A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog$MessagePost
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2996832579-0
                                                                                                                                                                    • Opcode ID: 3650cc55dc1ad6ba521ee8dc18195950731ccd20262df1a5d63dd7a0c930c4a4
                                                                                                                                                                    • Instruction ID: a40ef3626910b984a648cc3a9596ba3bf3b325a715b65d30debaaa5356a6cd82
                                                                                                                                                                    • Opcode Fuzzy Hash: 3650cc55dc1ad6ba521ee8dc18195950731ccd20262df1a5d63dd7a0c930c4a4
                                                                                                                                                                    • Instruction Fuzzy Hash: 40E06DB2D15268EBDB00EF9895123DDBBB8AF48B09F2080AFE10073281C7B95B0487D5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00405800, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00405800(void* __ecx, void* __eflags) {
				void* _t10;
				void* _t24;

				E00413724(E00419510, _t24);
				E00404D82(_t24 - 0x44);
				_t2 = _t24 - 4;
				 *(_t24 - 4) =  *(_t24 - 4) & 0x00000000;
				_t10 = E00405620(_t24 - 0x44,  *_t2, __ecx); // executed
				E00403A63( *((intOrPtr*)(_t24 - 0x1c)));
				 *[fs:0x0] =  *((intOrPtr*)(_t24 - 0xc));
				return _t10;
			}





                                                                                                                                                                    0x00405805
                                                                                                                                                                    0x00405814
                                                                                                                                                                    0x00405819
                                                                                                                                                                    0x00405819
                                                                                                                                                                    0x00405821
                                                                                                                                                                    0x0040582b
                                                                                                                                                                    0x00405838
                                                                                                                                                                    0x00405840

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 00405805
                                                                                                                                                                      • Part of subcall function 00405620: __EH_prolog.LIBCMT ref: 00405625
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: 4116503fbfa2e423a67f235befd0bbd623114a4f8063e266388989b9e1cc25aa
                                                                                                                                                                    • Instruction ID: a0f610f1b5e032532ed1cec3649959bf66a41b4e8af70f58d5593db508bcf515
                                                                                                                                                                    • Opcode Fuzzy Hash: 4116503fbfa2e423a67f235befd0bbd623114a4f8063e266388989b9e1cc25aa
                                                                                                                                                                    • Instruction Fuzzy Hash: 46E04FB3D410049ACB05EB65E9527EDB378EF61319F50407FE412735D18B381F09CA58
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00405B29, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                                    			E00405B29(void** __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				long _t12;
				signed int _t14;
				void** _t16;

				_t16 = __ecx;
				_push(__ecx);
				_t12 =  *0x42047c; // 0x400000
				if(_a8 > _t12) {
					_a8 = _t12;
				}
				_v8 = _v8 & 0x00000000;
				_t14 = WriteFile( *_t16, _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t14 & 0xffffff00 | _t14 != 0x00000000;
			}







                                                                                                                                                                    0x00405b29
                                                                                                                                                                    0x00405b2c
                                                                                                                                                                    0x00405b2d
                                                                                                                                                                    0x00405b35
                                                                                                                                                                    0x00405b37
                                                                                                                                                                    0x00405b37
                                                                                                                                                                    0x00405b40
                                                                                                                                                                    0x00405b4c
                                                                                                                                                                    0x00405b5a
                                                                                                                                                                    0x00405b60

                                                                                                                                                                    APIs
                                                                                                                                                                    • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00405B4C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                                                    • Opcode ID: f685ec6030a7cae57bc9182c2f64f11e19c4f82e6ad9756b6e5eb0af141a467c
                                                                                                                                                                    • Instruction ID: fda623b9c22c7fd134ddab0a411968f0e63156441233f4ee367e8c40c556ab77
                                                                                                                                                                    • Opcode Fuzzy Hash: f685ec6030a7cae57bc9182c2f64f11e19c4f82e6ad9756b6e5eb0af141a467c
                                                                                                                                                                    • Instruction Fuzzy Hash: 17E0E575640208FBCB11CFA5C801B8E7BF9EB08354F20C169F914AA260D739EA11DF54
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040961F, Relevance: 1.5, APIs: 1, Instructions: 21timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E0040961F(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t11;
				void* _t17;

				_t17 = __ecx;
				if(_a4 != 0x401) {
					L3:
					_t11 = E00405F95(_t17, _a4, _a8, _a12); // executed
					return _t11;
				}
				KillTimer( *(__ecx + 4),  *(__ecx + 8));
				 *(_t17 + 8) =  *(_t17 + 8) & 0x00000000;
				if( *((char*)(_t17 + 0x3a)) == 0) {
					return E0040972B(_t17);
				}
				 *((char*)(_t17 + 0x3b)) = 1;
				goto L3;
			}





                                                                                                                                                                    0x00409628
                                                                                                                                                                    0x0040962a
                                                                                                                                                                    0x00409646
                                                                                                                                                                    0x00409654
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00409654
                                                                                                                                                                    0x00409632
                                                                                                                                                                    0x00409638
                                                                                                                                                                    0x00409640
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040965d
                                                                                                                                                                    0x00409642
                                                                                                                                                                    0x00000000

                                                                                                                                                                    APIs
                                                                                                                                                                    • KillTimer.USER32(00000401,?), ref: 00409632
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: KillTimer
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 729406807-0
                                                                                                                                                                    • Opcode ID: 40201b7b4985cfdd937b7cd282af48662d3b5b6e46c240f8ac00453c1f7acc57
                                                                                                                                                                    • Instruction ID: ba2b0ad69a6321ddfc897951db7ccca68686c3ed7f71d35ff0dd08949a20df76
                                                                                                                                                                    • Opcode Fuzzy Hash: 40201b7b4985cfdd937b7cd282af48662d3b5b6e46c240f8ac00453c1f7acc57
                                                                                                                                                                    • Instruction Fuzzy Hash: 88E09231118B51EBCB269F11C954B5BBBE2BF40708F048C2EF096215E1C77A9C55DB4A
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040C931, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                                    			E0040C931(intOrPtr __ecx, void* __eflags) {
				void* _t12;
				intOrPtr* _t19;
				void* _t21;

				E00413724(E0041A147, _t21);
				_push(__ecx);
				 *((intOrPtr*)(_t21 - 0x10)) = __ecx;
				 *(_t21 - 4) =  *(_t21 - 4) & 0x00000000;
				_t12 = E0040C96C(__ecx + 0x10, __eflags); // executed
				_t19 =  *((intOrPtr*)(__ecx + 8));
				 *(_t21 - 4) =  *(_t21 - 4) | 0xffffffff;
				if(_t19 != 0) {
					_t12 =  *((intOrPtr*)( *_t19 + 8))(_t19);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t21 - 0xc));
				return _t12;
			}






                                                                                                                                                                    0x0040c936
                                                                                                                                                                    0x0040c93b
                                                                                                                                                                    0x0040c93f
                                                                                                                                                                    0x0040c942
                                                                                                                                                                    0x0040c949
                                                                                                                                                                    0x0040c94e
                                                                                                                                                                    0x0040c951
                                                                                                                                                                    0x0040c957
                                                                                                                                                                    0x0040c95c
                                                                                                                                                                    0x0040c95c
                                                                                                                                                                    0x0040c963
                                                                                                                                                                    0x0040c96b

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040C936
                                                                                                                                                                      • Part of subcall function 0040C96C: __EH_prolog.LIBCMT ref: 0040C971
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: 2f93a48584fc243b76bceec8380402125645ced17a7c1bf7a60211c0ce45116c
                                                                                                                                                                    • Instruction ID: 8adf79bcf0a25fb823e60414124b99f072840e3085735b9c49c9779a3d641231
                                                                                                                                                                    • Opcode Fuzzy Hash: 2f93a48584fc243b76bceec8380402125645ced17a7c1bf7a60211c0ce45116c
                                                                                                                                                                    • Instruction Fuzzy Hash: 6EE01A71811620EBC724EF58C4456DEB7B4EF08725F00875EA4E6B36D1C7B8AE40CB94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004147B4, Relevance: 1.5, APIs: 1, Instructions: 20threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                                                    			E004147B4() {
				intOrPtr* _t5;
				void* _t14;
				intOrPtr _t15;

				_t15 =  *((intOrPtr*)(_t14 - 0x18));
				E00416A77( *((intOrPtr*)(_t14 - 0x20)));
				_t5 =  *0x425a64; // 0x0
				if(_t5 != 0) {
					 *_t5();
				}
				_t13 = E004152F3();
				if(_t6 == 0) {
					E004149DC(0x10);
				}
				E0041535A(_t13);
				ExitThread( *(_t15 + 8));
			}






                                                                                                                                                                    0x004147b4
                                                                                                                                                                    0x004147ba
                                                                                                                                                                    0x004147bf
                                                                                                                                                                    0x004147c6
                                                                                                                                                                    0x004147c8
                                                                                                                                                                    0x004147c8
                                                                                                                                                                    0x004147d0
                                                                                                                                                                    0x004147d4
                                                                                                                                                                    0x004147d8
                                                                                                                                                                    0x004147dd
                                                                                                                                                                    0x004147df
                                                                                                                                                                    0x004147e9

                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExitThread
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2158977761-0
                                                                                                                                                                    • Opcode ID: 6c939c18724e7789034020813005a1b29b75e21fb5f5d6c1b381c2503cc8d902
                                                                                                                                                                    • Instruction ID: 835638d51d7e690d80ddf8f11569568d1c7a5f433119f1d0283a2071334468ba
                                                                                                                                                                    • Opcode Fuzzy Hash: 6c939c18724e7789034020813005a1b29b75e21fb5f5d6c1b381c2503cc8d902
                                                                                                                                                                    • Instruction Fuzzy Hash: CDE08C32900925AADB223BA1DC06AEE3620AF81394F00002BF8146A5A0DBA88CD186D9
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040F6E0, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                                    			E0040F6E0(intOrPtr* __ecx, void* __eflags) {
				void* _t8;
				void* _t17;
				intOrPtr _t19;

				E00413724(E0041A5F0, _t17);
				_push(__ecx);
				 *(_t17 - 4) =  *(_t17 - 4) & 0x00000000;
				 *((intOrPtr*)(_t17 - 0x10)) = _t19;
				_t8 = E0040F449(__ecx, __eflags,  *((intOrPtr*)(_t17 + 8))); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t17 - 0xc));
				return _t8;
			}






                                                                                                                                                                    0x0040f6e5
                                                                                                                                                                    0x0040f6ea
                                                                                                                                                                    0x0040f6eb
                                                                                                                                                                    0x0040f6f2
                                                                                                                                                                    0x0040f6f8
                                                                                                                                                                    0x0040f70d
                                                                                                                                                                    0x0040f716

                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 0040F6E5
                                                                                                                                                                      • Part of subcall function 0040F449: __EH_prolog.LIBCMT ref: 0040F44E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: 0c00a6b9b995e6d122d0d1e5645fdc19a4d57d2469026a55dc4bfd6035115874
                                                                                                                                                                    • Instruction ID: 32d4a89d334c2aba7f1f5d27adfa0c04a02a885b7174eb98eed18e47b0b867f7
                                                                                                                                                                    • Opcode Fuzzy Hash: 0c00a6b9b995e6d122d0d1e5645fdc19a4d57d2469026a55dc4bfd6035115874
                                                                                                                                                                    • Instruction Fuzzy Hash: 1DD012B2515104FBD7109F45D842BDEBBB8EB51369F10813BF00171540D37D5644966A
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00405A1D, Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                    			E00405A1D(void** __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				signed int _t11;

				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t11 = ReadFile( *__ecx, _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t11 & 0xffffff00 | _t11 != 0x00000000;
			}





                                                                                                                                                                    0x00405a20
                                                                                                                                                                    0x00405a27
                                                                                                                                                                    0x00405a33
                                                                                                                                                                    0x00405a41
                                                                                                                                                                    0x00405a47

                                                                                                                                                                    APIs
                                                                                                                                                                    • ReadFile.KERNELBASE(000000FF,00000000,?,?,00000000,000000FF,?,00405A68,00000000,?,00000000,?,00405A8E,00000000,?,00000000), ref: 00405A33
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                    • Opcode ID: 7899785fd51540d5028ce756fcdedcbfaef9db2fe3ec3db1f53401f618f66a8a
                                                                                                                                                                    • Instruction ID: 33e006b7c7266c94de2827aaddd493f3c8d551b448fa911b85e4ce9a1db514e9
                                                                                                                                                                    • Opcode Fuzzy Hash: 7899785fd51540d5028ce756fcdedcbfaef9db2fe3ec3db1f53401f618f66a8a
                                                                                                                                                                    • Instruction Fuzzy Hash: A4E0EC75200208FBCB01CF91CC05FCE7BB9FB49754F208058E90596160C375AA14EB54
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040332E, Relevance: 1.5, APIs: 1, Instructions: 17windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E0040332E(void* __ecx) {
				int _t7;

				E00412FE0( *((intOrPtr*)(__ecx + 0x3c)));
				if( *((intOrPtr*)(__ecx + 0x38)) == 0) {
					 *((char*)(__ecx + 0x39)) = 1;
					return 0;
				} else {
					_t7 = PostMessageA( *(__ecx + 4), 0x401, 0, 0); // executed
					return _t7;
				}
			}




                                                                                                                                                                    0x00403334
                                                                                                                                                                    0x0040333e
                                                                                                                                                                    0x00403352
                                                                                                                                                                    0x00403357
                                                                                                                                                                    0x00403340
                                                                                                                                                                    0x0040334a
                                                                                                                                                                    0x00403351
                                                                                                                                                                    0x00403351

                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00412FE0: WaitForSingleObject.KERNEL32(?,000000FF,004030BD,000001F4,00000000,?,?,00000000,00000003,00000000,00000000), ref: 00412FE3
                                                                                                                                                                    • PostMessageA.USER32 ref: 0040334A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: MessageObjectPostSingleWait
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1869837590-0
                                                                                                                                                                    • Opcode ID: ca09a283920ad948c83e0c61438e8ab655a43c2418f09e20757d7285c5fc584f
                                                                                                                                                                    • Instruction ID: 8c16cd5f53dcfbfe0772259f9ca2089d8bf1c67227ca8e6a2a5146bbfc9e19bd
                                                                                                                                                                    • Opcode Fuzzy Hash: ca09a283920ad948c83e0c61438e8ab655a43c2418f09e20757d7285c5fc584f
                                                                                                                                                                    • Instruction Fuzzy Hash: 4DD0A5711146505DD7A16734BE859D77BD9AF04310B45486FB543D2D51C6E17C818354
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004037D4, Relevance: 1.5, APIs: 1, Instructions: 17COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E004037D4(struct HWND__** __ecx) {
				struct HWND__* _t3;
				signed int _t4;
				signed int _t5;
				signed int* _t8;

				_t8 = __ecx;
				_t3 =  *__ecx;
				if(_t3 != 0) {
					_t4 = DestroyWindow(_t3); // executed
					_t5 = _t4 & 0xffffff00 | _t4 != 0x00000000;
					if(_t5 != 0) {
						 *_t8 =  *_t8 & 0x00000000;
						return _t5;
					}
					return _t5;
				} else {
					return 1;
				}
			}







                                                                                                                                                                    0x004037d5
                                                                                                                                                                    0x004037d7
                                                                                                                                                                    0x004037db
                                                                                                                                                                    0x004037e2
                                                                                                                                                                    0x004037ea
                                                                                                                                                                    0x004037ef
                                                                                                                                                                    0x004037f1
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004037f1
                                                                                                                                                                    0x004037f5
                                                                                                                                                                    0x004037dd
                                                                                                                                                                    0x004037e0
                                                                                                                                                                    0x004037e0

                                                                                                                                                                    APIs
                                                                                                                                                                    • DestroyWindow.USER32(00000000,?,0040376D,?,?,0040372C), ref: 004037E2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DestroyWindow
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3375834691-0
                                                                                                                                                                    • Opcode ID: 094c4a791e3c3d22533db27253446813ca192b4e7b5bfce19e3e4437180486eb
                                                                                                                                                                    • Instruction ID: d140feb34bccb75b866a8de7f18bdf1164124bf249eb5d23b94e64d2c86658a1
                                                                                                                                                                    • Opcode Fuzzy Hash: 094c4a791e3c3d22533db27253446813ca192b4e7b5bfce19e3e4437180486eb
                                                                                                                                                                    • Instruction Fuzzy Hash: ACD022B11002114BDB300E2DB8043C373CC6F00322B12C46AFC80DB380D738CCC29688
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004147BF, Relevance: 1.5, APIs: 1, Instructions: 17threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                                    			E004147BF(long _a4) {
				intOrPtr* _t2;

				_t2 =  *0x425a64; // 0x0
				if(_t2 != 0) {
					 *_t2();
				}
				_t10 = E004152F3();
				if(_t3 == 0) {
					E004149DC(0x10);
				}
				E0041535A(_t10);
				ExitThread(_a4);
			}




                                                                                                                                                                    0x004147bf
                                                                                                                                                                    0x004147c6
                                                                                                                                                                    0x004147c8
                                                                                                                                                                    0x004147c8
                                                                                                                                                                    0x004147d0
                                                                                                                                                                    0x004147d4
                                                                                                                                                                    0x004147d8
                                                                                                                                                                    0x004147dd
                                                                                                                                                                    0x004147df
                                                                                                                                                                    0x004147e9

                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExitThread
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2158977761-0
                                                                                                                                                                    • Opcode ID: 24773d02a99502e401f88b35345ffc50176b794b148236fecf9e645f2ac90187
                                                                                                                                                                    • Instruction ID: b4e95b568d212fcbc8e7df7edbfd3446e029e3f46d4ca6baaecf21535c38ed65
                                                                                                                                                                    • Opcode Fuzzy Hash: 24773d02a99502e401f88b35345ffc50176b794b148236fecf9e645f2ac90187
                                                                                                                                                                    • Instruction Fuzzy Hash: 2AD0A732600E25AAD6223771DC467EF2244AF81795B04012BF818895A0DFA8CDC145DD
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00405414, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00405414(void** __ecx) {
				void* _t1;
				int _t3;
				signed int* _t6;

				_t6 = __ecx;
				_t1 =  *__ecx;
				if(_t1 == 0xffffffff) {
					L4:
					return 1;
				} else {
					_t3 = FindClose(_t1); // executed
					if(_t3 != 0) {
						 *_t6 =  *_t6 | 0xffffffff;
						goto L4;
					} else {
						return 0;
					}
				}
			}






                                                                                                                                                                    0x00405415
                                                                                                                                                                    0x00405417
                                                                                                                                                                    0x0040541c
                                                                                                                                                                    0x00405430
                                                                                                                                                                    0x00405433
                                                                                                                                                                    0x0040541e
                                                                                                                                                                    0x0040541f
                                                                                                                                                                    0x00405427
                                                                                                                                                                    0x0040542d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00405429
                                                                                                                                                                    0x0040542c
                                                                                                                                                                    0x0040542c
                                                                                                                                                                    0x00405427

                                                                                                                                                                    APIs
                                                                                                                                                                    • FindClose.KERNELBASE(?,000000FF,00405445,000000FF), ref: 0040541F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseFind
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1863332320-0
                                                                                                                                                                    • Opcode ID: f0ce2bef5821c107b9489e8e4dd061de71a9af92eaf728c2451e2811c290832d
                                                                                                                                                                    • Instruction ID: ad963fc5273d8b9d86916b47fb17bcd605870b12c06d71a74b716dd917e87850
                                                                                                                                                                    • Opcode Fuzzy Hash: f0ce2bef5821c107b9489e8e4dd061de71a9af92eaf728c2451e2811c290832d
                                                                                                                                                                    • Instruction Fuzzy Hash: D4D0123151453157CA641E7C7848AD333D99A1637537157AAF4B4D32E0D3749CC34A98
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00405905, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00405905(void** __ecx) {
				void* _t1;
				int _t3;
				signed int* _t6;

				_t6 = __ecx;
				_t1 =  *__ecx;
				if(_t1 == 0xffffffff) {
					L4:
					return 1;
				} else {
					_t3 = FindCloseChangeNotification(_t1); // executed
					if(_t3 != 0) {
						 *_t6 =  *_t6 | 0xffffffff;
						goto L4;
					} else {
						return 0;
					}
				}
			}






                                                                                                                                                                    0x00405906
                                                                                                                                                                    0x00405908
                                                                                                                                                                    0x0040590d
                                                                                                                                                                    0x00405921
                                                                                                                                                                    0x00405924
                                                                                                                                                                    0x0040590f
                                                                                                                                                                    0x00405910
                                                                                                                                                                    0x00405918
                                                                                                                                                                    0x0040591e
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040591a
                                                                                                                                                                    0x0040591d
                                                                                                                                                                    0x0040591d
                                                                                                                                                                    0x00405918

                                                                                                                                                                    APIs
                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(00000000,000000FF,004058A0,?,?,00000000), ref: 00405910
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                    • Opcode ID: 9cbe10086181c6cf337a739c26a2519d1510d6718cc7d35307e3d92904545fb4
                                                                                                                                                                    • Instruction ID: c924a9121967eb2c43d42ee71539138ee39fbcc7c8c6d5ba34c486a20a6e0004
                                                                                                                                                                    • Opcode Fuzzy Hash: 9cbe10086181c6cf337a739c26a2519d1510d6718cc7d35307e3d92904545fb4
                                                                                                                                                                    • Instruction Fuzzy Hash: 93D0127151456197CE742E7C78445C337D8DA463303311B6BF4B0D32E0D3748D835A98
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00405AFC, Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                    			E00405AFC(void** __ecx, FILETIME* _a4, FILETIME* _a8, FILETIME* _a12) {
				signed int _t4;

				_t4 = SetFileTime( *__ecx, _a4, _a8, _a12); // executed
				asm("sbb eax, eax");
				return  ~( ~_t4);
			}




                                                                                                                                                                    0x00405b0a
                                                                                                                                                                    0x00405b12
                                                                                                                                                                    0x00405b16

                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?,00405B26,00000000,00000000,?,00402E13,?), ref: 00405B0A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileTime
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1425588814-0
                                                                                                                                                                    • Opcode ID: 2b6a10e293fa4a8bd52839064a41e39e160aca85d3804aec240939be71bd967c
                                                                                                                                                                    • Instruction ID: 4beff7ba357006865f39a04876becaa9faf69e640e246345c6c1d8862761ec95
                                                                                                                                                                    • Opcode Fuzzy Hash: 2b6a10e293fa4a8bd52839064a41e39e160aca85d3804aec240939be71bd967c
                                                                                                                                                                    • Instruction Fuzzy Hash: 29C04C36159106FF8F120F70CC04D1ABFA2EF99311F10C958B165C5070C7328024EB52
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040972B, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E0040972B(void* __ecx) {

				EndDialog( *(__ecx + 4), 0); // executed
				return 1;
			}



                                                                                                                                                                    0x00409730
                                                                                                                                                                    0x00409738

                                                                                                                                                                    APIs
                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 00409730
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Dialog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1120787796-0
                                                                                                                                                                    • Opcode ID: 1087bcccb476c66b47bcc031aad76a1899545b685ea55a95ad523b0557e913b4
                                                                                                                                                                    • Instruction ID: 02cfb945d2a0902c44d74e5b8f748d8f23abe5ba3218886e56c1416ce7b58693
                                                                                                                                                                    • Opcode Fuzzy Hash: 1087bcccb476c66b47bcc031aad76a1899545b685ea55a95ad523b0557e913b4
                                                                                                                                                                    • Instruction Fuzzy Hash: 62A0223C200200BBCA020F00EC2FB803F20FB08B82FE0C0E0E000082B0CB238003EE88
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00412FF0, Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00412FF0(intOrPtr* __ecx, intOrPtr __edx, char _a4) {
				intOrPtr _t4;
				long _t5;
				intOrPtr* _t12;

				_t12 = __ecx;
				_t4 = E0041468E(0, 0, __edx, _a4, 0,  &_a4); // executed
				 *_t12 = _t4;
				if(_t4 == 0) {
					_t5 = GetLastError();
					if(_t5 == 0) {
						return 1;
					}
					return _t5;
				} else {
					return 0;
				}
			}






                                                                                                                                                                    0x00412ff8
                                                                                                                                                                    0x00413004
                                                                                                                                                                    0x0041300c
                                                                                                                                                                    0x00413011
                                                                                                                                                                    0x00413018
                                                                                                                                                                    0x00413020
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00413022
                                                                                                                                                                    0x00413027
                                                                                                                                                                    0x00413013
                                                                                                                                                                    0x00413015
                                                                                                                                                                    0x00413015

                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0041468E: CreateThread.KERNELBASE ref: 004146CF
                                                                                                                                                                      • Part of subcall function 0041468E: GetLastError.KERNEL32(?,?,?,00413009,00000000,00000000,004032CA,?,00000000,00000000,?,00402FAB,?,00000000,?), ref: 004146D9
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000003,00000000,00000000), ref: 00413018
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$CreateThread
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 665435222-0
                                                                                                                                                                    • Opcode ID: fdfffcc17890bcc66e85f81167f5a4f4e376ab203a2f001e3d39f9f51099ce04
                                                                                                                                                                    • Instruction ID: 8241f09584fde1b7b47d6c8a5a56a0c389c2bf5d01a37efb599b640c9bda9e89
                                                                                                                                                                    • Opcode Fuzzy Hash: fdfffcc17890bcc66e85f81167f5a4f4e376ab203a2f001e3d39f9f51099ce04
                                                                                                                                                                    • Instruction Fuzzy Hash: 4EE086B22042126AE310DF509C05FE76ADCDB94B05F00443EB944C6184EB64CA40C3A9
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00410F40, Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00410F40(long __ecx) {
				void* _t1;

				if(__ecx != 0) {
					_t1 = VirtualAlloc(0, __ecx, 0x1000, 4); // executed
					return _t1;
				} else {
					return 0;
				}
			}




                                                                                                                                                                    0x00410f42
                                                                                                                                                                    0x00410f51
                                                                                                                                                                    0x00410f57
                                                                                                                                                                    0x00410f44
                                                                                                                                                                    0x00410f46
                                                                                                                                                                    0x00410f46

                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00020000,00001000,00000004,004103C8), ref: 00410F51
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                    • Opcode ID: 91e70fcb83806e64083a323eb2e3944731c0f93bc5a264736d7e7e867113384b
                                                                                                                                                                    • Instruction ID: 07720a170ef6d50c918e2da5ca2fe5f7ddfb2e687cae5d42b3df39ad5892c3a5
                                                                                                                                                                    • Opcode Fuzzy Hash: 91e70fcb83806e64083a323eb2e3944731c0f93bc5a264736d7e7e867113384b
                                                                                                                                                                    • Instruction Fuzzy Hash: DDB012B039138075FF7843208C1FFE71200A340B87F0080A8BB05D81C4E7D064C0501C
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00410F60, Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00410F60(void* __ecx) {
				void* _t1;
				int _t2;

				if(__ecx != 0) {
					_t2 = VirtualFree(__ecx, 0, 0x8000); // executed
					return _t2;
				}
				return _t1;
			}





                                                                                                                                                                    0x00410f62
                                                                                                                                                                    0x00410f6c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00410f6c
                                                                                                                                                                    0x00410f72

                                                                                                                                                                    APIs
                                                                                                                                                                    • VirtualFree.KERNELBASE(?,00000000,00008000,0040664A,?,00406624), ref: 00410F6C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                    • Opcode ID: 1327e01bd96d07ee7a5a75ed87afd8ac78764046635013dfe708143c48cadece
                                                                                                                                                                    • Instruction ID: a132bef15ba7b425f1065e5a097c2bb543b957559febc4b94616fea76008790a
                                                                                                                                                                    • Opcode Fuzzy Hash: 1327e01bd96d07ee7a5a75ed87afd8ac78764046635013dfe708143c48cadece
                                                                                                                                                                    • Instruction Fuzzy Hash: 3BB0123424120031ED7807200C1AB5711005701701F10C1183102642C087D4B440450C
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 004180F0, Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                                                    			E004180F0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _t4;
				intOrPtr* _t7;
				_Unknown_base(*)()* _t11;
				void* _t14;
				struct HINSTANCE__* _t15;
				void* _t17;

				_t14 = 0;
				_t17 =  *0x423534 - _t14; // 0x0
				if(_t17 != 0) {
					L4:
					_t4 =  *0x423538; // 0x0
					if(_t4 != 0) {
						_t14 =  *_t4();
						if(_t14 != 0) {
							_t7 =  *0x42353c; // 0x0
							if(_t7 != 0) {
								_t14 =  *_t7(_t14);
							}
						}
					}
					return  *0x423534(_t14, _a4, _a8, _a12);
				}
				_t15 = LoadLibraryA("user32.dll");
				if(_t15 == 0) {
					L10:
					return 0;
				}
				_t11 = GetProcAddress(_t15, "MessageBoxA");
				 *0x423534 = _t11;
				if(_t11 == 0) {
					goto L10;
				} else {
					 *0x423538 = GetProcAddress(_t15, "GetActiveWindow");
					 *0x42353c = GetProcAddress(_t15, "GetLastActivePopup");
					goto L4;
				}
			}









                                                                                                                                                                    0x004180f1
                                                                                                                                                                    0x004180f3
                                                                                                                                                                    0x004180fb
                                                                                                                                                                    0x0041813f
                                                                                                                                                                    0x0041813f
                                                                                                                                                                    0x00418146
                                                                                                                                                                    0x0041814a
                                                                                                                                                                    0x0041814e
                                                                                                                                                                    0x00418150
                                                                                                                                                                    0x00418157
                                                                                                                                                                    0x0041815c
                                                                                                                                                                    0x0041815c
                                                                                                                                                                    0x00418157
                                                                                                                                                                    0x0041814e
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041816b
                                                                                                                                                                    0x00418108
                                                                                                                                                                    0x0041810c
                                                                                                                                                                    0x00418175
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00418175
                                                                                                                                                                    0x0041811a
                                                                                                                                                                    0x0041811e
                                                                                                                                                                    0x00418123
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00418125
                                                                                                                                                                    0x00418133
                                                                                                                                                                    0x0041813a
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041813a

                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,0041772A,?,Microsoft Visual C++ Runtime Library,00012010,?,0041BD34,?,0041BD84,?,?,?,Runtime Error!Program: ), ref: 00418102
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0041811A
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0041812B
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00418138
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                                                                                    • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                                                                    • API String ID: 2238633743-4044615076
                                                                                                                                                                    • Opcode ID: 595171f737e70550edc5abd38f068ead7bf618b78638dd3ba3c6e0fb0d2712e4
                                                                                                                                                                    • Instruction ID: 415fa372477fd235fe75ca2ef0ffa9dc0df8c28a9075a0eab2fce08d3bc4b09a
                                                                                                                                                                    • Opcode Fuzzy Hash: 595171f737e70550edc5abd38f068ead7bf618b78638dd3ba3c6e0fb0d2712e4
                                                                                                                                                                    • Instruction Fuzzy Hash: F5012572700241BF87219FB5AD849DBBAE9EB49751354443FB504C2220DB7CC9C39B69
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040E38E, Relevance: 1.7, APIs: 1, Instructions: 246COMMONCrypto
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 99%
                                                                                                                                                                    			E0040E38E(intOrPtr __ecx, signed int __edx) {
				signed int _t133;
				intOrPtr _t135;
				signed int _t136;
				signed int _t137;
				signed int _t148;
				intOrPtr _t159;
				signed int _t160;
				intOrPtr _t162;
				void* _t164;
				signed int _t167;
				intOrPtr _t175;
				signed int _t177;
				signed int _t183;
				intOrPtr _t184;
				intOrPtr _t185;
				intOrPtr _t201;
				signed int _t211;
				signed int _t214;
				signed int _t215;
				intOrPtr _t217;
				signed int _t218;
				void* _t219;
				void* _t220;
				void* _t221;
				signed int _t223;
				signed int _t225;
				void* _t226;

				_t211 = __edx;
				E00413724(E0041A478, _t226);
				_t175 = __ecx;
				 *((intOrPtr*)(_t226 - 0x14)) = __ecx;
				E00404349();
				_t223 =  *(_t226 + 8);
				E0040439A( *((intOrPtr*)(_t226 + 0xc)),  *(_t223 + 8));
				while(1) {
					_t133 = E0040D9CB( *((intOrPtr*)(_t175 + 0x18)), _t211);
					_t183 = _t211;
					 *(_t226 - 0x1c) = _t133;
					 *(_t226 - 0x18) = _t183;
					if(_t133 != 0xd) {
						goto L6;
					}
					L2:
					_t211 = 0;
					if(_t183 != 0) {
						L7:
						__eflags = _t133 - 0xa;
						if(_t133 != 0xa) {
							L9:
							__eflags = _t133 - 9;
							if(_t133 != 9) {
								L11:
								__eflags = _t133 | _t183;
								if((_t133 | _t183) == 0) {
									L13:
									_t135 =  *((intOrPtr*)(_t226 + 0xc));
									__eflags =  *((intOrPtr*)(_t135 + 8)) - _t211;
									if( *((intOrPtr*)(_t135 + 8)) != _t211) {
										L17:
										_t184 =  *((intOrPtr*)(_t226 + 0xc));
										_t214 = 0;
										 *(_t226 - 0x10) = 0;
										__eflags =  *((intOrPtr*)(_t184 + 8)) - _t211;
										if( *((intOrPtr*)(_t184 + 8)) <= _t211) {
											L27:
											__eflags =  *(_t226 - 0x1c) - 9;
											if( *(_t226 - 0x1c) == 9) {
												__eflags =  *(_t226 - 0x18) - _t211;
												if( *(_t226 - 0x18) == _t211) {
													_t160 = E0040D9CB( *((intOrPtr*)(_t175 + 0x18)), _t211);
													_t184 =  *((intOrPtr*)(_t226 + 0xc));
													 *(_t226 - 0x18) = _t211;
													 *(_t226 - 0x1c) = _t160;
													_t211 = 0;
													__eflags = 0;
												}
											}
											_t215 =  *(_t223 + 8);
											 *(_t226 - 0x10) = _t211;
											__eflags = _t215 - _t211;
											 *(_t226 + 8) = _t211;
											if(_t215 <= _t211) {
												L37:
												_t136 =  *(_t226 - 0x1c);
												__eflags = _t136 - 0xa;
												if(_t136 != 0xa) {
													L48:
													_t137 = _t136 |  *(_t226 - 0x18);
													__eflags = _t137;
													if(_t137 == 0) {
														_t185 =  *((intOrPtr*)(_t226 + 0x14));
														__eflags =  *((intOrPtr*)(_t185 + 8)) - _t211;
														if( *((intOrPtr*)(_t185 + 8)) != _t211) {
															L54:
															 *[fs:0x0] =  *((intOrPtr*)(_t226 - 0xc));
															return _t137;
														}
														E0040D7D0(_t185,  *(_t226 + 8));
														_t137 = E00404349();
														_t225 =  *(_t226 + 8);
														__eflags = _t225;
														if(_t225 <= 0) {
															goto L54;
														} else {
															goto L53;
														}
														do {
															L53:
															_t137 = E0040A528( *((intOrPtr*)(_t226 + 0x18)), 0);
															_t225 = _t225 - 1;
															__eflags = _t225;
														} while (_t225 != 0);
														goto L54;
													}
													E0040D9B8( *((intOrPtr*)(_t175 + 0x18)), _t211);
													L50:
													 *(_t226 - 0x1c) = E0040D9CB( *((intOrPtr*)(_t175 + 0x18)), _t211);
													 *(_t226 - 0x18) = _t211;
													goto L36;
												}
												__eflags =  *(_t226 - 0x18) - _t211;
												if(__eflags != 0) {
													goto L48;
												}
												 *(_t226 - 0x48) = _t211;
												 *(_t226 - 0x44) = _t211;
												 *(_t226 - 0x40) = _t211;
												 *((intOrPtr*)(_t226 - 0x3c)) = 1;
												 *((intOrPtr*)(_t226 - 0x4c)) = 0x41b754;
												 *(_t226 - 4) = _t211;
												 *(_t226 - 0x34) = _t211;
												 *(_t226 - 0x30) = _t211;
												 *(_t226 - 0x2c) = _t211;
												 *((intOrPtr*)(_t226 - 0x28)) = 4;
												 *((intOrPtr*)(_t226 - 0x38)) = 0x41b68c;
												 *(_t226 - 4) = 1;
												E0040E028(_t175, __eflags,  *(_t226 - 0x10), _t226 - 0x4c, _t226 - 0x38);
												_t177 = 0;
												__eflags =  *(_t223 + 8);
												 *(_t226 + 0x10) = 0;
												if( *(_t223 + 8) <= 0) {
													L47:
													 *(_t226 - 4) =  *(_t226 - 4) & 0x00000000;
													E00404320(_t226 - 0x38);
													 *(_t226 - 4) =  *(_t226 - 4) | 0xffffffff;
													E00404320(_t226 - 0x4c);
													_t175 =  *((intOrPtr*)(_t226 - 0x14));
													goto L50;
												} else {
													goto L40;
												}
												do {
													L40:
													_t217 =  *((intOrPtr*)( *((intOrPtr*)(_t223 + 0xc)) + _t177 * 4));
													_t148 =  *( *((intOrPtr*)( *((intOrPtr*)(_t226 + 0xc)) + 0xc)) + _t177 * 4);
													__eflags = _t148 - 1;
													if(_t148 != 1) {
														L43:
														__eflags = _t148;
														if(_t148 <= 0) {
															goto L46;
														}
														_t218 = _t148;
														do {
															E0040C1D9( *((intOrPtr*)(_t226 + 0x14)),  *((intOrPtr*)( *(_t226 - 0x40) +  *(_t226 + 0x10))));
															E0040A528( *((intOrPtr*)(_t226 + 0x18)),  *((intOrPtr*)( *(_t226 - 0x2c) +  *(_t226 + 0x10) * 4)));
															 *(_t226 + 0x10) =  *(_t226 + 0x10) + 1;
															_t218 = _t218 - 1;
															__eflags = _t218;
														} while (_t218 != 0);
														goto L46;
													}
													__eflags =  *((char*)(_t217 + 0x54));
													if( *((char*)(_t217 + 0x54)) == 0) {
														goto L43;
													}
													E0040C1D9( *((intOrPtr*)(_t226 + 0x14)), _t148);
													E0040A528( *((intOrPtr*)(_t226 + 0x18)),  *((intOrPtr*)(_t217 + 0x50)));
													L46:
													_t177 = _t177 + 1;
													__eflags = _t177 -  *(_t223 + 8);
												} while (_t177 <  *(_t223 + 8));
												goto L47;
											} else {
												 *(_t226 + 0x10) =  *(_t184 + 0xc);
												do {
													_t201 =  *((intOrPtr*)( *(_t226 + 0x10) + _t211 * 4));
													__eflags = _t201 - 1;
													if(_t201 != 1) {
														L34:
														_t64 = _t226 - 0x10;
														 *_t64 =  *(_t226 - 0x10) + _t201;
														__eflags =  *_t64;
														goto L35;
													}
													_t159 =  *((intOrPtr*)( *((intOrPtr*)(_t223 + 0xc)) + _t211 * 4));
													__eflags =  *((char*)(_t159 + 0x54));
													if( *((char*)(_t159 + 0x54)) != 0) {
														goto L35;
													}
													goto L34;
													L35:
													 *(_t226 + 8) =  *(_t226 + 8) + _t201;
													_t211 = _t211 + 1;
													__eflags = _t211 - _t215;
												} while (_t211 < _t215);
												L36:
												_t211 = 0;
												__eflags = 0;
												goto L37;
											}
										} else {
											goto L18;
										}
										do {
											L18:
											_t162 =  *((intOrPtr*)( *(_t184 + 0xc) + _t214 * 4));
											__eflags = _t162 - _t211;
											if(_t162 == _t211) {
												goto L26;
											}
											__eflags = _t162 - 1;
											 *(_t226 - 0x24) = _t211;
											 *(_t226 - 0x20) = _t211;
											if(_t162 <= 1) {
												L25:
												_t164 = E0040C047( *((intOrPtr*)( *((intOrPtr*)(_t223 + 0xc)) + _t214 * 4)));
												asm("sbb edx, [ebp-0x20]");
												E00409898( *(_t226 + 0x10), _t164 -  *(_t226 - 0x24), _t211);
												_t184 =  *((intOrPtr*)(_t226 + 0xc));
												_t211 = 0;
												__eflags = 0;
												goto L26;
											}
											_t167 = _t162 - 1;
											__eflags = _t167;
											 *(_t226 + 8) = _t167;
											do {
												__eflags =  *(_t226 - 0x1c) - 9;
												if( *(_t226 - 0x1c) == 9) {
													__eflags =  *(_t226 - 0x18) - _t211;
													if( *(_t226 - 0x18) == _t211) {
														_t219 = E0040D9CB( *((intOrPtr*)(_t175 + 0x18)), _t211);
														E00409898( *(_t226 + 0x10), _t219, _t211);
														 *(_t226 - 0x24) =  *(_t226 - 0x24) + _t219;
														_t214 =  *(_t226 - 0x10);
														asm("adc [ebp-0x20], ebx");
														_t175 =  *((intOrPtr*)(_t226 - 0x14));
														_t211 = 0;
														__eflags = 0;
													}
												}
												_t36 = _t226 + 8;
												 *_t36 =  *(_t226 + 8) - 1;
												__eflags =  *_t36;
											} while ( *_t36 != 0);
											goto L25;
											L26:
											_t214 = _t214 + 1;
											__eflags = _t214 -  *((intOrPtr*)(_t184 + 8));
											 *(_t226 - 0x10) = _t214;
										} while (_t214 <  *((intOrPtr*)(_t184 + 8)));
										goto L27;
									}
									_t220 = 0;
									__eflags =  *(_t223 + 8) - _t211;
									if( *(_t223 + 8) <= _t211) {
										goto L17;
									} else {
										goto L15;
									}
									do {
										L15:
										E0040A528( *((intOrPtr*)(_t226 + 0xc)), 1);
										_t220 = _t220 + 1;
										__eflags = _t220 -  *(_t223 + 8);
									} while (_t220 <  *(_t223 + 8));
									_t211 = 0;
									__eflags = 0;
									goto L17;
								}
								E0040D9B8( *((intOrPtr*)(_t175 + 0x18)), _t211);
								while(1) {
									_t133 = E0040D9CB( *((intOrPtr*)(_t175 + 0x18)), _t211);
									_t183 = _t211;
									 *(_t226 - 0x1c) = _t133;
									 *(_t226 - 0x18) = _t183;
									if(_t133 != 0xd) {
										goto L6;
									}
									goto L2;
								}
								goto L6;
							}
							__eflags = _t183 - _t211;
							if(_t183 == _t211) {
								goto L13;
							}
							goto L11;
						}
						__eflags = _t183 - _t211;
						if(_t183 == _t211) {
							goto L13;
						}
						goto L9;
					}
					_t221 = 0;
					if( *(_t223 + 8) <= 0) {
						continue;
					} else {
						goto L4;
					}
					do {
						L4:
						E0040A528( *((intOrPtr*)(_t226 + 0xc)), E0040DA67(0));
						_t221 = _t221 + 1;
					} while (_t221 <  *(_t223 + 8));
					continue;
					L6:
					_t211 = 0;
					__eflags = 0;
					goto L7;
				}
			}






























                                                                                                                                                                    0x0040e38e
                                                                                                                                                                    0x0040e393
                                                                                                                                                                    0x0040e39c
                                                                                                                                                                    0x0040e3a3
                                                                                                                                                                    0x0040e3a6
                                                                                                                                                                    0x0040e3ab
                                                                                                                                                                    0x0040e3b4
                                                                                                                                                                    0x0040e3b9
                                                                                                                                                                    0x0040e3bc
                                                                                                                                                                    0x0040e3c1
                                                                                                                                                                    0x0040e3c6
                                                                                                                                                                    0x0040e3c9
                                                                                                                                                                    0x0040e3cc
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e3ce
                                                                                                                                                                    0x0040e3ce
                                                                                                                                                                    0x0040e3d2
                                                                                                                                                                    0x0040e3f6
                                                                                                                                                                    0x0040e3f6
                                                                                                                                                                    0x0040e3f9
                                                                                                                                                                    0x0040e3ff
                                                                                                                                                                    0x0040e3ff
                                                                                                                                                                    0x0040e402
                                                                                                                                                                    0x0040e408
                                                                                                                                                                    0x0040e408
                                                                                                                                                                    0x0040e40a
                                                                                                                                                                    0x0040e416
                                                                                                                                                                    0x0040e416
                                                                                                                                                                    0x0040e419
                                                                                                                                                                    0x0040e41c
                                                                                                                                                                    0x0040e437
                                                                                                                                                                    0x0040e437
                                                                                                                                                                    0x0040e43a
                                                                                                                                                                    0x0040e43c
                                                                                                                                                                    0x0040e43f
                                                                                                                                                                    0x0040e442
                                                                                                                                                                    0x0040e4ba
                                                                                                                                                                    0x0040e4ba
                                                                                                                                                                    0x0040e4be
                                                                                                                                                                    0x0040e4c0
                                                                                                                                                                    0x0040e4c3
                                                                                                                                                                    0x0040e4c8
                                                                                                                                                                    0x0040e4cd
                                                                                                                                                                    0x0040e4d0
                                                                                                                                                                    0x0040e4d3
                                                                                                                                                                    0x0040e4d6
                                                                                                                                                                    0x0040e4d6
                                                                                                                                                                    0x0040e4d6
                                                                                                                                                                    0x0040e4c3
                                                                                                                                                                    0x0040e4d8
                                                                                                                                                                    0x0040e4db
                                                                                                                                                                    0x0040e4de
                                                                                                                                                                    0x0040e4e0
                                                                                                                                                                    0x0040e4e3
                                                                                                                                                                    0x0040e50f
                                                                                                                                                                    0x0040e50f
                                                                                                                                                                    0x0040e512
                                                                                                                                                                    0x0040e515
                                                                                                                                                                    0x0040e5f7
                                                                                                                                                                    0x0040e5f7
                                                                                                                                                                    0x0040e5f7
                                                                                                                                                                    0x0040e5fa
                                                                                                                                                                    0x0040e617
                                                                                                                                                                    0x0040e61a
                                                                                                                                                                    0x0040e61d
                                                                                                                                                                    0x0040e643
                                                                                                                                                                    0x0040e649
                                                                                                                                                                    0x0040e651
                                                                                                                                                                    0x0040e651
                                                                                                                                                                    0x0040e622
                                                                                                                                                                    0x0040e62a
                                                                                                                                                                    0x0040e62f
                                                                                                                                                                    0x0040e632
                                                                                                                                                                    0x0040e634
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e636
                                                                                                                                                                    0x0040e636
                                                                                                                                                                    0x0040e63b
                                                                                                                                                                    0x0040e640
                                                                                                                                                                    0x0040e640
                                                                                                                                                                    0x0040e640
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e636
                                                                                                                                                                    0x0040e5ff
                                                                                                                                                                    0x0040e604
                                                                                                                                                                    0x0040e60c
                                                                                                                                                                    0x0040e60f
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e60f
                                                                                                                                                                    0x0040e51b
                                                                                                                                                                    0x0040e51e
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e524
                                                                                                                                                                    0x0040e527
                                                                                                                                                                    0x0040e52a
                                                                                                                                                                    0x0040e52d
                                                                                                                                                                    0x0040e534
                                                                                                                                                                    0x0040e53b
                                                                                                                                                                    0x0040e53e
                                                                                                                                                                    0x0040e541
                                                                                                                                                                    0x0040e544
                                                                                                                                                                    0x0040e547
                                                                                                                                                                    0x0040e54e
                                                                                                                                                                    0x0040e55f
                                                                                                                                                                    0x0040e566
                                                                                                                                                                    0x0040e56b
                                                                                                                                                                    0x0040e56d
                                                                                                                                                                    0x0040e570
                                                                                                                                                                    0x0040e573
                                                                                                                                                                    0x0040e5da
                                                                                                                                                                    0x0040e5da
                                                                                                                                                                    0x0040e5e1
                                                                                                                                                                    0x0040e5e6
                                                                                                                                                                    0x0040e5ed
                                                                                                                                                                    0x0040e5f2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e575
                                                                                                                                                                    0x0040e575
                                                                                                                                                                    0x0040e57e
                                                                                                                                                                    0x0040e581
                                                                                                                                                                    0x0040e584
                                                                                                                                                                    0x0040e587
                                                                                                                                                                    0x0040e5a5
                                                                                                                                                                    0x0040e5a5
                                                                                                                                                                    0x0040e5a7
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e5a9
                                                                                                                                                                    0x0040e5ab
                                                                                                                                                                    0x0040e5b8
                                                                                                                                                                    0x0040e5c9
                                                                                                                                                                    0x0040e5ce
                                                                                                                                                                    0x0040e5d1
                                                                                                                                                                    0x0040e5d1
                                                                                                                                                                    0x0040e5d1
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e5ab
                                                                                                                                                                    0x0040e589
                                                                                                                                                                    0x0040e58d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e593
                                                                                                                                                                    0x0040e59e
                                                                                                                                                                    0x0040e5d4
                                                                                                                                                                    0x0040e5d4
                                                                                                                                                                    0x0040e5d5
                                                                                                                                                                    0x0040e5d5
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e4e5
                                                                                                                                                                    0x0040e4e8
                                                                                                                                                                    0x0040e4eb
                                                                                                                                                                    0x0040e4ee
                                                                                                                                                                    0x0040e4f1
                                                                                                                                                                    0x0040e4f4
                                                                                                                                                                    0x0040e502
                                                                                                                                                                    0x0040e502
                                                                                                                                                                    0x0040e502
                                                                                                                                                                    0x0040e502
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e502
                                                                                                                                                                    0x0040e4f9
                                                                                                                                                                    0x0040e4fc
                                                                                                                                                                    0x0040e500
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e505
                                                                                                                                                                    0x0040e505
                                                                                                                                                                    0x0040e508
                                                                                                                                                                    0x0040e509
                                                                                                                                                                    0x0040e509
                                                                                                                                                                    0x0040e50d
                                                                                                                                                                    0x0040e50d
                                                                                                                                                                    0x0040e50d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e50d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e444
                                                                                                                                                                    0x0040e444
                                                                                                                                                                    0x0040e447
                                                                                                                                                                    0x0040e44a
                                                                                                                                                                    0x0040e44c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e44e
                                                                                                                                                                    0x0040e451
                                                                                                                                                                    0x0040e454
                                                                                                                                                                    0x0040e457
                                                                                                                                                                    0x0040e491
                                                                                                                                                                    0x0040e497
                                                                                                                                                                    0x0040e4a2
                                                                                                                                                                    0x0040e4a7
                                                                                                                                                                    0x0040e4ac
                                                                                                                                                                    0x0040e4af
                                                                                                                                                                    0x0040e4af
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e4af
                                                                                                                                                                    0x0040e459
                                                                                                                                                                    0x0040e459
                                                                                                                                                                    0x0040e45a
                                                                                                                                                                    0x0040e45d
                                                                                                                                                                    0x0040e45d
                                                                                                                                                                    0x0040e461
                                                                                                                                                                    0x0040e463
                                                                                                                                                                    0x0040e466
                                                                                                                                                                    0x0040e475
                                                                                                                                                                    0x0040e479
                                                                                                                                                                    0x0040e47e
                                                                                                                                                                    0x0040e481
                                                                                                                                                                    0x0040e484
                                                                                                                                                                    0x0040e487
                                                                                                                                                                    0x0040e48a
                                                                                                                                                                    0x0040e48a
                                                                                                                                                                    0x0040e48a
                                                                                                                                                                    0x0040e466
                                                                                                                                                                    0x0040e48c
                                                                                                                                                                    0x0040e48c
                                                                                                                                                                    0x0040e48c
                                                                                                                                                                    0x0040e48c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e4b1
                                                                                                                                                                    0x0040e4b1
                                                                                                                                                                    0x0040e4b2
                                                                                                                                                                    0x0040e4b5
                                                                                                                                                                    0x0040e4b5
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e444
                                                                                                                                                                    0x0040e41e
                                                                                                                                                                    0x0040e420
                                                                                                                                                                    0x0040e423
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e425
                                                                                                                                                                    0x0040e425
                                                                                                                                                                    0x0040e42a
                                                                                                                                                                    0x0040e42f
                                                                                                                                                                    0x0040e430
                                                                                                                                                                    0x0040e430
                                                                                                                                                                    0x0040e435
                                                                                                                                                                    0x0040e435
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e435
                                                                                                                                                                    0x0040e40f
                                                                                                                                                                    0x0040e3b9
                                                                                                                                                                    0x0040e3bc
                                                                                                                                                                    0x0040e3c1
                                                                                                                                                                    0x0040e3c6
                                                                                                                                                                    0x0040e3c9
                                                                                                                                                                    0x0040e3cc
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e3cc
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e3b9
                                                                                                                                                                    0x0040e404
                                                                                                                                                                    0x0040e406
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e406
                                                                                                                                                                    0x0040e3fb
                                                                                                                                                                    0x0040e3fd
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e3fd
                                                                                                                                                                    0x0040e3d4
                                                                                                                                                                    0x0040e3d9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e3db
                                                                                                                                                                    0x0040e3db
                                                                                                                                                                    0x0040e3e7
                                                                                                                                                                    0x0040e3ec
                                                                                                                                                                    0x0040e3ed
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e3f4
                                                                                                                                                                    0x0040e3f4
                                                                                                                                                                    0x0040e3f4
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040e3f4

                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                    • Opcode ID: ef3f0dd97c369c2370b5d413364e2112772f158c67037ae1847bc74799d93c78
                                                                                                                                                                    • Instruction ID: 6f1b27b05ce828494dcdc0ca2a3df983f9883c238a6bb878f092976797e95433
                                                                                                                                                                    • Opcode Fuzzy Hash: ef3f0dd97c369c2370b5d413364e2112772f158c67037ae1847bc74799d93c78
                                                                                                                                                                    • Instruction Fuzzy Hash: 68A1EB70E002099BCB18DF96C8919AEB7B2FF94318F14883FE915A7391D738AD52CB55
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0041562C, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32 ref: 00415631
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                    • Opcode ID: 80fdf592cfe35f6ca0a49e156fc06359dfcc477da488757324292bdf2a3d88f1
                                                                                                                                                                    • Instruction ID: 3aa75b883a8314cf8793ebdd48d7cbf343a2d53b1036c531b3b3a2656884bc9f
                                                                                                                                                                    • Opcode Fuzzy Hash: 80fdf592cfe35f6ca0a49e156fc06359dfcc477da488757324292bdf2a3d88f1
                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00412480, Relevance: .5, Instructions: 481COMMONCrypto
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00412480(void* __eax, signed int* __ecx) {
				intOrPtr _t149;
				unsigned int _t153;
				signed int _t157;
				signed int _t158;
				intOrPtr _t159;
				signed int _t160;
				signed int _t161;
				signed char* _t162;
				signed int _t164;
				intOrPtr _t167;
				signed int _t168;
				signed char* _t169;
				signed int _t171;
				signed char* _t179;
				signed int _t190;
				signed int _t192;
				signed int _t196;
				signed char* _t197;
				signed char* _t199;
				signed int _t204;
				signed short* _t205;
				void* _t206;
				signed int _t207;
				signed int _t215;
				signed int _t216;
				signed char* _t225;
				signed int _t228;
				signed int _t232;
				signed int _t235;
				signed int _t238;
				signed int _t241;
				signed int _t244;
				signed int _t247;
				signed char _t251;
				void* _t252;
				signed int _t265;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				signed int _t278;
				signed char* _t279;
				signed int _t281;
				signed int _t283;
				signed int _t284;
				signed int _t285;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t289;
				signed int _t290;
				unsigned int _t291;
				signed int* _t292;
				intOrPtr _t293;
				signed char* _t294;
				signed short* _t296;
				signed int _t297;
				signed int _t298;
				signed int _t300;
				signed int _t301;
				signed int _t310;
				signed int _t314;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t325;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				signed char* _t344;
				void* _t351;

				_t292 = __ecx;
				_t340 =  *(__ecx + 0x34);
				_t283 =  *(__ecx + 0x1c);
				_t321 =  *(__ecx + 0x20);
				_t149 =  *((intOrPtr*)(__ecx + 0x10));
				 *(_t351 + 0x10) =  &(( *(_t351 + 0x28))[__eax]);
				 *((intOrPtr*)(_t351 + 0x14)) = _t149;
				_t204 = (0x00000001 <<  *(__ecx + 8)) - 0x00000001 &  *(__ecx + 0x2c);
				 *(_t351 + 0x18) =  *(_t149 + ((_t340 << 4) + 1) * 2) & 0x0000ffff;
				if(_t283 >= 0x1000000) {
					L4:
					_t153 = (_t283 >> 0xb) *  *(_t351 + 0x18);
					if(_t321 >= _t153) {
						_t293 =  *((intOrPtr*)(_t351 + 0x14));
						_t225 =  *(_t351 + 0x28);
						_t284 = _t283 - _t153;
						_t322 = _t321 - _t153;
						 *(_t351 + 0x18) =  *(_t293 + 0x180 + _t340 * 2) & 0x0000ffff;
						if(_t284 >= 0x1000000) {
							L39:
							_t157 = (_t284 >> 0xb) *  *(_t351 + 0x18);
							if(_t322 >= _t157) {
								_t285 = _t284 - _t157;
								_t323 = _t322 - _t157;
								_t158 =  *(_t293 + 0x198 + _t340 * 2) & 0x0000ffff;
								 *(_t351 + 0x1c) = 3;
								if(_t285 >= 0x1000000) {
									L44:
									_t228 = (_t285 >> 0xb) * _t158;
									_t159 =  *((intOrPtr*)(_t351 + 0x14));
									if(_t323 >= _t228) {
										_t294 =  *(_t351 + 0x28);
										_t286 = _t285 - _t228;
										_t324 = _t323 - _t228;
										 *(_t351 + 0x18) =  *(_t159 + 0x1b0 + _t340 * 2) & 0x0000ffff;
										if(_t286 >= 0x1000000) {
											L55:
											_t232 = (_t286 >> 0xb) *  *(_t351 + 0x18);
											if(_t324 >= _t232) {
												_t160 =  *(_t159 + 0x1c8 + _t340 * 2) & 0x0000ffff;
												_t287 = _t286 - _t232;
												_t323 = _t324 - _t232;
												if(_t287 >= 0x1000000) {
													L60:
													_t235 = (_t287 >> 0xb) * _t160;
													if(_t323 >= _t235) {
														goto L62;
													} else {
														_t288 = _t235;
													}
													goto L63;
												} else {
													if(_t294 >=  *(_t351 + 0x10)) {
														goto L2;
													} else {
														_t287 = _t287 << 8;
														_t323 = _t323 << 0x00000008 |  *_t294 & 0x000000ff;
														 *(_t351 + 0x28) =  &(_t294[1]);
														goto L60;
													}
												}
											} else {
												_t288 = _t232;
												goto L63;
											}
										} else {
											if(_t294 >=  *(_t351 + 0x10)) {
												goto L2;
											} else {
												_t286 = _t286 << 8;
												_t324 = _t324 << 0x00000008 |  *_t294 & 0x000000ff;
												_t294 =  &(_t294[1]);
												 *(_t351 + 0x28) = _t294;
												goto L55;
											}
										}
									} else {
										_t314 =  *(_t159 + ((_t340 + 0xf << 4) + _t204) * 2) & 0x0000ffff;
										_t179 =  *(_t351 + 0x28);
										_t287 = _t228;
										if(_t228 >= 0x1000000) {
											L48:
											_t235 = (_t287 >> 0xb) * _t314;
											if(_t323 >= _t235) {
												L62:
												_t288 = _t287 - _t235;
												_t323 = _t323 - _t235;
												L63:
												_t225 =  *(_t351 + 0x28);
												 *(_t351 + 0x20) = 0xc;
												_t296 =  *((intOrPtr*)(_t351 + 0x14)) + 0xa68;
												goto L64;
											} else {
												if(_t235 >= 0x1000000 || _t179 <  *(_t351 + 0x10)) {
													return 3;
												} else {
													goto L2;
												}
											}
										} else {
											if(_t179 >=  *(_t351 + 0x10)) {
												goto L2;
											} else {
												_t287 = _t228 << 8;
												_t323 = _t323 << 0x00000008 |  *_t179 & 0x000000ff;
												_t179 =  &(_t179[1]);
												 *(_t351 + 0x28) = _t179;
												goto L48;
											}
										}
									}
								} else {
									if(_t225 >=  *(_t351 + 0x10)) {
										goto L2;
									} else {
										_t285 = _t285 << 8;
										_t323 = _t323 << 0x00000008 |  *_t225 & 0x000000ff;
										 *(_t351 + 0x28) =  &(_t225[1]);
										goto L44;
									}
								}
							} else {
								_t288 = _t157;
								 *(_t351 + 0x20) = 0;
								_t296 = _t293 + 0x664;
								 *(_t351 + 0x1c) = 2;
								L64:
								_t161 =  *_t296 & 0x0000ffff;
								if(_t288 >= 0x1000000) {
									L67:
									_t238 = (_t288 >> 0xb) * _t161;
									_t162 =  *(_t351 + 0x28);
									if(_t323 >= _t238) {
										_t341 = _t296[1] & 0x0000ffff;
										_t289 = _t288 - _t238;
										_t325 = _t323 - _t238;
										if(_t289 >= 0x1000000) {
											L72:
											_t241 = (_t289 >> 0xb) * _t341;
											if(_t325 >= _t241) {
												_t290 = _t289 - _t241;
												_t325 = _t325 - _t241;
												_t205 =  &(_t296[0x102]);
												_t342 = 0x10;
												 *(_t351 + 0x18) = 0x100;
											} else {
												_t342 = 8;
												_t290 = _t241;
												_t205 = _t296 + 0x104 + (_t204 + _t204) * 8;
												 *(_t351 + 0x18) = 8;
											}
											goto L75;
										} else {
											if(_t162 >=  *(_t351 + 0x10)) {
												goto L2;
											} else {
												_t289 = _t289 << 8;
												_t325 = _t325 << 0x00000008 |  *_t162 & 0x000000ff;
												_t162 =  &(_t162[1]);
												 *(_t351 + 0x28) = _t162;
												goto L72;
											}
										}
									} else {
										_t290 = _t238;
										_t205 = _t296 + 4 + (_t204 + _t204) * 8;
										_t342 = 0;
										 *(_t351 + 0x18) = 8;
										L75:
										_t297 = 1;
										L76:
										while(1) {
											if(_t290 >= 0x1000000) {
												L79:
												_t244 = (_t290 >> 0xb) * (_t205[_t297] & 0x0000ffff);
												if(_t325 >= _t244) {
													_t290 = _t290 - _t244;
													_t325 = _t325 - _t244;
													_t297 = _t297 + _t297 + 1;
												} else {
													_t290 = _t244;
													_t297 = _t297 + _t297;
												}
												_t164 =  *(_t351 + 0x18);
												if(_t297 >= _t164) {
													_t298 = _t297 + _t342 - _t164;
													if( *(_t351 + 0x20) >= 4) {
														goto L20;
													} else {
														if(_t298 >= 4) {
															_t298 = 3;
														}
														_t167 =  *((intOrPtr*)(_t351 + 0x14));
														_t344 =  *(_t351 + 0x28);
														_t128 = _t167 + 0x360; // 0x363
														_t206 = (_t298 << 7) + _t128;
														_t300 = 1;
														do {
															_t168 =  *(_t206 + _t300 * 2) & 0x0000ffff;
															if(_t290 >= 0x1000000) {
																goto L91;
															} else {
																if(_t344 >=  *(_t351 + 0x10)) {
																	goto L2;
																} else {
																	_t290 = _t290 << 8;
																	_t325 = _t325 << 0x00000008 |  *_t344 & 0x000000ff;
																	_t344 =  &(_t344[1]);
																	goto L91;
																}
															}
															goto L113;
															L91:
															_t247 = (_t290 >> 0xb) * _t168;
															if(_t325 >= _t247) {
																_t290 = _t290 - _t247;
																_t325 = _t325 - _t247;
																_t300 = _t300 + _t300 + 1;
															} else {
																_t290 = _t247;
																_t300 = _t300 + _t300;
															}
														} while (_t300 < 0x40);
														_t301 = _t300 - 0x40;
														if(_t301 < 4) {
															goto L21;
														} else {
															_t251 = (_t301 >> 1) - 1;
															if(_t301 >= 0xe) {
																_t169 =  *(_t351 + 0x10);
																_t252 = _t251 - 4;
																do {
																	if(_t290 >= 0x1000000) {
																		goto L102;
																	} else {
																		if(_t344 >= _t169) {
																			goto L2;
																		} else {
																			_t290 = _t290 << 8;
																			_t325 = _t325 << 0x00000008 |  *_t344 & 0x000000ff;
																			_t344 =  &(_t344[1]);
																			goto L102;
																		}
																	}
																	goto L113;
																	L102:
																	_t290 = _t290 >> 1;
																	_t325 = _t325 - ((_t325 - _t290 >> 0x0000001f) - 0x00000001 & _t290);
																	_t252 = _t252 - 1;
																} while (_t252 != 0);
																 *((intOrPtr*)(_t351 + 0x14)) =  *((intOrPtr*)(_t351 + 0x14)) + 0x644;
																_t251 = 4;
																goto L104;
															} else {
																 *((intOrPtr*)(_t351 + 0x14)) =  *((intOrPtr*)(_t351 + 0x14)) + 0x55e + (((_t301 & 0x00000001 | 0x00000002) << _t251) - _t301) * 2;
																L104:
																_t207 = 1;
																do {
																	_t171 =  *( *((intOrPtr*)(_t351 + 0x14)) + _t207 * 2) & 0x0000ffff;
																	if(_t290 >= 0x1000000) {
																		goto L108;
																	} else {
																		if(_t344 >=  *(_t351 + 0x10)) {
																			goto L2;
																		} else {
																			_t290 = _t290 << 8;
																			_t325 = _t325 << 0x00000008 |  *_t344 & 0x000000ff;
																			_t344 =  &(_t344[1]);
																			goto L108;
																		}
																	}
																	goto L113;
																	L108:
																	_t310 = (_t290 >> 0xb) * _t171;
																	if(_t325 >= _t310) {
																		_t290 = _t290 - _t310;
																		_t325 = _t325 - _t310;
																		_t207 = _t207 + _t207 + 1;
																	} else {
																		_t290 = _t310;
																		_t207 = _t207 + _t207;
																	}
																	_t251 = _t251 - 1;
																} while (_t251 != 0);
																goto L21;
															}
														}
													}
												} else {
													_t162 =  *(_t351 + 0x28);
													continue;
												}
											} else {
												if(_t162 >=  *(_t351 + 0x10)) {
													goto L2;
												} else {
													_t290 = _t290 << 8;
													_t325 = _t325 << 0x00000008 |  *_t162 & 0x000000ff;
													 *(_t351 + 0x28) =  &(_t162[1]);
													goto L79;
												}
											}
											goto L113;
										}
									}
								} else {
									if(_t225 >=  *(_t351 + 0x10)) {
										goto L2;
									} else {
										_t288 = _t288 << 8;
										_t323 = _t323 << 0x00000008 |  *_t225 & 0x000000ff;
										 *(_t351 + 0x28) =  &(_t225[1]);
										goto L67;
									}
								}
							}
						} else {
							if(_t225 >=  *(_t351 + 0x10)) {
								goto L2;
							} else {
								_t284 = _t284 << 8;
								_t322 = _t322 << 0x00000008 |  *_t225 & 0x000000ff;
								_t225 =  &(_t225[1]);
								 *(_t351 + 0x28) = _t225;
								goto L39;
							}
						}
					} else {
						_t291 = _t153;
						 *((intOrPtr*)(_t351 + 0x14)) =  *((intOrPtr*)(_t351 + 0x14)) + 0xe6c;
						if(_t292[0xc] != 0 || _t292[0xb] != 0) {
							_t265 = _t292[9];
							if(_t265 == 0) {
								_t265 = _t292[0xa];
							}
							 *((intOrPtr*)(_t351 + 0x14)) =  *((intOrPtr*)(_t351 + 0x14)) + ((( *(_t292[5] + _t265 - 1) & 0x000000ff) >> 8 -  *_t292) + (((0x00000001 << _t292[1]) - 0x00000001 & _t292[0xb]) <<  *_t292)) * 0x600;
						}
						if(_t340 >= 7) {
							_t270 = _t292[9];
							_t215 = _t292[0xe];
							if(_t270 >= _t215) {
								_t190 = 0;
							} else {
								_t190 = _t292[0xa];
							}
							_t271 =  *(_t292[5] - _t215 + _t270 + _t190) & 0x000000ff;
							_t216 = 0x100;
							_t319 = 1;
							while(1) {
								_t272 = _t271 + _t271;
								_t192 = _t216 & _t272;
								 *(_t351 + 0x20) = _t272;
								 *(_t351 + 0x18) =  *( *((intOrPtr*)(_t351 + 0x14)) + (_t192 + _t319 + _t216) * 2) & 0x0000ffff;
								if(_t291 >= 0x1000000) {
									goto L31;
								}
								_t279 =  *(_t351 + 0x28);
								if(_t279 >=  *(_t351 + 0x10)) {
									goto L2;
								} else {
									_t291 = _t291 << 8;
									_t321 = _t321 << 0x00000008 |  *_t279 & 0x000000ff;
									 *(_t351 + 0x28) =  &(_t279[1]);
									goto L31;
								}
								goto L113;
								L31:
								_t278 = (_t291 >> 0xb) *  *(_t351 + 0x18);
								if(_t321 >= _t278) {
									_t290 = _t291 - _t278;
									_t321 = _t321 - _t278;
									_t319 = _t319 + _t319 + 1;
								} else {
									_t290 = _t278;
									_t319 = _t319 + _t319;
									_t192 =  !_t192;
								}
								_t216 = _t216 & _t192;
								if(_t319 >= 0x100) {
									goto L19;
								} else {
									_t271 =  *(_t351 + 0x20);
									continue;
								}
								goto L113;
							}
						} else {
							_t281 = 1;
							do {
								_t320 =  *( *((intOrPtr*)(_t351 + 0x14)) + _t281 * 2) & 0x0000ffff;
								if(_t291 >= 0x1000000) {
									goto L15;
								} else {
									_t197 =  *(_t351 + 0x28);
									if(_t197 >=  *(_t351 + 0x10)) {
										goto L2;
									} else {
										_t291 = _t291 << 8;
										_t321 = _t321 << 0x00000008 |  *_t197 & 0x000000ff;
										 *(_t351 + 0x28) =  &(_t197[1]);
										goto L15;
									}
								}
								goto L113;
								L15:
								_t196 = (_t291 >> 0xb) * _t320;
								if(_t321 >= _t196) {
									_t291 = _t291 - _t196;
									_t321 = _t321 - _t196;
									_t281 = _t281 + _t281 + 1;
								} else {
									_t291 = _t196;
									_t281 = _t281 + _t281;
								}
							} while (_t281 < 0x100);
							L19:
							 *(_t351 + 0x1c) = 1;
							L20:
							_t344 =  *(_t351 + 0x28);
							L21:
							if(_t290 >= 0x1000000 || _t344 <  *(_t351 + 0x10)) {
								return  *(_t351 + 0x1c);
							} else {
								goto L2;
							}
						}
					}
				} else {
					_t199 =  *(_t351 + 0x28);
					if(_t199 <  *(_t351 + 0x10)) {
						_t283 = _t283 << 8;
						_t321 = _t321 << 0x00000008 |  *_t199 & 0x000000ff;
						 *(_t351 + 0x28) =  &(_t199[1]);
						goto L4;
					} else {
						L2:
						return 0;
					}
				}
				L113:
			}












































































                                                                                                                                                                    0x00412487
                                                                                                                                                                    0x0041248d
                                                                                                                                                                    0x00412490
                                                                                                                                                                    0x00412493
                                                                                                                                                                    0x00412498
                                                                                                                                                                    0x0041249b
                                                                                                                                                                    0x004124ae
                                                                                                                                                                    0x004124b3
                                                                                                                                                                    0x004124bc
                                                                                                                                                                    0x004124c6
                                                                                                                                                                    0x004124ee
                                                                                                                                                                    0x004124f3
                                                                                                                                                                    0x004124fa
                                                                                                                                                                    0x00412686
                                                                                                                                                                    0x0041268a
                                                                                                                                                                    0x0041268e
                                                                                                                                                                    0x00412690
                                                                                                                                                                    0x0041269a
                                                                                                                                                                    0x004126a4
                                                                                                                                                                    0x004126c0
                                                                                                                                                                    0x004126c5
                                                                                                                                                                    0x004126cc
                                                                                                                                                                    0x004126eb
                                                                                                                                                                    0x004126ed
                                                                                                                                                                    0x004126ef
                                                                                                                                                                    0x004126f7
                                                                                                                                                                    0x00412705
                                                                                                                                                                    0x00412721
                                                                                                                                                                    0x00412726
                                                                                                                                                                    0x00412729
                                                                                                                                                                    0x0041272f
                                                                                                                                                                    0x00412798
                                                                                                                                                                    0x0041279c
                                                                                                                                                                    0x0041279e
                                                                                                                                                                    0x004127a8
                                                                                                                                                                    0x004127b2
                                                                                                                                                                    0x004127ce
                                                                                                                                                                    0x004127d3
                                                                                                                                                                    0x004127da
                                                                                                                                                                    0x004127e0
                                                                                                                                                                    0x004127e8
                                                                                                                                                                    0x004127ea
                                                                                                                                                                    0x004127f2
                                                                                                                                                                    0x0041280e
                                                                                                                                                                    0x00412813
                                                                                                                                                                    0x00412818
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041281a
                                                                                                                                                                    0x0041281a
                                                                                                                                                                    0x0041281a
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004127f4
                                                                                                                                                                    0x004127f8
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004127fe
                                                                                                                                                                    0x00412804
                                                                                                                                                                    0x00412807
                                                                                                                                                                    0x0041280a
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041280a
                                                                                                                                                                    0x004127f8
                                                                                                                                                                    0x004127dc
                                                                                                                                                                    0x004127dc
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004127dc
                                                                                                                                                                    0x004127b4
                                                                                                                                                                    0x004127b8
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004127be
                                                                                                                                                                    0x004127c4
                                                                                                                                                                    0x004127c7
                                                                                                                                                                    0x004127c9
                                                                                                                                                                    0x004127ca
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004127ca
                                                                                                                                                                    0x004127b8
                                                                                                                                                                    0x00412731
                                                                                                                                                                    0x00412739
                                                                                                                                                                    0x0041273d
                                                                                                                                                                    0x00412741
                                                                                                                                                                    0x00412749
                                                                                                                                                                    0x00412767
                                                                                                                                                                    0x0041276c
                                                                                                                                                                    0x00412771
                                                                                                                                                                    0x0041281e
                                                                                                                                                                    0x0041281e
                                                                                                                                                                    0x00412820
                                                                                                                                                                    0x00412822
                                                                                                                                                                    0x00412826
                                                                                                                                                                    0x0041282a
                                                                                                                                                                    0x00412832
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412777
                                                                                                                                                                    0x0041277d
                                                                                                                                                                    0x00412795
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041277d
                                                                                                                                                                    0x0041274b
                                                                                                                                                                    0x0041274f
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412755
                                                                                                                                                                    0x00412758
                                                                                                                                                                    0x00412760
                                                                                                                                                                    0x00412762
                                                                                                                                                                    0x00412763
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412763
                                                                                                                                                                    0x0041274f
                                                                                                                                                                    0x00412749
                                                                                                                                                                    0x00412707
                                                                                                                                                                    0x0041270b
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412711
                                                                                                                                                                    0x00412717
                                                                                                                                                                    0x0041271a
                                                                                                                                                                    0x0041271d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041271d
                                                                                                                                                                    0x0041270b
                                                                                                                                                                    0x004126ce
                                                                                                                                                                    0x004126ce
                                                                                                                                                                    0x004126d0
                                                                                                                                                                    0x004126d8
                                                                                                                                                                    0x004126de
                                                                                                                                                                    0x00412838
                                                                                                                                                                    0x00412838
                                                                                                                                                                    0x00412841
                                                                                                                                                                    0x0041285d
                                                                                                                                                                    0x00412862
                                                                                                                                                                    0x00412865
                                                                                                                                                                    0x0041286b
                                                                                                                                                                    0x00412881
                                                                                                                                                                    0x00412885
                                                                                                                                                                    0x00412887
                                                                                                                                                                    0x0041288f
                                                                                                                                                                    0x004128ab
                                                                                                                                                                    0x004128b0
                                                                                                                                                                    0x004128b5
                                                                                                                                                                    0x004128cd
                                                                                                                                                                    0x004128cf
                                                                                                                                                                    0x004128d1
                                                                                                                                                                    0x004128d7
                                                                                                                                                                    0x004128dc
                                                                                                                                                                    0x004128b7
                                                                                                                                                                    0x004128b9
                                                                                                                                                                    0x004128be
                                                                                                                                                                    0x004128c0
                                                                                                                                                                    0x004128c7
                                                                                                                                                                    0x004128c7
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412891
                                                                                                                                                                    0x00412895
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041289b
                                                                                                                                                                    0x004128a1
                                                                                                                                                                    0x004128a4
                                                                                                                                                                    0x004128a6
                                                                                                                                                                    0x004128a7
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004128a7
                                                                                                                                                                    0x00412895
                                                                                                                                                                    0x0041286d
                                                                                                                                                                    0x0041286f
                                                                                                                                                                    0x00412871
                                                                                                                                                                    0x00412875
                                                                                                                                                                    0x00412877
                                                                                                                                                                    0x004128e4
                                                                                                                                                                    0x004128e4
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004128f0
                                                                                                                                                                    0x004128f6
                                                                                                                                                                    0x00412912
                                                                                                                                                                    0x0041291b
                                                                                                                                                                    0x00412920
                                                                                                                                                                    0x00412928
                                                                                                                                                                    0x0041292a
                                                                                                                                                                    0x0041292c
                                                                                                                                                                    0x00412922
                                                                                                                                                                    0x00412922
                                                                                                                                                                    0x00412924
                                                                                                                                                                    0x00412924
                                                                                                                                                                    0x00412930
                                                                                                                                                                    0x00412936
                                                                                                                                                                    0x00412940
                                                                                                                                                                    0x00412947
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041294d
                                                                                                                                                                    0x00412950
                                                                                                                                                                    0x00412952
                                                                                                                                                                    0x00412952
                                                                                                                                                                    0x00412957
                                                                                                                                                                    0x0041295b
                                                                                                                                                                    0x00412962
                                                                                                                                                                    0x00412962
                                                                                                                                                                    0x00412969
                                                                                                                                                                    0x00412970
                                                                                                                                                                    0x00412970
                                                                                                                                                                    0x0041297a
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041297c
                                                                                                                                                                    0x00412980
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412986
                                                                                                                                                                    0x0041298d
                                                                                                                                                                    0x00412990
                                                                                                                                                                    0x00412992
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412992
                                                                                                                                                                    0x00412980
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412993
                                                                                                                                                                    0x00412998
                                                                                                                                                                    0x0041299d
                                                                                                                                                                    0x004129a5
                                                                                                                                                                    0x004129a7
                                                                                                                                                                    0x004129a9
                                                                                                                                                                    0x0041299f
                                                                                                                                                                    0x0041299f
                                                                                                                                                                    0x004129a1
                                                                                                                                                                    0x004129a1
                                                                                                                                                                    0x004129ad
                                                                                                                                                                    0x004129b2
                                                                                                                                                                    0x004129b8
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004129be
                                                                                                                                                                    0x004129c2
                                                                                                                                                                    0x004129c6
                                                                                                                                                                    0x004129e5
                                                                                                                                                                    0x004129e9
                                                                                                                                                                    0x004129f0
                                                                                                                                                                    0x004129f6
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004129f8
                                                                                                                                                                    0x004129fa
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412a00
                                                                                                                                                                    0x00412a07
                                                                                                                                                                    0x00412a0a
                                                                                                                                                                    0x00412a0c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412a0c
                                                                                                                                                                    0x004129fa
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412a0d
                                                                                                                                                                    0x00412a0d
                                                                                                                                                                    0x00412a19
                                                                                                                                                                    0x00412a1b
                                                                                                                                                                    0x00412a1b
                                                                                                                                                                    0x00412a28
                                                                                                                                                                    0x00412a2c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004129c8
                                                                                                                                                                    0x004129df
                                                                                                                                                                    0x00412a31
                                                                                                                                                                    0x00412a31
                                                                                                                                                                    0x00412a40
                                                                                                                                                                    0x00412a44
                                                                                                                                                                    0x00412a4e
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412a50
                                                                                                                                                                    0x00412a54
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412a5a
                                                                                                                                                                    0x00412a61
                                                                                                                                                                    0x00412a64
                                                                                                                                                                    0x00412a66
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412a66
                                                                                                                                                                    0x00412a54
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412a67
                                                                                                                                                                    0x00412a6c
                                                                                                                                                                    0x00412a71
                                                                                                                                                                    0x00412a79
                                                                                                                                                                    0x00412a7b
                                                                                                                                                                    0x00412a7d
                                                                                                                                                                    0x00412a73
                                                                                                                                                                    0x00412a73
                                                                                                                                                                    0x00412a75
                                                                                                                                                                    0x00412a75
                                                                                                                                                                    0x00412a81
                                                                                                                                                                    0x00412a81
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412a84
                                                                                                                                                                    0x004129c6
                                                                                                                                                                    0x004129b8
                                                                                                                                                                    0x00412938
                                                                                                                                                                    0x00412938
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412938
                                                                                                                                                                    0x004128f8
                                                                                                                                                                    0x004128fc
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412902
                                                                                                                                                                    0x00412908
                                                                                                                                                                    0x0041290b
                                                                                                                                                                    0x0041290e
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041290e
                                                                                                                                                                    0x004128fc
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004128f6
                                                                                                                                                                    0x004128f0
                                                                                                                                                                    0x00412843
                                                                                                                                                                    0x00412847
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041284d
                                                                                                                                                                    0x00412853
                                                                                                                                                                    0x00412856
                                                                                                                                                                    0x00412859
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412859
                                                                                                                                                                    0x00412847
                                                                                                                                                                    0x00412841
                                                                                                                                                                    0x004126a6
                                                                                                                                                                    0x004126aa
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004126b0
                                                                                                                                                                    0x004126b6
                                                                                                                                                                    0x004126b9
                                                                                                                                                                    0x004126bb
                                                                                                                                                                    0x004126bc
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004126bc
                                                                                                                                                                    0x004126aa
                                                                                                                                                                    0x00412500
                                                                                                                                                                    0x00412500
                                                                                                                                                                    0x0041250f
                                                                                                                                                                    0x00412513
                                                                                                                                                                    0x0041251b
                                                                                                                                                                    0x00412520
                                                                                                                                                                    0x00412522
                                                                                                                                                                    0x00412522
                                                                                                                                                                    0x00412552
                                                                                                                                                                    0x00412552
                                                                                                                                                                    0x00412559
                                                                                                                                                                    0x004125ec
                                                                                                                                                                    0x004125ef
                                                                                                                                                                    0x004125f4
                                                                                                                                                                    0x004125fb
                                                                                                                                                                    0x004125f6
                                                                                                                                                                    0x004125f6
                                                                                                                                                                    0x004125f6
                                                                                                                                                                    0x00412604
                                                                                                                                                                    0x00412608
                                                                                                                                                                    0x0041260d
                                                                                                                                                                    0x00412612
                                                                                                                                                                    0x00412616
                                                                                                                                                                    0x0041261a
                                                                                                                                                                    0x0041261c
                                                                                                                                                                    0x0041262a
                                                                                                                                                                    0x00412634
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412636
                                                                                                                                                                    0x0041263e
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412644
                                                                                                                                                                    0x0041264a
                                                                                                                                                                    0x0041264d
                                                                                                                                                                    0x00412650
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412650
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412654
                                                                                                                                                                    0x00412659
                                                                                                                                                                    0x00412660
                                                                                                                                                                    0x0041266a
                                                                                                                                                                    0x0041266c
                                                                                                                                                                    0x0041266e
                                                                                                                                                                    0x00412662
                                                                                                                                                                    0x00412662
                                                                                                                                                                    0x00412664
                                                                                                                                                                    0x00412666
                                                                                                                                                                    0x00412666
                                                                                                                                                                    0x00412672
                                                                                                                                                                    0x0041267a
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412680
                                                                                                                                                                    0x00412680
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412680
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041267a
                                                                                                                                                                    0x0041255f
                                                                                                                                                                    0x0041255f
                                                                                                                                                                    0x00412570
                                                                                                                                                                    0x00412574
                                                                                                                                                                    0x0041257e
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00412580
                                                                                                                                                                    0x00412580
                                                                                                                                                                    0x00412588
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041258e
                                                                                                                                                                    0x00412594
                                                                                                                                                                    0x00412597
                                                                                                                                                                    0x0041259a
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041259a
                                                                                                                                                                    0x00412588
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041259e
                                                                                                                                                                    0x004125a3
                                                                                                                                                                    0x004125a8
                                                                                                                                                                    0x004125b0
                                                                                                                                                                    0x004125b2
                                                                                                                                                                    0x004125b4
                                                                                                                                                                    0x004125aa
                                                                                                                                                                    0x004125aa
                                                                                                                                                                    0x004125ac
                                                                                                                                                                    0x004125ac
                                                                                                                                                                    0x004125b8
                                                                                                                                                                    0x004125c0
                                                                                                                                                                    0x004125c0
                                                                                                                                                                    0x004125c8
                                                                                                                                                                    0x004125c8
                                                                                                                                                                    0x004125cc
                                                                                                                                                                    0x004125d2
                                                                                                                                                                    0x004125e9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004125d2
                                                                                                                                                                    0x00412559
                                                                                                                                                                    0x004124c8
                                                                                                                                                                    0x004124c8
                                                                                                                                                                    0x004124d0
                                                                                                                                                                    0x004124e4
                                                                                                                                                                    0x004124e7
                                                                                                                                                                    0x004124ea
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004124d5
                                                                                                                                                                    0x004124d5
                                                                                                                                                                    0x004124db
                                                                                                                                                                    0x004124db
                                                                                                                                                                    0x004124d0
                                                                                                                                                                    0x00000000

                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
                                                                                                                                                                    • Instruction ID: f7c307c9948f0502eef9bcc932476d7ce99f20ff48e31f419bd1d6f291c9dace
                                                                                                                                                                    • Opcode Fuzzy Hash: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
                                                                                                                                                                    • Instruction Fuzzy Hash: BD023A72A042114BC71DCE18C6902B9BBE2FBD5350F110A3FE496D7A84D7B8D8E5CB99
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00416076, Relevance: .3, Instructions: 259COMMONCrypto
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00416076(signed int* _a4, intOrPtr* _a8, char _a11, signed int _a12, char _a15) {
				signed int _v8;
				signed char _v12;
				intOrPtr _v16;
				intOrPtr _t186;
				void* _t187;
				signed int _t188;
				signed int* _t189;
				intOrPtr _t191;
				signed int* _t192;
				signed int* _t193;
				signed char _t194;
				intOrPtr _t195;
				intOrPtr* _t196;
				signed int _t199;
				signed int _t202;
				signed int _t207;
				signed int _t209;
				signed int _t218;
				signed int _t221;
				signed int* _t222;
				signed int _t227;
				intOrPtr _t228;
				intOrPtr _t229;
				intOrPtr _t230;
				char _t233;
				signed int _t234;
				signed char _t235;
				signed int* _t237;
				signed int* _t239;
				signed int* _t244;
				signed int* _t245;
				signed char _t250;
				intOrPtr _t256;
				signed int _t257;
				char _t258;
				char _t259;
				signed char _t260;
				signed int* _t262;
				signed int* _t267;
				signed int* _t268;
				char* _t270;
				signed int _t274;
				unsigned int _t275;
				intOrPtr _t277;
				unsigned int _t278;
				intOrPtr* _t280;
				void* _t281;
				signed char _t290;
				signed int _t292;
				signed char _t295;
				signed int _t298;
				signed int _t302;
				signed int* _t304;

				_t222 = _a4;
				_t280 = _a8;
				_t186 =  *((intOrPtr*)(_t222 + 0x10));
				_t292 = _a12 + 0x00000017 & 0xfffffff0;
				_t274 = _t280 -  *((intOrPtr*)(_t222 + 0xc)) >> 0xf;
				_v16 = _t274 * 0x204 + _t186 + 0x144;
				_t227 =  *((intOrPtr*)(_t280 - 4)) - 1;
				_a12 = _t227;
				_t194 =  *(_t227 + _t280 - 4);
				_t281 = _t227 + _t280 - 4;
				_v8 = _t194;
				if(_t292 <= _t227) {
					if(__eflags < 0) {
						_t195 = _a8;
						_a12 = _a12 - _t292;
						_t228 = _t292 + 1;
						 *((intOrPtr*)(_t195 - 4)) = _t228;
						_t196 = _t195 + _t292 - 4;
						_a8 = _t196;
						_t295 = (_a12 >> 4) - 1;
						 *((intOrPtr*)(_t196 - 4)) = _t228;
						__eflags = _t295 - 0x3f;
						if(_t295 > 0x3f) {
							_t295 = 0x3f;
						}
						__eflags = _v8 & 0x00000001;
						if((_v8 & 0x00000001) == 0) {
							_t298 = (_v8 >> 4) - 1;
							__eflags = _t298 - 0x3f;
							if(_t298 > 0x3f) {
								_t298 = 0x3f;
							}
							__eflags =  *((intOrPtr*)(_t281 + 4)) -  *((intOrPtr*)(_t281 + 8));
							if( *((intOrPtr*)(_t281 + 4)) ==  *((intOrPtr*)(_t281 + 8))) {
								__eflags = _t298 - 0x20;
								if(_t298 >= 0x20) {
									_t128 = _t298 - 0x20; // -32
									_t130 = _t186 + 4; // 0x4
									_t244 = _t298 + _t130;
									_t199 =  !(0x80000000 >> _t128);
									 *(_t186 + 0xc4 + _t274 * 4) =  *(_t186 + 0xc4 + _t274 * 4) & 0x80000000;
									 *_t244 =  *_t244 - 1;
									__eflags =  *_t244;
									if( *_t244 == 0) {
										_t245 = _a4;
										_t138 = _t245 + 4;
										 *_t138 =  *(_t245 + 4) & _t199;
										__eflags =  *_t138;
									}
								} else {
									_t304 = _t298 + _t186 + 4;
									_t202 =  !(0x80000000 >> _t298);
									 *(_t186 + 0x44 + _t274 * 4) =  *(_t186 + 0x44 + _t274 * 4) & 0x80000000;
									 *_t304 =  *_t304 - 1;
									__eflags =  *_t304;
									if( *_t304 == 0) {
										 *_a4 =  *_a4 & _t202;
									}
								}
								_t196 = _a8;
							}
							 *((intOrPtr*)( *((intOrPtr*)(_t281 + 8)) + 4)) =  *((intOrPtr*)(_t281 + 4));
							 *((intOrPtr*)( *((intOrPtr*)(_t281 + 4)) + 8)) =  *((intOrPtr*)(_t281 + 8));
							_t302 = _a12 + _v8;
							_a12 = _t302;
							_t295 = (_t302 >> 4) - 1;
							__eflags = _t295 - 0x3f;
							if(_t295 > 0x3f) {
								_t295 = 0x3f;
							}
						}
						_t229 = _v16;
						_t230 = _t229 + _t295 * 8;
						 *((intOrPtr*)(_t196 + 4)) =  *((intOrPtr*)(_t229 + 4 + _t295 * 8));
						 *((intOrPtr*)(_t196 + 8)) = _t230;
						 *((intOrPtr*)(_t230 + 4)) = _t196;
						 *((intOrPtr*)( *((intOrPtr*)(_t196 + 4)) + 8)) = _t196;
						__eflags =  *((intOrPtr*)(_t196 + 4)) -  *((intOrPtr*)(_t196 + 8));
						if( *((intOrPtr*)(_t196 + 4)) ==  *((intOrPtr*)(_t196 + 8))) {
							_t233 =  *(_t295 + _t186 + 4);
							__eflags = _t295 - 0x20;
							_a11 = _t233;
							_t234 = _t233 + 1;
							__eflags = _t234;
							 *(_t295 + _t186 + 4) = _t234;
							if(_t234 >= 0) {
								__eflags = _a11;
								if(_a11 == 0) {
									_t237 = _a4;
									_t176 = _t237 + 4;
									 *_t176 =  *(_t237 + 4) | 0x80000000 >> _t295 - 0x00000020;
									__eflags =  *_t176;
								}
								_t189 = _t186 + 0xc4 + _t274 * 4;
								_t235 = _t295 - 0x20;
								_t275 = 0x80000000;
							} else {
								__eflags = _a11;
								if(_a11 == 0) {
									_t239 = _a4;
									 *_t239 =  *_t239 | 0x80000000 >> _t295;
									__eflags =  *_t239;
								}
								_t189 = _t186 + 0x44 + _t274 * 4;
								_t275 = 0x80000000;
								_t235 = _t295;
							}
							 *_t189 =  *_t189 | _t275 >> _t235;
							__eflags =  *_t189;
						}
						_t188 = _a12;
						 *_t196 = _t188;
						 *((intOrPtr*)(_t188 + _t196 - 4)) = _t188;
					}
					L52:
					_t187 = 1;
					return _t187;
				}
				if((_t194 & 0x00000001) != 0 || _t292 > _t194 + _t227) {
					return 0;
				} else {
					_t250 = (_v8 >> 4) - 1;
					_v12 = _t250;
					if(_t250 > 0x3f) {
						_t250 = 0x3f;
						_v12 = _t250;
					}
					if( *((intOrPtr*)(_t281 + 4)) ==  *((intOrPtr*)(_t281 + 8))) {
						if(_t250 >= 0x20) {
							_t267 = _v12 + _t186 + 4;
							_t218 =  !(0x80000000 >> _t250 + 0xffffffe0);
							 *(_t186 + 0xc4 + _t274 * 4) =  *(_t186 + 0xc4 + _t274 * 4) & 0x80000000;
							 *_t267 =  *_t267 - 1;
							__eflags =  *_t267;
							if( *_t267 == 0) {
								_t268 = _a4;
								_t44 = _t268 + 4;
								 *_t44 =  *(_t268 + 4) & _t218;
								__eflags =  *_t44;
							}
						} else {
							_t270 = _v12 + _t186 + 4;
							_t221 =  !(0x80000000 >> _t250);
							 *(_t186 + 0x44 + _t274 * 4) =  *(_t186 + 0x44 + _t274 * 4) & 0x80000000;
							 *_t270 =  *_t270 - 1;
							if( *_t270 == 0) {
								 *_a4 =  *_a4 & _t221;
							}
						}
					}
					 *((intOrPtr*)( *((intOrPtr*)(_t281 + 8)) + 4)) =  *((intOrPtr*)(_t281 + 4));
					 *((intOrPtr*)( *((intOrPtr*)(_t281 + 4)) + 8)) =  *((intOrPtr*)(_t281 + 8));
					_v8 = _v8 + _a12 - _t292;
					if(_v8 <= 0) {
						_t277 = _a8;
					} else {
						_t290 = (_v8 >> 4) - 1;
						_t256 = _a8 + _t292 - 4;
						if(_t290 > 0x3f) {
							_t290 = 0x3f;
						}
						_t207 = _v16 + _t290 * 8;
						_a12 = _t207;
						 *((intOrPtr*)(_t256 + 4)) =  *((intOrPtr*)(_t207 + 4));
						_t209 = _a12;
						 *(_t256 + 8) = _t209;
						 *((intOrPtr*)(_t209 + 4)) = _t256;
						 *((intOrPtr*)( *((intOrPtr*)(_t256 + 4)) + 8)) = _t256;
						if( *((intOrPtr*)(_t256 + 4)) ==  *(_t256 + 8)) {
							_t258 =  *((intOrPtr*)(_t290 + _t186 + 4));
							_a15 = _t258;
							_t259 = _t258 + 1;
							 *((char*)(_t290 + _t186 + 4)) = _t259;
							if(_t259 >= 0) {
								__eflags = _a15;
								if(_a15 == 0) {
									_t84 = _t290 - 0x20; // -33
									_t262 = _a4;
									_t86 = _t262 + 4;
									 *_t86 =  *(_t262 + 4) | 0x80000000 >> _t84;
									__eflags =  *_t86;
								}
								_t193 = _t186 + 0xc4 + _t274 * 4;
								_t91 = _t290 - 0x20; // -33
								_t260 = _t91;
								_t278 = 0x80000000;
							} else {
								if(_a15 == 0) {
									 *_a4 =  *_a4 | 0x80000000 >> _t290;
								}
								_t193 = _t186 + 0x44 + _t274 * 4;
								_t278 = 0x80000000;
								_t260 = _t290;
							}
							 *_t193 =  *_t193 | _t278 >> _t260;
						}
						_t277 = _a8;
						_t257 = _v8;
						_t192 = _t277 + _t292 - 4;
						 *_t192 = _t257;
						 *(_t257 + _t192 - 4) = _t257;
					}
					_t191 = _t292 + 1;
					 *((intOrPtr*)(_t277 - 4)) = _t191;
					 *((intOrPtr*)(_t277 + _t292 - 8)) = _t191;
					goto L52;
				}
			}
























































                                                                                                                                                                    0x0041607c
                                                                                                                                                                    0x00416085
                                                                                                                                                                    0x00416090
                                                                                                                                                                    0x00416093
                                                                                                                                                                    0x00416096
                                                                                                                                                                    0x004160a8
                                                                                                                                                                    0x004160ae
                                                                                                                                                                    0x004160b1
                                                                                                                                                                    0x004160b4
                                                                                                                                                                    0x004160b8
                                                                                                                                                                    0x004160bc
                                                                                                                                                                    0x004160bf
                                                                                                                                                                    0x00416224
                                                                                                                                                                    0x0041622a
                                                                                                                                                                    0x0041622d
                                                                                                                                                                    0x00416230
                                                                                                                                                                    0x00416233
                                                                                                                                                                    0x00416236
                                                                                                                                                                    0x0041623d
                                                                                                                                                                    0x00416243
                                                                                                                                                                    0x00416244
                                                                                                                                                                    0x00416247
                                                                                                                                                                    0x0041624a
                                                                                                                                                                    0x0041624e
                                                                                                                                                                    0x0041624e
                                                                                                                                                                    0x0041624f
                                                                                                                                                                    0x00416253
                                                                                                                                                                    0x0041625f
                                                                                                                                                                    0x00416260
                                                                                                                                                                    0x00416263
                                                                                                                                                                    0x00416267
                                                                                                                                                                    0x00416267
                                                                                                                                                                    0x0041626b
                                                                                                                                                                    0x0041626e
                                                                                                                                                                    0x00416270
                                                                                                                                                                    0x00416273
                                                                                                                                                                    0x00416293
                                                                                                                                                                    0x0041629d
                                                                                                                                                                    0x0041629d
                                                                                                                                                                    0x004162a1
                                                                                                                                                                    0x004162a3
                                                                                                                                                                    0x004162aa
                                                                                                                                                                    0x004162aa
                                                                                                                                                                    0x004162ac
                                                                                                                                                                    0x004162ae
                                                                                                                                                                    0x004162b1
                                                                                                                                                                    0x004162b1
                                                                                                                                                                    0x004162b1
                                                                                                                                                                    0x004162b1
                                                                                                                                                                    0x00416275
                                                                                                                                                                    0x0041627e
                                                                                                                                                                    0x00416282
                                                                                                                                                                    0x00416284
                                                                                                                                                                    0x00416288
                                                                                                                                                                    0x00416288
                                                                                                                                                                    0x0041628a
                                                                                                                                                                    0x0041628f
                                                                                                                                                                    0x0041628f
                                                                                                                                                                    0x0041628a
                                                                                                                                                                    0x004162b4
                                                                                                                                                                    0x004162b4
                                                                                                                                                                    0x004162bd
                                                                                                                                                                    0x004162c6
                                                                                                                                                                    0x004162cc
                                                                                                                                                                    0x004162cf
                                                                                                                                                                    0x004162d5
                                                                                                                                                                    0x004162d6
                                                                                                                                                                    0x004162d9
                                                                                                                                                                    0x004162dd
                                                                                                                                                                    0x004162dd
                                                                                                                                                                    0x004162d9
                                                                                                                                                                    0x004162de
                                                                                                                                                                    0x004162e5
                                                                                                                                                                    0x004162e8
                                                                                                                                                                    0x004162eb
                                                                                                                                                                    0x004162ee
                                                                                                                                                                    0x004162f4
                                                                                                                                                                    0x004162fa
                                                                                                                                                                    0x004162fd
                                                                                                                                                                    0x004162ff
                                                                                                                                                                    0x00416303
                                                                                                                                                                    0x00416306
                                                                                                                                                                    0x00416309
                                                                                                                                                                    0x00416309
                                                                                                                                                                    0x0041630b
                                                                                                                                                                    0x0041630f
                                                                                                                                                                    0x00416332
                                                                                                                                                                    0x00416336
                                                                                                                                                                    0x00416342
                                                                                                                                                                    0x00416345
                                                                                                                                                                    0x00416345
                                                                                                                                                                    0x00416345
                                                                                                                                                                    0x00416345
                                                                                                                                                                    0x00416348
                                                                                                                                                                    0x0041634f
                                                                                                                                                                    0x00416352
                                                                                                                                                                    0x00416311
                                                                                                                                                                    0x00416311
                                                                                                                                                                    0x00416315
                                                                                                                                                                    0x00416320
                                                                                                                                                                    0x00416323
                                                                                                                                                                    0x00416323
                                                                                                                                                                    0x00416323
                                                                                                                                                                    0x00416325
                                                                                                                                                                    0x00416329
                                                                                                                                                                    0x0041632e
                                                                                                                                                                    0x0041632e
                                                                                                                                                                    0x00416359
                                                                                                                                                                    0x00416359
                                                                                                                                                                    0x00416359
                                                                                                                                                                    0x0041635b
                                                                                                                                                                    0x0041635e
                                                                                                                                                                    0x00416360
                                                                                                                                                                    0x00416360
                                                                                                                                                                    0x00416364
                                                                                                                                                                    0x00416366
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00416366
                                                                                                                                                                    0x004160c8
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004160d8
                                                                                                                                                                    0x004160de
                                                                                                                                                                    0x004160e2
                                                                                                                                                                    0x004160e5
                                                                                                                                                                    0x004160e9
                                                                                                                                                                    0x004160ea
                                                                                                                                                                    0x004160ea
                                                                                                                                                                    0x004160f3
                                                                                                                                                                    0x004160f8
                                                                                                                                                                    0x00416126
                                                                                                                                                                    0x0041612a
                                                                                                                                                                    0x0041612c
                                                                                                                                                                    0x00416133
                                                                                                                                                                    0x00416133
                                                                                                                                                                    0x00416135
                                                                                                                                                                    0x00416137
                                                                                                                                                                    0x0041613a
                                                                                                                                                                    0x0041613a
                                                                                                                                                                    0x0041613a
                                                                                                                                                                    0x0041613a
                                                                                                                                                                    0x004160fa
                                                                                                                                                                    0x00416104
                                                                                                                                                                    0x00416108
                                                                                                                                                                    0x0041610a
                                                                                                                                                                    0x0041610e
                                                                                                                                                                    0x00416110
                                                                                                                                                                    0x00416115
                                                                                                                                                                    0x00416115
                                                                                                                                                                    0x00416110
                                                                                                                                                                    0x004160f8
                                                                                                                                                                    0x00416143
                                                                                                                                                                    0x0041614c
                                                                                                                                                                    0x00416154
                                                                                                                                                                    0x0041615b
                                                                                                                                                                    0x0041620b
                                                                                                                                                                    0x00416161
                                                                                                                                                                    0x0041616a
                                                                                                                                                                    0x0041616b
                                                                                                                                                                    0x00416172
                                                                                                                                                                    0x00416176
                                                                                                                                                                    0x00416176
                                                                                                                                                                    0x0041617a
                                                                                                                                                                    0x0041617d
                                                                                                                                                                    0x00416183
                                                                                                                                                                    0x00416186
                                                                                                                                                                    0x00416189
                                                                                                                                                                    0x0041618c
                                                                                                                                                                    0x00416192
                                                                                                                                                                    0x0041619b
                                                                                                                                                                    0x0041619d
                                                                                                                                                                    0x004161a4
                                                                                                                                                                    0x004161a7
                                                                                                                                                                    0x004161a9
                                                                                                                                                                    0x004161ad
                                                                                                                                                                    0x004161d0
                                                                                                                                                                    0x004161d4
                                                                                                                                                                    0x004161d6
                                                                                                                                                                    0x004161e0
                                                                                                                                                                    0x004161e3
                                                                                                                                                                    0x004161e3
                                                                                                                                                                    0x004161e3
                                                                                                                                                                    0x004161e3
                                                                                                                                                                    0x004161e6
                                                                                                                                                                    0x004161ed
                                                                                                                                                                    0x004161ed
                                                                                                                                                                    0x004161f0
                                                                                                                                                                    0x004161af
                                                                                                                                                                    0x004161b3
                                                                                                                                                                    0x004161c1
                                                                                                                                                                    0x004161c1
                                                                                                                                                                    0x004161c3
                                                                                                                                                                    0x004161c7
                                                                                                                                                                    0x004161cc
                                                                                                                                                                    0x004161cc
                                                                                                                                                                    0x004161f7
                                                                                                                                                                    0x004161f7
                                                                                                                                                                    0x004161f9
                                                                                                                                                                    0x004161fc
                                                                                                                                                                    0x004161ff
                                                                                                                                                                    0x00416203
                                                                                                                                                                    0x00416205
                                                                                                                                                                    0x00416205
                                                                                                                                                                    0x0041620e
                                                                                                                                                                    0x00416211
                                                                                                                                                                    0x00416214
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00416214

                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                                                                                                                                                                    • Instruction ID: 6f6e9ae2f3605818a2c8e7767e34e4a9399a597c595f09bc79f2493b2d2310b3
                                                                                                                                                                    • Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                                                                                                                                                                    • Instruction Fuzzy Hash: 3EB17C7590120ADFDB15CF04C5D0AE9BBA1FF58318F25C1AEC85A4B382C735EA86CB94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004039C8, Relevance: .1, Instructions: 82COMMONCrypto
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E004039C8() {
				void* _t37;
				signed int _t38;
				signed int _t72;

				_t72 = 0;
				do {
					 *(0x4236e0 + _t72 * 4) =  !((( !((( !((( !((( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t72 & 0x00000001) - 1) & 0xedb88320 ^ _t72 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001;
					_t72 = _t72 + 1;
				} while (_t72 < 0x100);
				while(_t72 < 0x800) {
					_t38 =  *(0x4232e0 + _t72 * 4);
					_t72 = _t72 + 1;
					 *(0x4236dc + _t72 * 4) = _t38 >> 0x00000008 ^  *(0x4236e0 + (_t38 & 0x000000ff) * 4);
				}
				 *0x42335c = 0x418da0;
				_t37 = E004111F0();
				if(_t37 == 0) {
					 *0x42335c = 0x418cc0;
					return _t37;
				}
				return _t37;
			}






                                                                                                                                                                    0x004131a0
                                                                                                                                                                    0x004131a2
                                                                                                                                                                    0x00413230
                                                                                                                                                                    0x00413237
                                                                                                                                                                    0x00413238
                                                                                                                                                                    0x0041324a
                                                                                                                                                                    0x00413250
                                                                                                                                                                    0x00413269
                                                                                                                                                                    0x0041326a
                                                                                                                                                                    0x00413271
                                                                                                                                                                    0x00413279
                                                                                                                                                                    0x00413283
                                                                                                                                                                    0x0041328a
                                                                                                                                                                    0x0041328c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041328c
                                                                                                                                                                    0x00413296

                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 8b1b8b3e4e9aa519cc0883e8f2e9399227ae21cf5f78173f93e12a8e0ced7762
                                                                                                                                                                    • Instruction ID: 7f21fa5966f3e8744179bfb474c2758024c7c669c00a9d4920a80f5d7b425c19
                                                                                                                                                                    • Opcode Fuzzy Hash: 8b1b8b3e4e9aa519cc0883e8f2e9399227ae21cf5f78173f93e12a8e0ced7762
                                                                                                                                                                    • Instruction Fuzzy Hash: D621427E370D0607A71C8B6AAD336B921D1E38430A7C8A03DE64BC53C1EE6DD595C60D
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00418CC1, Relevance: .1, Instructions: 70COMMONCrypto
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00418CC1(signed char __ecx, signed int __edx, intOrPtr _a8, intOrPtr _a12) {
				signed char _t42;
				signed int _t44;
				signed int _t50;
				signed int _t51;
				unsigned int _t59;
				signed char _t60;
				signed int _t62;
				void* _t63;
				intOrPtr _t65;
				intOrPtr _t67;
				signed int _t69;
				signed int _t73;
				signed int _t83;
				intOrPtr _t86;

				_t62 = __edx;
				_t42 = __ecx;
				_t65 = _a8;
				_t86 = _a12;
				if(_t65 != 0) {
					while((_t62 & 0x00000007) != 0) {
						_t83 =  *_t62 & 0x000000ff;
						_t62 = _t62 + 1;
						_t42 = _t42 >> 0x00000008 ^  *(_t86 + (_t83 ^ _t42 & 0x000000ff) * 4);
						_t65 = _t65 - 1;
						if(_t65 != 0) {
							continue;
						}
						break;
					}
					if(_t65 >= 0x10) {
						_t67 = _t65 + _t62;
						_a8 = _t67;
						_t69 = _t67 - 0x00000008 & 0xfffffff8;
						_t63 = _t62 - _t69;
						_t44 = _t42 ^  *(_t63 + _t69);
						_t59 =  *(_t63 + _t69 + 4);
						do {
							_t50 = _t59 & 0x000000ff;
							_t51 = _t59 & 0x000000ff;
							_t60 = _t59 >> 0x10;
							_t59 =  *(_t63 + _t69 + 0xc);
							_t44 =  *(_t86 + 0x1000 + (_t44 >> 0x00000010 & 0x000000ff) * 4) ^  *(_t63 + _t69 + 8) ^  *(_t86 + 0xc00 + _t50 * 4) ^  *(_t86 + 0x800 + _t51 * 4) ^  *(_t86 + 0x400 + (_t60 & 0x000000ff) * 4) ^  *(_t86 + (_t60 & 0x000000ff) * 4) ^  *(_t86 + 0x1c00 + (_t44 & 0x000000ff) * 4) ^  *(_t86 + 0x1800 + (_t44 & 0x000000ff) * 4) ^  *(_t86 + 0x1400 + (_t44 >> 0x00000010 & 0x000000ff) * 4);
							_t63 = _t63 + 8;
						} while (_t63 != 0);
						_t42 = _t44 ^  *(_t63 + _t69);
						_t62 = _t69;
						_t65 = _a8 - _t62;
						L7:
						while(_t65 != 0) {
							_t73 =  *_t62 & 0x000000ff;
							_t62 = _t62 + 1;
							_t42 = _t42 >> 0x00000008 ^  *(_t86 + (_t73 ^ _t42 & 0x000000ff) * 4);
							_t65 = _t65 - 1;
						}
						return _t42;
					}
				}
				goto L7;
			}

















                                                                                                                                                                    0x00418cc1
                                                                                                                                                                    0x00418cc4
                                                                                                                                                                    0x00418cc6
                                                                                                                                                                    0x00418cca
                                                                                                                                                                    0x00418cd0
                                                                                                                                                                    0x00418cd6
                                                                                                                                                                    0x00418cde
                                                                                                                                                                    0x00418ce1
                                                                                                                                                                    0x00418cea
                                                                                                                                                                    0x00418cee
                                                                                                                                                                    0x00418cef
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00418cef
                                                                                                                                                                    0x00418cf4
                                                                                                                                                                    0x00418cfa
                                                                                                                                                                    0x00418cfc
                                                                                                                                                                    0x00418d03
                                                                                                                                                                    0x00418d06
                                                                                                                                                                    0x00418d08
                                                                                                                                                                    0x00418d0b
                                                                                                                                                                    0x00418d10
                                                                                                                                                                    0x00418d14
                                                                                                                                                                    0x00418d1e
                                                                                                                                                                    0x00418d28
                                                                                                                                                                    0x00418d3f
                                                                                                                                                                    0x00418d6b
                                                                                                                                                                    0x00418d6d
                                                                                                                                                                    0x00418d6d
                                                                                                                                                                    0x00418d72
                                                                                                                                                                    0x00418d75
                                                                                                                                                                    0x00418d7b
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00418d7d
                                                                                                                                                                    0x00418d81
                                                                                                                                                                    0x00418d84
                                                                                                                                                                    0x00418d8d
                                                                                                                                                                    0x00418d91
                                                                                                                                                                    0x00418d91
                                                                                                                                                                    0x00418d98
                                                                                                                                                                    0x00418d98
                                                                                                                                                                    0x00418cf4
                                                                                                                                                                    0x00000000

                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
                                                                                                                                                                    • Instruction ID: 99a347de7b16eca0cbeab8721e5afb4e5ad46217b84f2e64c48f172e38bf97ef
                                                                                                                                                                    • Opcode Fuzzy Hash: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
                                                                                                                                                                    • Instruction Fuzzy Hash: 2B21C83290062547C702DE6DF4845A7F391FBD4369F134727ED8467291C629A854D6E0
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00418D9B, Relevance: .1, Instructions: 70COMMONCrypto
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00418D9B(signed char __ecx, signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				signed char _t39;
				signed int _t41;
				signed int _t63;
				void* _t64;
				intOrPtr _t65;
				intOrPtr _t66;
				signed int _t68;
				signed int _t70;
				signed int _t74;
				intOrPtr _t76;

				_t63 = __edx;
				_t39 = __ecx;
				_t65 = _a4;
				_t76 = _a8;
				if(_t65 != 0) {
					while((_t63 & 0x00000007) != 0) {
						_t74 =  *_t63 & 0x000000ff;
						_t63 = _t63 + 1;
						_t39 = _t39 >> 0x00000008 ^  *(_t76 + (_t74 ^ _t39 & 0x000000ff) * 4);
						_t65 = _t65 - 1;
						if(_t65 != 0) {
							continue;
						}
						break;
					}
					if(_t65 >= 0x10) {
						_t66 = _t65 + _t63;
						_a4 = _t66;
						_t68 = _t66 - 0x00000008 & 0xfffffff8;
						_t64 = _t63 - _t68;
						_t41 = _t39 ^  *(_t64 + _t68);
						do {
							_t41 =  *(_t76 + 0xc00 + (( *(_t76 + 0xc00 + (_t41 & 0x000000ff) * 4) ^  *(_t64 + _t68 + 4) ^  *(_t76 + 0x800 + (_t41 & 0x000000ff) * 4) ^  *(_t76 + (_t41 >> 0x00000010 & 0x000000ff) * 4) ^  *(_t76 + 0x400 + (_t41 >> 0x00000010 & 0x000000ff) * 4)) & 0x000000ff) * 4) ^  *(_t64 + _t68 + 8) ^  *(_t76 + 0x800 + (( *(_t76 + 0xc00 + (_t41 & 0x000000ff) * 4) ^  *(_t64 + _t68 + 4) ^  *(_t76 + 0x800 + (_t41 & 0x000000ff) * 4) ^  *(_t76 + (_t41 >> 0x00000010 & 0x000000ff) * 4) ^  *(_t76 + 0x400 + (_t41 >> 0x00000010 & 0x000000ff) * 4)) & 0x000000ff) * 4) ^  *(_t76 + (( *(_t76 + 0xc00 + (_t41 & 0x000000ff) * 4) ^  *(_t64 + _t68 + 4) ^  *(_t76 + 0x800 + (_t41 & 0x000000ff) * 4) ^  *(_t76 + (_t41 >> 0x00000010 & 0x000000ff) * 4) ^  *(_t76 + 0x400 + (_t41 >> 0x00000010 & 0x000000ff) * 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(_t76 + 0x400 + (( *(_t76 + 0xc00 + (_t41 & 0x000000ff) * 4) ^  *(_t64 + _t68 + 4) ^  *(_t76 + 0x800 + (_t41 & 0x000000ff) * 4) ^  *(_t76 + (_t41 >> 0x00000010 & 0x000000ff) * 4) ^  *(_t76 + 0x400 + (_t41 >> 0x00000010 & 0x000000ff) * 4)) >> 0x00000010 & 0x000000ff) * 4);
							_t64 = _t64 + 8;
						} while (_t64 != 0);
						_t39 = _t41 ^  *(_t64 + _t68);
						_t63 = _t68;
						_t65 = _a4 - _t63;
						L8:
						while(_t65 != 0) {
							_t70 =  *_t63 & 0x000000ff;
							_t63 = _t63 + 1;
							_t39 = _t39 >> 0x00000008 ^  *(_t76 + (_t70 ^ _t39 & 0x000000ff) * 4);
							_t65 = _t65 - 1;
						}
						return _t39;
					}
				}
				goto L8;
			}













                                                                                                                                                                    0x00418d9b
                                                                                                                                                                    0x00418da4
                                                                                                                                                                    0x00418da6
                                                                                                                                                                    0x00418daa
                                                                                                                                                                    0x00418db0
                                                                                                                                                                    0x00418db6
                                                                                                                                                                    0x00418dbe
                                                                                                                                                                    0x00418dc1
                                                                                                                                                                    0x00418dca
                                                                                                                                                                    0x00418dce
                                                                                                                                                                    0x00418dcf
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00418dcf
                                                                                                                                                                    0x00418dd4
                                                                                                                                                                    0x00418dda
                                                                                                                                                                    0x00418ddc
                                                                                                                                                                    0x00418de3
                                                                                                                                                                    0x00418de6
                                                                                                                                                                    0x00418de8
                                                                                                                                                                    0x00418df0
                                                                                                                                                                    0x00418e46
                                                                                                                                                                    0x00418e4d
                                                                                                                                                                    0x00418e4d
                                                                                                                                                                    0x00418e52
                                                                                                                                                                    0x00418e55
                                                                                                                                                                    0x00418e5b
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00418e5d
                                                                                                                                                                    0x00418e61
                                                                                                                                                                    0x00418e64
                                                                                                                                                                    0x00418e6d
                                                                                                                                                                    0x00418e71
                                                                                                                                                                    0x00418e71
                                                                                                                                                                    0x00418e78
                                                                                                                                                                    0x00418e78
                                                                                                                                                                    0x00418dd4
                                                                                                                                                                    0x00000000

                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
                                                                                                                                                                    • Instruction ID: 71e75c779d64757812c6fa0593de5e91038406040dd0a6985e9d44633d38c26d
                                                                                                                                                                    • Opcode Fuzzy Hash: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
                                                                                                                                                                    • Instruction Fuzzy Hash: BC2137725105258BC701DF2DF4886B7B3E1FFD4319F638A3BD8818B1C1CA29D881D694
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004185ED, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 61%
                                                                                                                                                                    			E004185ED(int _a4, int _a8, signed char _a9, char* _a12, int _a16, short* _a20, int _a24, int _a28, char _a32) {
				signed int _v8;
				intOrPtr _v20;
				short* _v28;
				int _v32;
				short* _v36;
				short* _v40;
				int _v44;
				void* _v60;
				int _t61;
				int _t62;
				int _t82;
				int _t83;
				int _t88;
				short* _t89;
				int _t90;
				void* _t91;
				int _t99;
				intOrPtr _t101;
				short* _t102;
				int _t104;

				_push(0xffffffff);
				_push(0x41be08);
				_push(E004147FC);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t101;
				_t102 = _t101 - 0x1c;
				_v28 = _t102;
				_t104 =  *0x423574; // 0x1
				if(_t104 != 0) {
					L5:
					if(_a16 > 0) {
						_t83 = E00418811(_a12, _a16);
						_pop(_t91);
						_a16 = _t83;
					}
					_t61 =  *0x423574; // 0x1
					if(_t61 != 2) {
						if(_t61 != 1) {
							goto L21;
						} else {
							if(_a28 == 0) {
								_t82 =  *0x42356c; // 0x0
								_a28 = _t82;
							}
							_t16 =  &_a32; // 0x4256e4
							asm("sbb eax, eax");
							_t88 = MultiByteToWideChar(_a28, ( ~( *_t16) & 0x00000008) + 1, _a12, _a16, 0, 0);
							_v32 = _t88;
							if(_t88 == 0) {
								goto L21;
							} else {
								_v8 = 0;
								E00413A90(_t88 + _t88 + 0x00000003 & 0x000000fc, _t91);
								_v28 = _t102;
								_v40 = _t102;
								_v8 = _v8 | 0xffffffff;
								if(_v40 == 0 || MultiByteToWideChar(_a28, 1, _a12, _a16, _v40, _t88) == 0) {
									goto L21;
								} else {
									_t99 = LCMapStringW(_a4, _a8, _v40, _t88, 0, 0);
									_v44 = _t99;
									if(_t99 == 0) {
										goto L21;
									} else {
										if((_a9 & 0x00000004) == 0) {
											_v8 = 1;
											E00413A90(_t99 + _t99 + 0x00000003 & 0x000000fc, _t91);
											_v28 = _t102;
											_t89 = _t102;
											_v36 = _t89;
											_v8 = _v8 | 0xffffffff;
											if(_t89 == 0 || LCMapStringW(_a4, _a8, _v40, _v32, _t89, _t99) == 0) {
												goto L21;
											} else {
												_push(0);
												_push(0);
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_t99 = WideCharToMultiByte(_a28, 0x220, _t89, _t99, ??, ??, ??, ??);
												if(_t99 == 0) {
													goto L21;
												} else {
													goto L30;
												}
											}
										} else {
											if(_a24 == 0 || _t99 <= _a24 && LCMapStringW(_a4, _a8, _v40, _t88, _a20, _a24) != 0) {
												L30:
												_t62 = _t99;
											} else {
												goto L21;
											}
										}
									}
								}
							}
						}
					} else {
						_t62 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
					}
				} else {
					_push(0);
					_push(0);
					_t90 = 1;
					if(LCMapStringW(0, 0x100, 0x41be00, _t90, ??, ??) == 0) {
						if(LCMapStringA(0, 0x100, 0x41bdfc, _t90, 0, 0) == 0) {
							L21:
							_t62 = 0;
						} else {
							 *0x423574 = 2;
							goto L5;
						}
					} else {
						 *0x423574 = _t90;
						goto L5;
					}
				}
				 *[fs:0x0] = _v20;
				return _t62;
			}























                                                                                                                                                                    0x004185f0
                                                                                                                                                                    0x004185f2
                                                                                                                                                                    0x004185f7
                                                                                                                                                                    0x00418602
                                                                                                                                                                    0x00418603
                                                                                                                                                                    0x0041860a
                                                                                                                                                                    0x00418610
                                                                                                                                                                    0x00418615
                                                                                                                                                                    0x0041861b
                                                                                                                                                                    0x00418663
                                                                                                                                                                    0x00418666
                                                                                                                                                                    0x0041866e
                                                                                                                                                                    0x00418674
                                                                                                                                                                    0x00418675
                                                                                                                                                                    0x00418675
                                                                                                                                                                    0x00418678
                                                                                                                                                                    0x00418680
                                                                                                                                                                    0x004186a2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004186a8
                                                                                                                                                                    0x004186ab
                                                                                                                                                                    0x004186ad
                                                                                                                                                                    0x004186b2
                                                                                                                                                                    0x004186b2
                                                                                                                                                                    0x004186bd
                                                                                                                                                                    0x004186c2
                                                                                                                                                                    0x004186d2
                                                                                                                                                                    0x004186d4
                                                                                                                                                                    0x004186d9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004186df
                                                                                                                                                                    0x004186df
                                                                                                                                                                    0x004186ea
                                                                                                                                                                    0x004186ef
                                                                                                                                                                    0x004186f4
                                                                                                                                                                    0x004186f7
                                                                                                                                                                    0x00418713
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041872e
                                                                                                                                                                    0x00418740
                                                                                                                                                                    0x00418742
                                                                                                                                                                    0x00418747
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00418749
                                                                                                                                                                    0x0041874d
                                                                                                                                                                    0x0041878f
                                                                                                                                                                    0x0041879e
                                                                                                                                                                    0x004187a3
                                                                                                                                                                    0x004187a6
                                                                                                                                                                    0x004187a8
                                                                                                                                                                    0x004187ab
                                                                                                                                                                    0x004187c5
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004187df
                                                                                                                                                                    0x004187e2
                                                                                                                                                                    0x004187e3
                                                                                                                                                                    0x004187e4
                                                                                                                                                                    0x004187ea
                                                                                                                                                                    0x004187ed
                                                                                                                                                                    0x004187e6
                                                                                                                                                                    0x004187e6
                                                                                                                                                                    0x004187e7
                                                                                                                                                                    0x004187e7
                                                                                                                                                                    0x00418800
                                                                                                                                                                    0x00418804
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00418804
                                                                                                                                                                    0x0041874f
                                                                                                                                                                    0x00418752
                                                                                                                                                                    0x0041880a
                                                                                                                                                                    0x0041880a
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00418752
                                                                                                                                                                    0x0041874d
                                                                                                                                                                    0x00418747
                                                                                                                                                                    0x00418713
                                                                                                                                                                    0x004186d9
                                                                                                                                                                    0x00418682
                                                                                                                                                                    0x00418694
                                                                                                                                                                    0x00418694
                                                                                                                                                                    0x0041861d
                                                                                                                                                                    0x0041861d
                                                                                                                                                                    0x0041861e
                                                                                                                                                                    0x00418621
                                                                                                                                                                    0x00418637
                                                                                                                                                                    0x00418653
                                                                                                                                                                    0x0041877b
                                                                                                                                                                    0x0041877b
                                                                                                                                                                    0x00418659
                                                                                                                                                                    0x00418659
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00418659
                                                                                                                                                                    0x00418639
                                                                                                                                                                    0x00418639
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00418639
                                                                                                                                                                    0x00418637
                                                                                                                                                                    0x00418783
                                                                                                                                                                    0x0041878e

                                                                                                                                                                    APIs
                                                                                                                                                                    • LCMapStringW.KERNEL32(00000000,00000100,0041BE00,00000001,00000000,00000000,74B070F0,004256E4,?,?,?,0041848E,?,?,?,00000000), ref: 0041862F
                                                                                                                                                                    • LCMapStringA.KERNEL32(00000000,00000100,0041BDFC,00000001,00000000,00000000,?,?,0041848E,?,?,?,00000000,00000001), ref: 0041864B
                                                                                                                                                                    • LCMapStringA.KERNEL32(?,?,?,0041848E,?,?,74B070F0,004256E4,?,?,?,0041848E,?,?,?,00000000), ref: 00418694
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,VB,?,0041848E,00000000,00000000,74B070F0,004256E4,?,?,?,0041848E,?,?,?,00000000), ref: 004186CC
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,?,0041848E,?,00000000,?,?,0041848E,?), ref: 00418724
                                                                                                                                                                    • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,0041848E,?), ref: 0041873A
                                                                                                                                                                    • LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,0041848E,?), ref: 0041876D
                                                                                                                                                                    • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,0041848E,?), ref: 004187D5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String$ByteCharMultiWide
                                                                                                                                                                    • String ID: VB
                                                                                                                                                                    • API String ID: 352835431-2416070386
                                                                                                                                                                    • Opcode ID: 003663a998c404720e509784b904756e9dc21287fecc91c3ae78f0538cf30181
                                                                                                                                                                    • Instruction ID: 75fdc42d4ca3b2d5695a32d80f34dcfea13c9c9e1b2be43f5f9a41df7731755a
                                                                                                                                                                    • Opcode Fuzzy Hash: 003663a998c404720e509784b904756e9dc21287fecc91c3ae78f0538cf30181
                                                                                                                                                                    • Instruction Fuzzy Hash: A6515F31900609EFCF218F65CC45EEF7FB5FB48754F20412AF925A12A0D7398991DBA9
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004172DF, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E004172DF() {
				int _v4;
				int _v8;
				intOrPtr _t7;
				CHAR* _t9;
				WCHAR* _t17;
				int _t20;
				char* _t24;
				int _t32;
				CHAR* _t36;
				WCHAR* _t38;
				void* _t39;
				int _t42;

				_t7 =  *0x423528; // 0x1
				_t32 = 0;
				_t38 = 0;
				_t36 = 0;
				if(_t7 != 0) {
					if(_t7 != 1) {
						if(_t7 != 2) {
							L27:
							return 0;
						}
						L18:
						if(_t36 != _t32) {
							L20:
							_t9 = _t36;
							if( *_t36 == _t32) {
								L23:
								_t41 = _t9 - _t36 + 1;
								_t39 = E00413C35(_t9 - _t36 + 1);
								if(_t39 != _t32) {
									E00413E60(_t39, _t36, _t41);
								} else {
									_t39 = 0;
								}
								FreeEnvironmentStringsA(_t36);
								return _t39;
							} else {
								goto L21;
							}
							do {
								do {
									L21:
									_t9 =  &(_t9[1]);
								} while ( *_t9 != _t32);
								_t9 =  &(_t9[1]);
							} while ( *_t9 != _t32);
							goto L23;
						}
						_t36 = GetEnvironmentStrings();
						if(_t36 == _t32) {
							goto L27;
						}
						goto L20;
					}
					L6:
					if(_t38 != _t32) {
						L8:
						_t17 = _t38;
						if( *_t38 == _t32) {
							L11:
							_t20 = (_t17 - _t38 >> 1) + 1;
							_v4 = _t20;
							_t42 = WideCharToMultiByte(_t32, _t32, _t38, _t20, _t32, _t32, _t32, _t32);
							if(_t42 != _t32) {
								_t24 = E00413C35(_t42);
								_v8 = _t24;
								if(_t24 != _t32) {
									if(WideCharToMultiByte(_t32, _t32, _t38, _v4, _t24, _t42, _t32, _t32) == 0) {
										_t4 =  &_v8; // 0x41496a
										E00413D6F( *_t4);
										_v8 = _t32;
									}
									_t6 =  &_v8; // 0x41496a
									_t32 =  *_t6;
								}
							}
							FreeEnvironmentStringsW(_t38);
							return _t32;
						} else {
							goto L9;
						}
						do {
							do {
								L9:
								_t17 =  &(_t17[1]);
							} while ( *_t17 != _t32);
							_t17 =  &(_t17[1]);
						} while ( *_t17 != _t32);
						goto L11;
					}
					_t38 = GetEnvironmentStringsW();
					if(_t38 == _t32) {
						goto L27;
					}
					goto L8;
				}
				_t38 = GetEnvironmentStringsW();
				if(_t38 == 0) {
					_t36 = GetEnvironmentStrings();
					if(_t36 == 0) {
						goto L27;
					}
					 *0x423528 = 2;
					goto L18;
				}
				 *0x423528 = 1;
				goto L6;
			}















                                                                                                                                                                    0x004172e1
                                                                                                                                                                    0x004172f0
                                                                                                                                                                    0x004172f2
                                                                                                                                                                    0x004172f4
                                                                                                                                                                    0x004172f8
                                                                                                                                                                    0x00417330
                                                                                                                                                                    0x004173ba
                                                                                                                                                                    0x00417408
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00417408
                                                                                                                                                                    0x004173bc
                                                                                                                                                                    0x004173be
                                                                                                                                                                    0x004173cc
                                                                                                                                                                    0x004173ce
                                                                                                                                                                    0x004173d0
                                                                                                                                                                    0x004173dc
                                                                                                                                                                    0x004173df
                                                                                                                                                                    0x004173e7
                                                                                                                                                                    0x004173ec
                                                                                                                                                                    0x004173f5
                                                                                                                                                                    0x004173ee
                                                                                                                                                                    0x004173ee
                                                                                                                                                                    0x004173ee
                                                                                                                                                                    0x004173fe
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004173d2
                                                                                                                                                                    0x004173d2
                                                                                                                                                                    0x004173d2
                                                                                                                                                                    0x004173d2
                                                                                                                                                                    0x004173d3
                                                                                                                                                                    0x004173d7
                                                                                                                                                                    0x004173d8
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004173d2
                                                                                                                                                                    0x004173c6
                                                                                                                                                                    0x004173ca
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004173ca
                                                                                                                                                                    0x00417336
                                                                                                                                                                    0x00417338
                                                                                                                                                                    0x00417346
                                                                                                                                                                    0x00417349
                                                                                                                                                                    0x0041734b
                                                                                                                                                                    0x0041735b
                                                                                                                                                                    0x00417367
                                                                                                                                                                    0x0041736e
                                                                                                                                                                    0x00417374
                                                                                                                                                                    0x00417378
                                                                                                                                                                    0x0041737b
                                                                                                                                                                    0x00417383
                                                                                                                                                                    0x00417387
                                                                                                                                                                    0x00417398
                                                                                                                                                                    0x0041739a
                                                                                                                                                                    0x0041739e
                                                                                                                                                                    0x004173a4
                                                                                                                                                                    0x004173a4
                                                                                                                                                                    0x004173a8
                                                                                                                                                                    0x004173a8
                                                                                                                                                                    0x004173a8
                                                                                                                                                                    0x00417387
                                                                                                                                                                    0x004173ad
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041734d
                                                                                                                                                                    0x0041734d
                                                                                                                                                                    0x0041734d
                                                                                                                                                                    0x0041734e
                                                                                                                                                                    0x0041734f
                                                                                                                                                                    0x00417355
                                                                                                                                                                    0x00417356
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041734d
                                                                                                                                                                    0x0041733c
                                                                                                                                                                    0x00417340
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00417340
                                                                                                                                                                    0x004172fc
                                                                                                                                                                    0x00417300
                                                                                                                                                                    0x00417314
                                                                                                                                                                    0x00417318
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041731e
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041731e
                                                                                                                                                                    0x00417302
                                                                                                                                                                    0x00000000

                                                                                                                                                                    APIs
                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 004172FA
                                                                                                                                                                    • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 0041730E
                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 0041733A
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,0041496A), ref: 00417372
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,0041496A), ref: 00417394
                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,0041496A), ref: 004173AD
                                                                                                                                                                    • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,0041496A), ref: 004173C0
                                                                                                                                                                    • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 004173FE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                                                                                                    • String ID: jIA
                                                                                                                                                                    • API String ID: 1823725401-2590053038
                                                                                                                                                                    • Opcode ID: dcd9eacb03994a91aa73d6441958e3731b9086dbddb026e1bfa459d91ea586b1
                                                                                                                                                                    • Instruction ID: 8edd1d2af646b02ed721f394ba4169bf36ee68eca66066dd640126c456dfff16
                                                                                                                                                                    • Opcode Fuzzy Hash: dcd9eacb03994a91aa73d6441958e3731b9086dbddb026e1bfa459d91ea586b1
                                                                                                                                                                    • Instruction Fuzzy Hash: 7631D47250C219AFD7317F689C888FB7ABCE649354715053BFD66C3201E6288CC1E2AD
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00417606, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                                    			E00417606(void* __edi, long _a4) {
				char _v164;
				char _v424;
				int _t17;
				long _t19;
				signed int _t42;
				long _t47;
				void* _t48;
				signed int _t54;
				void** _t56;
				void* _t57;

				_t48 = __edi;
				_t47 = _a4;
				_t42 = 0;
				_t17 = 0x422a78;
				while(_t47 !=  *_t17) {
					_t17 = _t17 + 8;
					_t42 = _t42 + 1;
					if(_t17 < 0x422b08) {
						continue;
					}
					break;
				}
				_t54 = _t42 << 3;
				_t2 = _t54 + 0x422a78; // 0x34000000
				if(_t47 ==  *_t2) {
					_t17 =  *0x423368; // 0x0
					if(_t17 == 1 || _t17 == 0 &&  *0x420754 == 1) {
						_t16 = _t54 + 0x422a7c; // 0x41bd34
						_t56 = _t16;
						_t19 = E004142A0( *_t56);
						_t17 = WriteFile(GetStdHandle(0xfffffff4),  *_t56, _t19,  &_a4, 0);
					} else {
						if(_t47 != 0xfc) {
							if(GetModuleFileNameA(0,  &_v424, 0x104) == 0) {
								E00418000( &_v424, "<program name unknown>");
							}
							_push(_t48);
							_t49 =  &_v424;
							if(E004142A0( &_v424) + 1 > 0x3c) {
								_t49 = E004142A0( &_v424) +  &_v424 - 0x3b;
								E00418180(E004142A0( &_v424) +  &_v424 - 0x3b, "...", 3);
								_t57 = _t57 + 0x10;
							}
							E00418000( &_v164, "Runtime Error!\n\nProgram: ");
							E00418010( &_v164, _t49);
							E00418010( &_v164, "\n\n");
							_t12 = _t54 + 0x422a7c; // 0x41bd34
							E00418010( &_v164,  *_t12);
							_t17 = E004180F0( &_v164, "Microsoft Visual C++ Runtime Library", 0x12010);
						}
					}
				}
				return _t17;
			}













                                                                                                                                                                    0x00417606
                                                                                                                                                                    0x0041760f
                                                                                                                                                                    0x00417612
                                                                                                                                                                    0x00417614
                                                                                                                                                                    0x00417619
                                                                                                                                                                    0x0041761d
                                                                                                                                                                    0x00417620
                                                                                                                                                                    0x00417626
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00417626
                                                                                                                                                                    0x0041762b
                                                                                                                                                                    0x0041762e
                                                                                                                                                                    0x00417634
                                                                                                                                                                    0x0041763a
                                                                                                                                                                    0x00417642
                                                                                                                                                                    0x00417733
                                                                                                                                                                    0x00417733
                                                                                                                                                                    0x0041773e
                                                                                                                                                                    0x00417750
                                                                                                                                                                    0x00417659
                                                                                                                                                                    0x0041765f
                                                                                                                                                                    0x0041767b
                                                                                                                                                                    0x00417689
                                                                                                                                                                    0x0041768f
                                                                                                                                                                    0x00417696
                                                                                                                                                                    0x00417698
                                                                                                                                                                    0x004176a8
                                                                                                                                                                    0x004176c3
                                                                                                                                                                    0x004176cb
                                                                                                                                                                    0x004176d0
                                                                                                                                                                    0x004176d0
                                                                                                                                                                    0x004176df
                                                                                                                                                                    0x004176ec
                                                                                                                                                                    0x004176fd
                                                                                                                                                                    0x00417702
                                                                                                                                                                    0x0041770f
                                                                                                                                                                    0x00417725
                                                                                                                                                                    0x0041772d
                                                                                                                                                                    0x0041765f
                                                                                                                                                                    0x00417642
                                                                                                                                                                    0x00417758

                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 00417673
                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F4,0041BD34,00000000,00000000,00000000,?), ref: 00417749
                                                                                                                                                                    • WriteFile.KERNEL32(00000000), ref: 00417750
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$HandleModuleNameWrite
                                                                                                                                                                    • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $x*B
                                                                                                                                                                    • API String ID: 3784150691-2083536112
                                                                                                                                                                    • Opcode ID: 9f3ee68eedca8c04870b7c4ba6519361572a149120d3a6d5458ca0bba870cf42
                                                                                                                                                                    • Instruction ID: d3223577c50248063a34d8f4d7298abe086d5d3d0ee639c6b3bd3f24b9ad2996
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f3ee68eedca8c04870b7c4ba6519361572a149120d3a6d5458ca0bba870cf42
                                                                                                                                                                    • Instruction Fuzzy Hash: 5931D2726002186FDF20DA60DD46FDA377DEF89304F5005ABF544D6181EB78AAC48B5D
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0041883C, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                                    			E0041883C(int _a4, char* _a8, int _a12, short* _a16, int _a20, int _a24, char _a28) {
				int _v8;
				intOrPtr _v20;
				short* _v28;
				short _v32;
				int _v36;
				short* _v40;
				void* _v56;
				int _t31;
				int _t32;
				int _t37;
				int _t43;
				int _t44;
				int _t45;
				void* _t53;
				short* _t60;
				int _t61;
				intOrPtr _t62;
				short* _t63;

				_push(0xffffffff);
				_push(0x41be20);
				_push(E004147FC);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t62;
				_t63 = _t62 - 0x18;
				_v28 = _t63;
				_t31 =  *0x423578; // 0x1
				if(_t31 != 0) {
					L6:
					if(_t31 != 2) {
						if(_t31 != 1) {
							goto L18;
						} else {
							if(_a20 == 0) {
								_t44 =  *0x42356c; // 0x0
								_a20 = _t44;
							}
							_t13 =  &_a28; // 0x4256e4
							asm("sbb eax, eax");
							_t37 = MultiByteToWideChar(_a20, ( ~( *_t13) & 0x00000008) + 1, _a8, _a12, 0, 0);
							_v36 = _t37;
							if(_t37 == 0) {
								goto L18;
							} else {
								_v8 = 0;
								E00413A90(_t37 + _t37 + 0x00000003 & 0x000000fc, _t53);
								_v28 = _t63;
								_t60 = _t63;
								_v40 = _t60;
								E00417B70(_t60, 0, _t37 + _t37);
								_v8 = _v8 | 0xffffffff;
								if(_t60 == 0) {
									goto L18;
								} else {
									_t43 = MultiByteToWideChar(_a20, 1, _a8, _a12, _t60, _v36);
									if(_t43 == 0) {
										goto L18;
									} else {
										_t32 = GetStringTypeW(_a4, _t60, _t43, _a16);
									}
								}
							}
						}
					} else {
						_t45 = _a24;
						if(_t45 == 0) {
							_t45 =  *0x42355c; // 0x0
						}
						_t32 = GetStringTypeA(_t45, _a4, _a8, _a12, _a16);
					}
				} else {
					_push( &_v32);
					_t61 = 1;
					if(GetStringTypeW(_t61, 0x41be00, _t61, ??) == 0) {
						if(GetStringTypeA(0, _t61, 0x41bdfc, _t61,  &_v32) == 0) {
							L18:
							_t32 = 0;
						} else {
							_t31 = 2;
							goto L5;
						}
					} else {
						_t31 = _t61;
						L5:
						 *0x423578 = _t31;
						goto L6;
					}
				}
				 *[fs:0x0] = _v20;
				return _t32;
			}





















                                                                                                                                                                    0x0041883f
                                                                                                                                                                    0x00418841
                                                                                                                                                                    0x00418846
                                                                                                                                                                    0x00418851
                                                                                                                                                                    0x00418852
                                                                                                                                                                    0x00418859
                                                                                                                                                                    0x0041885f
                                                                                                                                                                    0x00418862
                                                                                                                                                                    0x0041886b
                                                                                                                                                                    0x004188ab
                                                                                                                                                                    0x004188ae
                                                                                                                                                                    0x004188d7
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004188dd
                                                                                                                                                                    0x004188e0
                                                                                                                                                                    0x004188e2
                                                                                                                                                                    0x004188e7
                                                                                                                                                                    0x004188e7
                                                                                                                                                                    0x004188f2
                                                                                                                                                                    0x004188f7
                                                                                                                                                                    0x00418901
                                                                                                                                                                    0x00418907
                                                                                                                                                                    0x0041890c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041890e
                                                                                                                                                                    0x0041890e
                                                                                                                                                                    0x0041891b
                                                                                                                                                                    0x00418920
                                                                                                                                                                    0x00418923
                                                                                                                                                                    0x00418925
                                                                                                                                                                    0x0041892b
                                                                                                                                                                    0x00418940
                                                                                                                                                                    0x00418946
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00418948
                                                                                                                                                                    0x00418957
                                                                                                                                                                    0x0041895f
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00418961
                                                                                                                                                                    0x00418969
                                                                                                                                                                    0x00418969
                                                                                                                                                                    0x0041895f
                                                                                                                                                                    0x00418946
                                                                                                                                                                    0x0041890c
                                                                                                                                                                    0x004188b0
                                                                                                                                                                    0x004188b0
                                                                                                                                                                    0x004188b5
                                                                                                                                                                    0x004188b7
                                                                                                                                                                    0x004188b7
                                                                                                                                                                    0x004188c9
                                                                                                                                                                    0x004188c9
                                                                                                                                                                    0x0041886d
                                                                                                                                                                    0x00418870
                                                                                                                                                                    0x00418873
                                                                                                                                                                    0x00418883
                                                                                                                                                                    0x0041889d
                                                                                                                                                                    0x00418971
                                                                                                                                                                    0x00418971
                                                                                                                                                                    0x004188a3
                                                                                                                                                                    0x004188a5
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004188a5
                                                                                                                                                                    0x00418885
                                                                                                                                                                    0x00418885
                                                                                                                                                                    0x004188a6
                                                                                                                                                                    0x004188a6
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004188a6
                                                                                                                                                                    0x00418883
                                                                                                                                                                    0x00418979
                                                                                                                                                                    0x00418984

                                                                                                                                                                    APIs
                                                                                                                                                                    • GetStringTypeW.KERNEL32(00000001,0041BE00,00000001,?,74B070F0,004256E4,?,?,0041848E,?,?,?,00000000,00000001), ref: 0041887B
                                                                                                                                                                    • GetStringTypeA.KERNEL32(00000000,00000001,0041BDFC,00000001,?,?,0041848E,?,?,?,00000000,00000001), ref: 00418895
                                                                                                                                                                    • GetStringTypeA.KERNEL32(?,?,?,?,0041848E,74B070F0,004256E4,?,?,0041848E,?,?,?,00000000,00000001), ref: 004188C9
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,VB,?,?,00000000,00000000,74B070F0,004256E4,?,?,0041848E,?,?,?,00000000,00000001), ref: 00418901
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,0041848E,?), ref: 00418957
                                                                                                                                                                    • GetStringTypeW.KERNEL32(?,?,00000000,0041848E,?,?,?,?,?,?,0041848E,?), ref: 00418969
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: StringType$ByteCharMultiWide
                                                                                                                                                                    • String ID: VB
                                                                                                                                                                    • API String ID: 3852931651-2416070386
                                                                                                                                                                    • Opcode ID: f366ae1a1c4feb3856e7e49d67d86268e533ee02966d98845c911f14f75699a6
                                                                                                                                                                    • Instruction ID: 0deb4df31157d4fbbd2276260d368b45192e758527c12e7bc8b96f729eb23429
                                                                                                                                                                    • Opcode Fuzzy Hash: f366ae1a1c4feb3856e7e49d67d86268e533ee02966d98845c911f14f75699a6
                                                                                                                                                                    • Instruction Fuzzy Hash: 85418FB2A00209BFCF209F94DC86EEF7F79EB08754F10452AF915D2250C7389991DB99
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00417411, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 99%
                                                                                                                                                                    			E00417411() {
				void** _v8;
				struct _STARTUPINFOA _v76;
				signed int* _t48;
				signed int _t50;
				long _t55;
				signed int _t57;
				signed int _t58;
				int _t59;
				signed char _t63;
				signed int _t65;
				void** _t67;
				int _t68;
				int _t69;
				signed int* _t70;
				int _t72;
				intOrPtr* _t73;
				signed int* _t75;
				void* _t76;
				void* _t84;
				void* _t87;
				int _t88;
				signed int* _t89;
				void** _t90;
				signed int _t91;
				int* _t92;

				_t89 = E00413C35(0x480);
				if(_t89 == 0) {
					E004149DC(0x1b);
				}
				 *0x425920 = _t89;
				 *0x425a20 = 0x20;
				_t1 =  &(_t89[0x120]); // 0x480
				_t48 = _t1;
				while(_t89 < _t48) {
					_t89[1] = _t89[1] & 0x00000000;
					 *_t89 =  *_t89 | 0xffffffff;
					_t89[2] = _t89[2] & 0x00000000;
					_t89[1] = 0xa;
					_t70 =  *0x425920; // 0x2280630
					_t89 =  &(_t89[9]);
					_t48 =  &(_t70[0x120]);
				}
				GetStartupInfoA( &_v76);
				__eflags = _v76.cbReserved2;
				if(_v76.cbReserved2 == 0) {
					L25:
					_t72 = 0;
					__eflags = 0;
					do {
						_t75 =  *0x425920; // 0x2280630
						_t50 = _t72 + _t72 * 8;
						__eflags = _t75[_t50] - 0xffffffff;
						_t90 =  &(_t75[_t50]);
						if(_t75[_t50] != 0xffffffff) {
							_t45 =  &(_t90[1]);
							 *_t45 = _t90[1] | 0x00000080;
							__eflags =  *_t45;
							goto L37;
						}
						__eflags = _t72;
						_t90[1] = 0x81;
						if(_t72 != 0) {
							asm("sbb eax, eax");
							_t55 =  ~(_t72 - 1) + 0xfffffff5;
							__eflags = _t55;
						} else {
							_t55 = 0xfffffff6;
						}
						_t87 = GetStdHandle(_t55);
						__eflags = _t87 - 0xffffffff;
						if(_t87 == 0xffffffff) {
							L33:
							_t90[1] = _t90[1] | 0x00000040;
						} else {
							_t57 = GetFileType(_t87);
							__eflags = _t57;
							if(_t57 == 0) {
								goto L33;
							}
							_t58 = _t57 & 0x000000ff;
							 *_t90 = _t87;
							__eflags = _t58 - 2;
							if(_t58 != 2) {
								__eflags = _t58 - 3;
								if(_t58 == 3) {
									_t90[1] = _t90[1] | 0x00000008;
								}
								goto L37;
							}
							goto L33;
						}
						L37:
						_t72 = _t72 + 1;
						__eflags = _t72 - 3;
					} while (_t72 < 3);
					return SetHandleCount( *0x425a20);
				}
				_t59 = _v76.lpReserved2;
				__eflags = _t59;
				if(_t59 == 0) {
					goto L25;
				}
				_t88 =  *_t59;
				_t73 = _t59 + 4;
				_v8 = _t73 + _t88;
				__eflags = _t88 - 0x800;
				if(_t88 >= 0x800) {
					_t88 = 0x800;
				}
				__eflags =  *0x425a20 - _t88; // 0x20
				if(__eflags >= 0) {
					L18:
					_t91 = 0;
					__eflags = _t88;
					if(_t88 <= 0) {
						goto L25;
					} else {
						goto L19;
					}
					do {
						L19:
						_t76 =  *_v8;
						__eflags = _t76 - 0xffffffff;
						if(_t76 == 0xffffffff) {
							goto L24;
						}
						_t63 =  *_t73;
						__eflags = _t63 & 0x00000001;
						if((_t63 & 0x00000001) == 0) {
							goto L24;
						}
						__eflags = _t63 & 0x00000008;
						if((_t63 & 0x00000008) != 0) {
							L23:
							_t65 = _t91 & 0x0000001f;
							__eflags = _t65;
							_t67 =  &(0x425920[_t91 >> 5][_t65 + _t65 * 8]);
							 *_t67 =  *_v8;
							_t67[1] =  *_t73;
							goto L24;
						}
						_t68 = GetFileType(_t76);
						__eflags = _t68;
						if(_t68 == 0) {
							goto L24;
						}
						goto L23;
						L24:
						_v8 =  &(_v8[1]);
						_t91 = _t91 + 1;
						_t73 = _t73 + 1;
						__eflags = _t91 - _t88;
					} while (_t91 < _t88);
					goto L25;
				} else {
					_t92 = 0x425924;
					while(1) {
						_t69 = E00413C35(0x480);
						__eflags = _t69;
						if(_t69 == 0) {
							break;
						}
						 *0x425a20 =  *0x425a20 + 0x20;
						__eflags =  *0x425a20;
						 *_t92 = _t69;
						_t13 = _t69 + 0x480; // 0x480
						_t84 = _t13;
						while(1) {
							__eflags = _t69 - _t84;
							if(_t69 >= _t84) {
								break;
							}
							 *(_t69 + 4) =  *(_t69 + 4) & 0x00000000;
							 *_t69 =  *_t69 | 0xffffffff;
							 *(_t69 + 8) =  *(_t69 + 8) & 0x00000000;
							 *((char*)(_t69 + 5)) = 0xa;
							_t69 = _t69 + 0x24;
							_t84 =  *_t92 + 0x480;
						}
						_t92 =  &(_t92[1]);
						__eflags =  *0x425a20 - _t88; // 0x20
						if(__eflags < 0) {
							continue;
						}
						goto L18;
					}
					_t88 =  *0x425a20; // 0x20
					goto L18;
				}
			}




























                                                                                                                                                                    0x00417424
                                                                                                                                                                    0x00417429
                                                                                                                                                                    0x0041742d
                                                                                                                                                                    0x00417432
                                                                                                                                                                    0x00417433
                                                                                                                                                                    0x00417439
                                                                                                                                                                    0x00417443
                                                                                                                                                                    0x00417443
                                                                                                                                                                    0x00417449
                                                                                                                                                                    0x0041744d
                                                                                                                                                                    0x00417451
                                                                                                                                                                    0x00417454
                                                                                                                                                                    0x00417458
                                                                                                                                                                    0x0041745c
                                                                                                                                                                    0x00417461
                                                                                                                                                                    0x00417464
                                                                                                                                                                    0x00417464
                                                                                                                                                                    0x0041746f
                                                                                                                                                                    0x00417475
                                                                                                                                                                    0x0041747a
                                                                                                                                                                    0x00417551
                                                                                                                                                                    0x00417551
                                                                                                                                                                    0x00417551
                                                                                                                                                                    0x00417553
                                                                                                                                                                    0x00417553
                                                                                                                                                                    0x00417559
                                                                                                                                                                    0x0041755c
                                                                                                                                                                    0x00417560
                                                                                                                                                                    0x00417563
                                                                                                                                                                    0x004175b2
                                                                                                                                                                    0x004175b2
                                                                                                                                                                    0x004175b2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004175b2
                                                                                                                                                                    0x00417565
                                                                                                                                                                    0x00417567
                                                                                                                                                                    0x0041756b
                                                                                                                                                                    0x00417577
                                                                                                                                                                    0x00417579
                                                                                                                                                                    0x00417579
                                                                                                                                                                    0x0041756d
                                                                                                                                                                    0x0041756f
                                                                                                                                                                    0x0041756f
                                                                                                                                                                    0x00417583
                                                                                                                                                                    0x00417585
                                                                                                                                                                    0x00417588
                                                                                                                                                                    0x004175a1
                                                                                                                                                                    0x004175a1
                                                                                                                                                                    0x0041758a
                                                                                                                                                                    0x0041758b
                                                                                                                                                                    0x00417591
                                                                                                                                                                    0x00417593
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00417595
                                                                                                                                                                    0x0041759a
                                                                                                                                                                    0x0041759c
                                                                                                                                                                    0x0041759f
                                                                                                                                                                    0x004175a7
                                                                                                                                                                    0x004175aa
                                                                                                                                                                    0x004175ac
                                                                                                                                                                    0x004175ac
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004175aa
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041759f
                                                                                                                                                                    0x004175b6
                                                                                                                                                                    0x004175b6
                                                                                                                                                                    0x004175b7
                                                                                                                                                                    0x004175b7
                                                                                                                                                                    0x004175cc
                                                                                                                                                                    0x004175cc
                                                                                                                                                                    0x00417480
                                                                                                                                                                    0x00417483
                                                                                                                                                                    0x00417485
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041748b
                                                                                                                                                                    0x0041748d
                                                                                                                                                                    0x00417493
                                                                                                                                                                    0x0041749b
                                                                                                                                                                    0x0041749d
                                                                                                                                                                    0x0041749f
                                                                                                                                                                    0x0041749f
                                                                                                                                                                    0x004174a1
                                                                                                                                                                    0x004174a7
                                                                                                                                                                    0x004174ff
                                                                                                                                                                    0x004174ff
                                                                                                                                                                    0x00417501
                                                                                                                                                                    0x00417503
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00417505
                                                                                                                                                                    0x00417505
                                                                                                                                                                    0x00417508
                                                                                                                                                                    0x0041750a
                                                                                                                                                                    0x0041750d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041750f
                                                                                                                                                                    0x00417511
                                                                                                                                                                    0x00417513
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00417515
                                                                                                                                                                    0x00417517
                                                                                                                                                                    0x00417524
                                                                                                                                                                    0x0041752b
                                                                                                                                                                    0x0041752b
                                                                                                                                                                    0x00417538
                                                                                                                                                                    0x00417540
                                                                                                                                                                    0x00417544
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00417544
                                                                                                                                                                    0x0041751a
                                                                                                                                                                    0x00417520
                                                                                                                                                                    0x00417522
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00417547
                                                                                                                                                                    0x00417547
                                                                                                                                                                    0x0041754b
                                                                                                                                                                    0x0041754c
                                                                                                                                                                    0x0041754d
                                                                                                                                                                    0x0041754d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004174a9
                                                                                                                                                                    0x004174a9
                                                                                                                                                                    0x004174ae
                                                                                                                                                                    0x004174b3
                                                                                                                                                                    0x004174b8
                                                                                                                                                                    0x004174bb
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004174bd
                                                                                                                                                                    0x004174bd
                                                                                                                                                                    0x004174c4
                                                                                                                                                                    0x004174c6
                                                                                                                                                                    0x004174c6
                                                                                                                                                                    0x004174cc
                                                                                                                                                                    0x004174cc
                                                                                                                                                                    0x004174ce
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004174d0
                                                                                                                                                                    0x004174d4
                                                                                                                                                                    0x004174d7
                                                                                                                                                                    0x004174db
                                                                                                                                                                    0x004174e1
                                                                                                                                                                    0x004174e4
                                                                                                                                                                    0x004174e4
                                                                                                                                                                    0x004174ec
                                                                                                                                                                    0x004174ef
                                                                                                                                                                    0x004174f5
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004174f7
                                                                                                                                                                    0x004174f9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004174f9

                                                                                                                                                                    APIs
                                                                                                                                                                    • GetStartupInfoA.KERNEL32(?), ref: 0041746F
                                                                                                                                                                    • GetFileType.KERNEL32(?,?,00000000), ref: 0041751A
                                                                                                                                                                    • GetStdHandle.KERNEL32(-000000F6,?,00000000), ref: 0041757D
                                                                                                                                                                    • GetFileType.KERNEL32(00000000,?,00000000), ref: 0041758B
                                                                                                                                                                    • SetHandleCount.KERNEL32 ref: 004175C2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileHandleType$CountInfoStartup
                                                                                                                                                                    • String ID: $YB
                                                                                                                                                                    • API String ID: 1710529072-867103119
                                                                                                                                                                    • Opcode ID: 0f20f78b1d243ceb825b791af9b59c2038ed572102f9f62c4ccf998fd163e942
                                                                                                                                                                    • Instruction ID: 9157860cf2e7af3a35f89051d0ae9de0bf945cd889ae2d4a6076f2c4651d7c80
                                                                                                                                                                    • Opcode Fuzzy Hash: 0f20f78b1d243ceb825b791af9b59c2038ed572102f9f62c4ccf998fd163e942
                                                                                                                                                                    • Instruction Fuzzy Hash: B75135716086019FC720CF28D8897B63BB1EB05338F64466EC566CB6E0DB38C986C75D
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00415680, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                                    			E00415680(void* __ecx, void* __eflags) {
				char _v8;
				struct _OSVERSIONINFOA _v156;
				char _v416;
				char _v4656;
				void* _t24;
				CHAR* _t32;
				void* _t33;
				intOrPtr* _t34;
				void* _t35;
				char _t36;
				char _t38;
				void* _t40;
				char* _t44;
				char* _t45;
				char* _t50;

				E00413A90(0x122c, __ecx);
				_v156.dwOSVersionInfoSize = 0x94;
				if(GetVersionExA( &_v156) != 0 && _v156.dwPlatformId == 2 && _v156.dwMajorVersion >= 5) {
					_t40 = 1;
					return _t40;
				}
				if(GetEnvironmentVariableA("__MSVCRT_HEAP_SELECT",  &_v4656, 0x1090) == 0) {
					L28:
					_t24 = E00415653( &_v8);
					asm("sbb eax, eax");
					return _t24 + 3;
				}
				_t44 =  &_v4656;
				if(_v4656 != 0) {
					do {
						_t38 =  *_t44;
						if(_t38 >= 0x61 && _t38 <= 0x7a) {
							 *_t44 = _t38 - 0x20;
						}
						_t44 = _t44 + 1;
					} while ( *_t44 != 0);
				}
				if(E00417B30("__GLOBAL_HEAP_SELECTED",  &_v4656, 0x16) != 0) {
					GetModuleFileNameA(0,  &_v416, 0x104);
					_t45 =  &_v416;
					if(_v416 != 0) {
						do {
							_t36 =  *_t45;
							if(_t36 >= 0x61 && _t36 <= 0x7a) {
								 *_t45 = _t36 - 0x20;
							}
							_t45 = _t45 + 1;
						} while ( *_t45 != 0);
					}
					_t32 = E00417AB0( &_v4656,  &_v416);
				} else {
					_t32 =  &_v4656;
				}
				if(_t32 == 0) {
					goto L28;
				}
				_t33 = E004179F0(_t32, 0x2c);
				if(_t33 == 0) {
					goto L28;
				}
				_t34 = _t33 + 1;
				_t50 = _t34;
				if( *_t34 != 0) {
					do {
						if( *_t50 != 0x3b) {
							_t50 = _t50 + 1;
						} else {
							 *_t50 = 0;
						}
					} while ( *_t50 != 0);
				}
				_t35 = E004177C0(_t34, 0, 0xa);
				if(_t35 != 2 && _t35 != 3 && _t35 != 1) {
					goto L28;
				}
				return _t35;
			}


















                                                                                                                                                                    0x00415688
                                                                                                                                                                    0x00415695
                                                                                                                                                                    0x004156a7
                                                                                                                                                                    0x004156bd
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004156bd
                                                                                                                                                                    0x004156dc
                                                                                                                                                                    0x004157b2
                                                                                                                                                                    0x004157b6
                                                                                                                                                                    0x004157c0
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004157c2
                                                                                                                                                                    0x004156e4
                                                                                                                                                                    0x004156f0
                                                                                                                                                                    0x004156f2
                                                                                                                                                                    0x004156f2
                                                                                                                                                                    0x004156f6
                                                                                                                                                                    0x004156fe
                                                                                                                                                                    0x004156fe
                                                                                                                                                                    0x00415700
                                                                                                                                                                    0x00415701
                                                                                                                                                                    0x004156f2
                                                                                                                                                                    0x0041571d
                                                                                                                                                                    0x00415734
                                                                                                                                                                    0x00415740
                                                                                                                                                                    0x00415746
                                                                                                                                                                    0x00415748
                                                                                                                                                                    0x00415748
                                                                                                                                                                    0x0041574c
                                                                                                                                                                    0x00415754
                                                                                                                                                                    0x00415754
                                                                                                                                                                    0x00415756
                                                                                                                                                                    0x00415757
                                                                                                                                                                    0x00415748
                                                                                                                                                                    0x00415769
                                                                                                                                                                    0x0041571f
                                                                                                                                                                    0x0041571f
                                                                                                                                                                    0x0041571f
                                                                                                                                                                    0x00415772
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00415777
                                                                                                                                                                    0x00415780
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00415782
                                                                                                                                                                    0x00415783
                                                                                                                                                                    0x00415787
                                                                                                                                                                    0x00415789
                                                                                                                                                                    0x0041578c
                                                                                                                                                                    0x00415792
                                                                                                                                                                    0x0041578e
                                                                                                                                                                    0x0041578e
                                                                                                                                                                    0x0041578e
                                                                                                                                                                    0x00415793
                                                                                                                                                                    0x00415789
                                                                                                                                                                    0x0041579b
                                                                                                                                                                    0x004157a6
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004157c7

                                                                                                                                                                    APIs
                                                                                                                                                                    • GetVersionExA.KERNEL32 ref: 0041569F
                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 004156D4
                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00415734
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                                                                                                    • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                                                                                                    • API String ID: 1385375860-4131005785
                                                                                                                                                                    • Opcode ID: 352f7edc9f3896d13c070371f2d33d0b51665e116eb32c5a0d287e401f1eefe3
                                                                                                                                                                    • Instruction ID: 6eb182bd46f731c3af8b1d07a07b8df2d0194a1b299ff80343aa6f034c3c884c
                                                                                                                                                                    • Opcode Fuzzy Hash: 352f7edc9f3896d13c070371f2d33d0b51665e116eb32c5a0d287e401f1eefe3
                                                                                                                                                                    • Instruction Fuzzy Hash: 56312671945648EDEB3186706C87BDF3B788B46704F6400DBD199D52C2E6398ECA8B2D
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00404908, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36filetimeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00404908(WCHAR* __ecx, FILETIME* __edx, FILETIME* _a4, FILETIME* _a8) {
				signed int _t10;
				FILETIME* _t13;
				void* _t15;
				void* _t17;

				_t10 = 0;
				_t17 =  *0x423168 - _t10; // 0x1
				_t13 = __edx;
				if(_t17 != 0) {
					_t15 = CreateFileW(__ecx, 0x40000000, 3, 0, 3, 0x2000000, 0);
					if(_t15 != 0xffffffff) {
						_t10 = 0 | SetFileTime(_t15, _t13, _a4, _a8) != 0x00000000;
						CloseHandle(_t15);
					}
					return _t10;
				}
				SetLastError(0x78);
				return 0;
			}







                                                                                                                                                                    0x00404909
                                                                                                                                                                    0x0040490b
                                                                                                                                                                    0x00404912
                                                                                                                                                                    0x00404914
                                                                                                                                                                    0x0040493a
                                                                                                                                                                    0x0040493f
                                                                                                                                                                    0x00404954
                                                                                                                                                                    0x00404957
                                                                                                                                                                    0x00404957
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040495f
                                                                                                                                                                    0x00404918
                                                                                                                                                                    0x00000000

                                                                                                                                                                    APIs
                                                                                                                                                                    • SetLastError.KERNEL32(00000078,.@,00000000,00402AB0,00000000,?,?,?,?), ref: 00404918
                                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,.@,00000000,00402AB0,00000000,?,?,?,?), ref: 00404934
                                                                                                                                                                    • SetFileTime.KERNEL32(00000000,00000000,?,?,?,40000000,00000003,00000000,00000003,02000000,00000000,?,.@,00000000,00402AB0,00000000), ref: 0040494B
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,40000000,00000003,00000000,00000003,02000000,00000000,?,.@,00000000,00402AB0,00000000,?,?,?), ref: 00404957
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: File$CloseCreateErrorHandleLastTime
                                                                                                                                                                    • String ID: .@
                                                                                                                                                                    • API String ID: 2291555494-2582305824
                                                                                                                                                                    • Opcode ID: 134b82ee1bee937397c61f831c6e8a998fcbb54d8f51f8998ece3d2421389dbd
                                                                                                                                                                    • Instruction ID: b13e78268552c33248838deebc4f257ca571263cc4fefdaa9dfe176c52576776
                                                                                                                                                                    • Opcode Fuzzy Hash: 134b82ee1bee937397c61f831c6e8a998fcbb54d8f51f8998ece3d2421389dbd
                                                                                                                                                                    • Instruction Fuzzy Hash: 66F0E2B12812107BE2201B74BC48F9B6E5CDBCA715F108135B661A21E0C3284D19D7B8
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00403A90, Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                                    			E00403A90(signed int __ecx) {
				short _v6;
				char _v12;
				short _t12;
				short _t27;
				int _t29;
				void* _t30;

				_push(__ecx);
				_push(__ecx);
				_v6 = __ecx;
				if(__ecx != 0) {
					_t27 = CharUpperW(__ecx & 0x0000ffff);
					if(_t27 != 0 || GetLastError() != 0x78) {
						_t12 = _t27;
					} else {
						_t29 = WideCharToMultiByte(0, 0,  &_v6, 1,  &_v12, 4, 0, 0);
						if(_t29 != 0 && _t29 <= 4) {
							 *((char*)(_t30 + _t29 - 8)) = 0;
							CharUpperA( &_v12);
							MultiByteToWideChar(0, 0,  &_v12, _t29,  &_v6, 1);
						}
						_t12 = _v6;
					}
				} else {
					_t12 = 0;
				}
				return _t12;
			}









                                                                                                                                                                    0x00403a93
                                                                                                                                                                    0x00403a94
                                                                                                                                                                    0x00403a9c
                                                                                                                                                                    0x00403aa0
                                                                                                                                                                    0x00403ab1
                                                                                                                                                                    0x00403ab5
                                                                                                                                                                    0x00403b0a
                                                                                                                                                                    0x00403ac2
                                                                                                                                                                    0x00403ad8
                                                                                                                                                                    0x00403adc
                                                                                                                                                                    0x00403ae6
                                                                                                                                                                    0x00403aeb
                                                                                                                                                                    0x00403afe
                                                                                                                                                                    0x00403afe
                                                                                                                                                                    0x00403b04
                                                                                                                                                                    0x00403b04
                                                                                                                                                                    0x00403aa2
                                                                                                                                                                    0x00403aa2
                                                                                                                                                                    0x00403aa2
                                                                                                                                                                    0x00403b10

                                                                                                                                                                    APIs
                                                                                                                                                                    • CharUpperW.USER32(00000000,00000000,?,00000000,00000000,?,00403B58), ref: 00403AAB
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,00403B58), ref: 00403AB7
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,?,00000004,00000000,00000000,?,00000000,00000000,?,00403B58), ref: 00403AD2
                                                                                                                                                                    • CharUpperA.USER32(?,?,00000000,00000000,?,00403B58), ref: 00403AEB
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,?,00000001,?,00000000,00000000,?,00403B58), ref: 00403AFE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Char$ByteMultiUpperWide$ErrorLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3939315453-0
                                                                                                                                                                    • Opcode ID: 7c2300f256f82e2aee6372cd28c35fbf20af8ddddc15953858da8d33bcd8cfd2
                                                                                                                                                                    • Instruction ID: dd72d820dddc2be4d64e736f5eaa813d5c8cd4bb6d440344005d5656a272e87c
                                                                                                                                                                    • Opcode Fuzzy Hash: 7c2300f256f82e2aee6372cd28c35fbf20af8ddddc15953858da8d33bcd8cfd2
                                                                                                                                                                    • Instruction Fuzzy Hash: D60144B64002187ADB10ABE49C89DEBBE7CEB04259F014472F952E2281E2796E4487A8
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004152F3, Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E004152F3() {
				void _t10;
				long _t15;
				void* _t16;

				_t15 = GetLastError();
				_t16 = TlsGetValue( *0x420760);
				if(_t16 == 0) {
					_t16 = E00416CCC(1, 0x74);
					if(_t16 == 0 || TlsSetValue( *0x420760, _t16) == 0) {
						E004149DC(0x10);
					} else {
						E004152E0(_t16);
						_t10 = GetCurrentThreadId();
						 *(_t16 + 4) =  *(_t16 + 4) | 0xffffffff;
						 *_t16 = _t10;
					}
				}
				SetLastError(_t15);
				return _t16;
			}






                                                                                                                                                                    0x00415301
                                                                                                                                                                    0x00415309
                                                                                                                                                                    0x0041530d
                                                                                                                                                                    0x00415318
                                                                                                                                                                    0x0041531e
                                                                                                                                                                    0x00415348
                                                                                                                                                                    0x00415331
                                                                                                                                                                    0x00415332
                                                                                                                                                                    0x00415338
                                                                                                                                                                    0x0041533e
                                                                                                                                                                    0x00415342
                                                                                                                                                                    0x00415342
                                                                                                                                                                    0x0041531e
                                                                                                                                                                    0x0041534f
                                                                                                                                                                    0x00415359

                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(00000103,7FFFFFFF,00416CBF,0041798E,00000000,?,?,00000000,00000001), ref: 004152F5
                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 00415303
                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 0041534F
                                                                                                                                                                      • Part of subcall function 00416CCC: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,00415318,00000001,00000074,?,?,00000000,00000001), ref: 00416DC2
                                                                                                                                                                    • TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 00415327
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00415338
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastValue$AllocCurrentHeapThread
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2020098873-0
                                                                                                                                                                    • Opcode ID: 9020ed6c5573c52789434ca8060b3935b73b18465b1892a80f2ba475462c6b54
                                                                                                                                                                    • Instruction ID: c348f308811c55cc6791f5f2c72cac7d5a6c02788d8c3db17f30136ca92006f7
                                                                                                                                                                    • Opcode Fuzzy Hash: 9020ed6c5573c52789434ca8060b3935b73b18465b1892a80f2ba475462c6b54
                                                                                                                                                                    • Instruction Fuzzy Hash: B4F09632600615ABC6312B70AC096DB3A51EB857E1B15413AF951972A0DB78888197DD
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0041843D, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • InterlockedIncrement.KERNEL32(004256E4), ref: 00418463
                                                                                                                                                                    • InterlockedDecrement.KERNEL32(004256E4), ref: 00418478
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Interlocked$DecrementIncrement
                                                                                                                                                                    • String ID: VB
                                                                                                                                                                    • API String ID: 2172605799-2416070386
                                                                                                                                                                    • Opcode ID: 3f0e7dfc381ab69d5717ddb5ba06b4fa70db5411652d110c580bb33579a080f3
                                                                                                                                                                    • Instruction ID: b2465ecea32c92352f716010131fb348419f683e9d2febfe3e70f5b1b578e6df
                                                                                                                                                                    • Opcode Fuzzy Hash: 3f0e7dfc381ab69d5717ddb5ba06b4fa70db5411652d110c580bb33579a080f3
                                                                                                                                                                    • Instruction Fuzzy Hash: 35F0C232201612EBD720AF56ECC19CF6755EB81326F50843FF00989190DF7899C2995E
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0041435F, Relevance: 6.5, APIs: 5, Instructions: 278COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                                    			E0041435F(void* _a4, long _a8) {
				signed int _v8;
				intOrPtr _v20;
				long _v36;
				void* _v40;
				intOrPtr _v44;
				char _v48;
				long _v52;
				long _v56;
				char _v60;
				intOrPtr _t56;
				void* _t57;
				long _t58;
				long _t59;
				long _t63;
				long _t66;
				long _t68;
				long _t71;
				long _t72;
				long _t74;
				long _t78;
				intOrPtr _t80;
				void* _t83;
				long _t85;
				long _t88;
				void* _t89;
				long _t91;
				intOrPtr _t93;
				void* _t97;
				void* _t104;
				long _t113;
				long _t116;
				intOrPtr _t122;
				void* _t123;

				_push(0xffffffff);
				_push(0x41b9c0);
				_push(E004147FC);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t122;
				_t123 = _t122 - 0x28;
				_t97 = _a4;
				_t113 = 0;
				if(_t97 != 0) {
					_t116 = _a8;
					__eflags = _t116;
					if(_t116 != 0) {
						_t56 =  *0x425a58; // 0x1
						__eflags = _t56 - 3;
						if(_t56 != 3) {
							__eflags = _t56 - 2;
							if(_t56 != 2) {
								while(1) {
									_t57 = 0;
									__eflags = _t116 - 0xffffffe0;
									if(_t116 <= 0xffffffe0) {
										__eflags = _t116 - _t113;
										if(_t116 == _t113) {
											_t116 = 1;
										}
										_t116 = _t116 + 0x0000000f & 0xfffffff0;
										__eflags = _t116;
										_t57 = HeapReAlloc( *0x425a54, _t113, _t97, _t116);
									}
									__eflags = _t57 - _t113;
									if(_t57 != _t113) {
										goto L64;
									}
									__eflags =  *0x4233d4 - _t113; // 0x0
									if(__eflags == 0) {
										goto L64;
									}
									_t58 = E00415638(_t116);
									__eflags = _t58;
									if(_t58 != 0) {
										continue;
									}
									goto L63;
								}
								goto L64;
							}
							__eflags = _t116 - 0xffffffe0;
							if(_t116 <= 0xffffffe0) {
								__eflags = _t116;
								if(_t116 <= 0) {
									_t116 = 0x10;
								} else {
									_t116 = _t116 + 0x0000000f & 0xfffffff0;
								}
								_a8 = _t116;
							}
							while(1) {
								_v40 = _t113;
								__eflags = _t116 - 0xffffffe0;
								if(_t116 <= 0xffffffe0) {
									E004154DA(9);
									_pop(_t104);
									_v8 = 1;
									_t63 = E004165C8(_t97,  &_v60,  &_v48);
									_t123 = _t123 + 0xc;
									_t113 = _t63;
									_v52 = _t113;
									__eflags = _t113;
									if(_t113 == 0) {
										_v40 = HeapReAlloc( *0x425a54, 0, _t97, _t116);
									} else {
										__eflags = _t116 -  *0x42285c; // 0x1e0
										if(__eflags < 0) {
											_t100 = _t116 >> 4;
											_t71 = E00416990(_t104, _v60, _v48, _t113, _t116 >> 4);
											_t123 = _t123 + 0x10;
											__eflags = _t71;
											if(_t71 == 0) {
												_t72 = E00416664(_t104, _t100);
												_v40 = _t72;
												__eflags = _t72;
												if(_t72 != 0) {
													_t74 = ( *_t113 & 0x000000ff) << 4;
													_v56 = _t74;
													__eflags = _t74 - _t116;
													if(_t74 >= _t116) {
														_t74 = _t116;
													}
													E00413E60(_v40, _a4, _t74);
													E0041661F(_v60, _v48, _t113);
													_t123 = _t123 + 0x18;
												}
											} else {
												_v40 = _a4;
											}
											_t97 = _a4;
										}
										__eflags = _v40;
										if(_v40 == 0) {
											_t66 = HeapAlloc( *0x425a54, 0, _t116);
											_v40 = _t66;
											__eflags = _t66;
											if(_t66 != 0) {
												_t68 = ( *_t113 & 0x000000ff) << 4;
												_v56 = _t68;
												__eflags = _t68 - _t116;
												if(_t68 >= _t116) {
													_t68 = _t116;
												}
												E00413E60(_v40, _t97, _t68);
												E0041661F(_v60, _v48, _t113);
												_t123 = _t123 + 0x18;
											}
										}
									}
									_t51 =  &_v8;
									 *_t51 = _v8 | 0xffffffff;
									__eflags =  *_t51;
									E00414638();
								}
								_t57 = _v40;
								__eflags = _t57 - _t113;
								if(_t57 != _t113) {
									goto L64;
								}
								__eflags =  *0x4233d4 - _t113; // 0x0
								if(__eflags == 0) {
									goto L64;
								}
								_t59 = E00415638(_t116);
								__eflags = _t59;
								if(_t59 != 0) {
									continue;
								}
								goto L63;
							}
							goto L64;
						} else {
							goto L5;
						}
						do {
							L5:
							_v40 = _t113;
							__eflags = _t116 - 0xffffffe0;
							if(_t116 > 0xffffffe0) {
								L25:
								_t57 = _v40;
								__eflags = _t57 - _t113;
								if(_t57 != _t113) {
									goto L64;
								}
								__eflags =  *0x4233d4 - _t113; // 0x0
								if(__eflags == 0) {
									goto L64;
								}
								goto L27;
							}
							E004154DA(9);
							_v8 = _t113;
							_t80 = E0041586D(_t97);
							_v44 = _t80;
							__eflags = _t80 - _t113;
							if(_t80 == _t113) {
								L21:
								_v8 = _v8 | 0xffffffff;
								E004144EA();
								__eflags = _v44 - _t113;
								if(_v44 == _t113) {
									__eflags = _t116 - _t113;
									if(_t116 == _t113) {
										_t116 = 1;
									}
									_t116 = _t116 + 0x0000000f & 0xfffffff0;
									__eflags = _t116;
									_a8 = _t116;
									_v40 = HeapReAlloc( *0x425a54, _t113, _t97, _t116);
								}
								goto L25;
							}
							__eflags = _t116 -  *0x425a50; // 0x0
							if(__eflags <= 0) {
								_push(_t116);
								_push(_t97);
								_push(_t80);
								_t88 = E00416076();
								_t123 = _t123 + 0xc;
								__eflags = _t88;
								if(_t88 == 0) {
									_push(_t116);
									_t89 = E00415BC1();
									_v40 = _t89;
									__eflags = _t89 - _t113;
									if(_t89 != _t113) {
										_t91 =  *((intOrPtr*)(_t97 - 4)) - 1;
										_v36 = _t91;
										__eflags = _t91 - _t116;
										if(_t91 >= _t116) {
											_t91 = _t116;
										}
										E00413E60(_v40, _t97, _t91);
										_t93 = E0041586D(_t97);
										_v44 = _t93;
										_push(_t97);
										_push(_t93);
										E00415898();
										_t123 = _t123 + 0x18;
									}
								} else {
									_v40 = _t97;
								}
							}
							__eflags = _v40 - _t113;
							if(_v40 == _t113) {
								__eflags = _t116 - _t113;
								if(_t116 == _t113) {
									_t116 = 1;
									_a8 = _t116;
								}
								_t116 = _t116 + 0x0000000f & 0xfffffff0;
								_a8 = _t116;
								_t83 = HeapAlloc( *0x425a54, _t113, _t116);
								_v40 = _t83;
								__eflags = _t83 - _t113;
								if(_t83 != _t113) {
									_t85 =  *((intOrPtr*)(_t97 - 4)) - 1;
									_v36 = _t85;
									__eflags = _t85 - _t116;
									if(_t85 >= _t116) {
										_t85 = _t116;
									}
									E00413E60(_v40, _t97, _t85);
									_push(_t97);
									_push(_v44);
									E00415898();
									_t123 = _t123 + 0x14;
								}
							}
							goto L21;
							L27:
							_t78 = E00415638(_t116);
							__eflags = _t78;
						} while (_t78 != 0);
						goto L63;
					} else {
						E00413D6F(_t97);
						L63:
						_t57 = 0;
						__eflags = 0;
						goto L64;
					}
				} else {
					_t57 = E00413C35(_a8);
					L64:
					 *[fs:0x0] = _v20;
					return _t57;
				}
			}




































                                                                                                                                                                    0x00414362
                                                                                                                                                                    0x00414364
                                                                                                                                                                    0x00414369
                                                                                                                                                                    0x00414374
                                                                                                                                                                    0x00414375
                                                                                                                                                                    0x0041437c
                                                                                                                                                                    0x00414382
                                                                                                                                                                    0x00414385
                                                                                                                                                                    0x00414389
                                                                                                                                                                    0x00414399
                                                                                                                                                                    0x0041439c
                                                                                                                                                                    0x0041439e
                                                                                                                                                                    0x004143ac
                                                                                                                                                                    0x004143b1
                                                                                                                                                                    0x004143b4
                                                                                                                                                                    0x004144f3
                                                                                                                                                                    0x004144f6
                                                                                                                                                                    0x00414643
                                                                                                                                                                    0x00414643
                                                                                                                                                                    0x00414645
                                                                                                                                                                    0x00414648
                                                                                                                                                                    0x0041464a
                                                                                                                                                                    0x0041464c
                                                                                                                                                                    0x00414650
                                                                                                                                                                    0x00414650
                                                                                                                                                                    0x00414654
                                                                                                                                                                    0x00414654
                                                                                                                                                                    0x00414660
                                                                                                                                                                    0x00414660
                                                                                                                                                                    0x00414666
                                                                                                                                                                    0x00414668
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041466a
                                                                                                                                                                    0x00414670
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00414673
                                                                                                                                                                    0x00414679
                                                                                                                                                                    0x0041467b
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041467b
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00414643
                                                                                                                                                                    0x004144fc
                                                                                                                                                                    0x004144ff
                                                                                                                                                                    0x00414501
                                                                                                                                                                    0x00414503
                                                                                                                                                                    0x0041450f
                                                                                                                                                                    0x00414505
                                                                                                                                                                    0x00414508
                                                                                                                                                                    0x00414508
                                                                                                                                                                    0x00414510
                                                                                                                                                                    0x00414510
                                                                                                                                                                    0x00414513
                                                                                                                                                                    0x00414513
                                                                                                                                                                    0x00414516
                                                                                                                                                                    0x00414519
                                                                                                                                                                    0x00414521
                                                                                                                                                                    0x00414526
                                                                                                                                                                    0x00414527
                                                                                                                                                                    0x00414537
                                                                                                                                                                    0x0041453c
                                                                                                                                                                    0x0041453f
                                                                                                                                                                    0x00414541
                                                                                                                                                                    0x00414544
                                                                                                                                                                    0x00414546
                                                                                                                                                                    0x00414606
                                                                                                                                                                    0x0041454c
                                                                                                                                                                    0x0041454c
                                                                                                                                                                    0x00414552
                                                                                                                                                                    0x00414556
                                                                                                                                                                    0x00414561
                                                                                                                                                                    0x00414566
                                                                                                                                                                    0x00414569
                                                                                                                                                                    0x0041456b
                                                                                                                                                                    0x00414576
                                                                                                                                                                    0x0041457c
                                                                                                                                                                    0x0041457f
                                                                                                                                                                    0x00414581
                                                                                                                                                                    0x00414586
                                                                                                                                                                    0x00414589
                                                                                                                                                                    0x0041458c
                                                                                                                                                                    0x0041458e
                                                                                                                                                                    0x00414590
                                                                                                                                                                    0x00414590
                                                                                                                                                                    0x00414599
                                                                                                                                                                    0x004145a5
                                                                                                                                                                    0x004145aa
                                                                                                                                                                    0x004145aa
                                                                                                                                                                    0x0041456d
                                                                                                                                                                    0x00414570
                                                                                                                                                                    0x00414570
                                                                                                                                                                    0x004145ad
                                                                                                                                                                    0x004145ad
                                                                                                                                                                    0x004145b0
                                                                                                                                                                    0x004145b4
                                                                                                                                                                    0x004145bf
                                                                                                                                                                    0x004145c5
                                                                                                                                                                    0x004145c8
                                                                                                                                                                    0x004145ca
                                                                                                                                                                    0x004145cf
                                                                                                                                                                    0x004145d2
                                                                                                                                                                    0x004145d5
                                                                                                                                                                    0x004145d7
                                                                                                                                                                    0x004145d9
                                                                                                                                                                    0x004145d9
                                                                                                                                                                    0x004145e0
                                                                                                                                                                    0x004145ec
                                                                                                                                                                    0x004145f1
                                                                                                                                                                    0x004145f1
                                                                                                                                                                    0x004145ca
                                                                                                                                                                    0x004145b4
                                                                                                                                                                    0x00414609
                                                                                                                                                                    0x00414609
                                                                                                                                                                    0x00414609
                                                                                                                                                                    0x0041460d
                                                                                                                                                                    0x0041460d
                                                                                                                                                                    0x00414612
                                                                                                                                                                    0x00414615
                                                                                                                                                                    0x00414617
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00414619
                                                                                                                                                                    0x0041461f
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00414622
                                                                                                                                                                    0x00414628
                                                                                                                                                                    0x0041462a
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00414630
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004143ba
                                                                                                                                                                    0x004143ba
                                                                                                                                                                    0x004143ba
                                                                                                                                                                    0x004143bd
                                                                                                                                                                    0x004143c0
                                                                                                                                                                    0x004144b7
                                                                                                                                                                    0x004144b7
                                                                                                                                                                    0x004144ba
                                                                                                                                                                    0x004144bc
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004144c2
                                                                                                                                                                    0x004144c8
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004144c8
                                                                                                                                                                    0x004143c8
                                                                                                                                                                    0x004143ce
                                                                                                                                                                    0x004143d2
                                                                                                                                                                    0x004143d8
                                                                                                                                                                    0x004143db
                                                                                                                                                                    0x004143dd
                                                                                                                                                                    0x00414487
                                                                                                                                                                    0x00414487
                                                                                                                                                                    0x0041448b
                                                                                                                                                                    0x00414490
                                                                                                                                                                    0x00414493
                                                                                                                                                                    0x00414495
                                                                                                                                                                    0x00414497
                                                                                                                                                                    0x0041449b
                                                                                                                                                                    0x0041449b
                                                                                                                                                                    0x0041449f
                                                                                                                                                                    0x0041449f
                                                                                                                                                                    0x004144a2
                                                                                                                                                                    0x004144b4
                                                                                                                                                                    0x004144b4
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00414493
                                                                                                                                                                    0x004143e3
                                                                                                                                                                    0x004143e9
                                                                                                                                                                    0x004143eb
                                                                                                                                                                    0x004143ec
                                                                                                                                                                    0x004143ed
                                                                                                                                                                    0x004143ee
                                                                                                                                                                    0x004143f3
                                                                                                                                                                    0x004143f6
                                                                                                                                                                    0x004143f8
                                                                                                                                                                    0x004143ff
                                                                                                                                                                    0x00414400
                                                                                                                                                                    0x00414406
                                                                                                                                                                    0x00414409
                                                                                                                                                                    0x0041440b
                                                                                                                                                                    0x00414410
                                                                                                                                                                    0x00414411
                                                                                                                                                                    0x00414414
                                                                                                                                                                    0x00414416
                                                                                                                                                                    0x00414418
                                                                                                                                                                    0x00414418
                                                                                                                                                                    0x0041441f
                                                                                                                                                                    0x00414425
                                                                                                                                                                    0x0041442a
                                                                                                                                                                    0x0041442d
                                                                                                                                                                    0x0041442e
                                                                                                                                                                    0x0041442f
                                                                                                                                                                    0x00414434
                                                                                                                                                                    0x00414434
                                                                                                                                                                    0x004143fa
                                                                                                                                                                    0x004143fa
                                                                                                                                                                    0x004143fa
                                                                                                                                                                    0x004143f8
                                                                                                                                                                    0x00414437
                                                                                                                                                                    0x0041443a
                                                                                                                                                                    0x0041443c
                                                                                                                                                                    0x0041443e
                                                                                                                                                                    0x00414442
                                                                                                                                                                    0x00414443
                                                                                                                                                                    0x00414443
                                                                                                                                                                    0x00414449
                                                                                                                                                                    0x0041444c
                                                                                                                                                                    0x00414457
                                                                                                                                                                    0x0041445d
                                                                                                                                                                    0x00414460
                                                                                                                                                                    0x00414462
                                                                                                                                                                    0x00414467
                                                                                                                                                                    0x00414468
                                                                                                                                                                    0x0041446b
                                                                                                                                                                    0x0041446d
                                                                                                                                                                    0x0041446f
                                                                                                                                                                    0x0041446f
                                                                                                                                                                    0x00414476
                                                                                                                                                                    0x0041447b
                                                                                                                                                                    0x0041447c
                                                                                                                                                                    0x0041447f
                                                                                                                                                                    0x00414484
                                                                                                                                                                    0x00414484
                                                                                                                                                                    0x00414462
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004144ce
                                                                                                                                                                    0x004144cf
                                                                                                                                                                    0x004144d5
                                                                                                                                                                    0x004144d5
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004143a0
                                                                                                                                                                    0x004143a1
                                                                                                                                                                    0x0041467d
                                                                                                                                                                    0x0041467d
                                                                                                                                                                    0x0041467d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041467d
                                                                                                                                                                    0x0041438b
                                                                                                                                                                    0x0041438e
                                                                                                                                                                    0x0041467f
                                                                                                                                                                    0x00414682
                                                                                                                                                                    0x0041468d
                                                                                                                                                                    0x0041468d

                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d56ffb8a6685455f091880630799685eddd8ac587d3428563be9e88dd716d36c
                                                                                                                                                                    • Instruction ID: 1ac5c9ddcf095474d6e2a383ff06e8771fc838f6ee07df02b13506851481717d
                                                                                                                                                                    • Opcode Fuzzy Hash: d56ffb8a6685455f091880630799685eddd8ac587d3428563be9e88dd716d36c
                                                                                                                                                                    • Instruction Fuzzy Hash: C891F671D01618ABCF21AB69CC41ADE7BB9EB857A4F240127F814B6290D73D8DC18A6C
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0041636C, Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E0041636C() {
				void* _t25;
				intOrPtr* _t28;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t55;

				if( *0x420848 != 0xffffffff) {
					_t43 = HeapAlloc( *0x425a54, 0, 0x2020);
					if(_t43 == 0) {
						goto L20;
					}
					goto L3;
				} else {
					_t43 = 0x420838;
					L3:
					_t42 = VirtualAlloc(0, 0x400000, 0x2000, 4);
					if(_t42 == 0) {
						L18:
						if(_t43 != 0x420838) {
							HeapFree( *0x425a54, 0, _t43);
						}
						L20:
						return 0;
					}
					if(VirtualAlloc(_t42, 0x10000, 0x1000, 4) == 0) {
						VirtualFree(_t42, 0, 0x8000);
						goto L18;
					}
					if(_t43 != 0x420838) {
						 *_t43 = 0x420838;
						_t25 =  *0x42083c; // 0x420838
						 *(_t43 + 4) = _t25;
						 *0x42083c = _t43;
						 *( *(_t43 + 4)) = _t43;
					} else {
						if( *0x420838 == 0) {
							 *0x420838 = 0x420838;
						}
						if( *0x42083c == 0) {
							 *0x42083c = 0x420838;
						}
					}
					_t3 = _t42 + 0x400000; // 0x400000
					_t4 = _t43 + 0x98; // 0x98
					 *((intOrPtr*)(_t43 + 0x14)) = _t3;
					_t6 = _t43 + 0x18; // 0x18
					_t28 = _t6;
					 *((intOrPtr*)(_t43 + 0xc)) = _t4;
					 *(_t43 + 0x10) = _t42;
					 *((intOrPtr*)(_t43 + 8)) = _t28;
					_t45 = 0;
					do {
						_t55 = _t45 - 0x10;
						_t45 = _t45 + 1;
						 *_t28 = ((0 | _t55 >= 0x00000000) - 0x00000001 & 0x000000f1) - 1;
						 *((intOrPtr*)(_t28 + 4)) = 0xf1;
						_t28 = _t28 + 8;
					} while (_t45 < 0x400);
					E00417B70(_t42, 0, 0x10000);
					while(_t42 <  *(_t43 + 0x10) + 0x10000) {
						 *(_t42 + 0xf8) =  *(_t42 + 0xf8) | 0x000000ff;
						_t16 = _t42 + 8; // -4088
						 *_t42 = _t16;
						 *((intOrPtr*)(_t42 + 4)) = 0xf0;
						_t42 = _t42 + 0x1000;
					}
					return _t43;
				}
			}









                                                                                                                                                                    0x00416377
                                                                                                                                                                    0x00416393
                                                                                                                                                                    0x00416397
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00416379
                                                                                                                                                                    0x00416379
                                                                                                                                                                    0x0041639d
                                                                                                                                                                    0x004163b3
                                                                                                                                                                    0x004163b7
                                                                                                                                                                    0x00416492
                                                                                                                                                                    0x00416498
                                                                                                                                                                    0x004164a3
                                                                                                                                                                    0x004164a3
                                                                                                                                                                    0x004164a9
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x004164a9
                                                                                                                                                                    0x004163cf
                                                                                                                                                                    0x0041648c
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0041648c
                                                                                                                                                                    0x004163dc
                                                                                                                                                                    0x004163fc
                                                                                                                                                                    0x004163fe
                                                                                                                                                                    0x00416403
                                                                                                                                                                    0x00416406
                                                                                                                                                                    0x0041640f
                                                                                                                                                                    0x004163de
                                                                                                                                                                    0x004163e5
                                                                                                                                                                    0x004163e7
                                                                                                                                                                    0x004163e7
                                                                                                                                                                    0x004163f3
                                                                                                                                                                    0x004163f5
                                                                                                                                                                    0x004163f5
                                                                                                                                                                    0x004163f3
                                                                                                                                                                    0x00416411
                                                                                                                                                                    0x00416417
                                                                                                                                                                    0x0041641d
                                                                                                                                                                    0x00416420
                                                                                                                                                                    0x00416420
                                                                                                                                                                    0x00416423
                                                                                                                                                                    0x00416426
                                                                                                                                                                    0x00416429
                                                                                                                                                                    0x0041642c
                                                                                                                                                                    0x00416433
                                                                                                                                                                    0x00416435
                                                                                                                                                                    0x0041643f
                                                                                                                                                                    0x00416440
                                                                                                                                                                    0x00416442
                                                                                                                                                                    0x00416445
                                                                                                                                                                    0x00416448
                                                                                                                                                                    0x00416454
                                                                                                                                                                    0x0041645c
                                                                                                                                                                    0x00416465
                                                                                                                                                                    0x0041646c
                                                                                                                                                                    0x0041646f
                                                                                                                                                                    0x00416471
                                                                                                                                                                    0x00416478
                                                                                                                                                                    0x00416478
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00416480

                                                                                                                                                                    APIs
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00002020,00420838,00420838,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000), ref: 0041638D
                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000), ref: 004163B1
                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000), ref: 004163CB
                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000,?), ref: 0041648C
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?,?,00416838,00000000,00000010,00000000,00000009,00000009,?,00413D1F,00000010,00000000,?,00000000), ref: 004164A3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocVirtual$FreeHeap
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 714016831-0
                                                                                                                                                                    • Opcode ID: 61edb7c5b2a57b73fa0373c8b0061bfd64d3e4def081ef99dbe098b98f3bc666
                                                                                                                                                                    • Instruction ID: 1d273cd761051d77879f543994291e2c1f364a84a1ace75b4c6a1ba38ea4645d
                                                                                                                                                                    • Opcode Fuzzy Hash: 61edb7c5b2a57b73fa0373c8b0061bfd64d3e4def081ef99dbe098b98f3bc666
                                                                                                                                                                    • Instruction Fuzzy Hash: 1D310370640711EFD3309F24DC85BA6B7E4EB84764F12823AE56997791E778E881CB8C
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004047A8, Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog.LIBCMT ref: 004047AD
                                                                                                                                                                    • FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,00000000), ref: 004047D1
                                                                                                                                                                    • FormatMessageW.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,00000000), ref: 00404814
                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,00000000,?,00000000,00000000,?,00000000), ref: 0040482F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FormatMessage$FreeH_prologLocal
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3392428314-0
                                                                                                                                                                    • Opcode ID: d8114c00c851820dfd69355ab4a5a7d10c3f97c7ff5c1a94d174072509a20bce
                                                                                                                                                                    • Instruction ID: b23ee79e455563f0a2b187c1bc8aea4849c6785c5b1f5abfa42b55bee9ed31b8
                                                                                                                                                                    • Opcode Fuzzy Hash: d8114c00c851820dfd69355ab4a5a7d10c3f97c7ff5c1a94d174072509a20bce
                                                                                                                                                                    • Instruction Fuzzy Hash: 451170B5A00159AFDF01BFA59C419FFBB7DEF44349F00847AE112721E2DB391A01DA68
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040D5A3, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E0040D5A3(void* __ecx) {
				signed int _t118;
				signed int _t129;
				signed int* _t130;
				signed int _t150;
				signed int _t151;
				signed int _t160;
				intOrPtr _t162;
				signed int* _t180;
				signed int _t181;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t195;
				signed int _t196;
				intOrPtr _t198;
				void* _t200;
				signed int* _t202;
				void* _t203;

				E00413724(E0041A404, _t203);
				_t200 = __ecx;
				if( *((intOrPtr*)(__ecx + 8)) > 0x20 ||  *((intOrPtr*)(__ecx + 0x1c)) > 0x20) {
					L31:
					_t118 = 0;
				} else {
					E00403291(_t203 - 0x28, 1);
					 *((intOrPtr*)(_t203 - 0x28)) = 0x41b754;
					_t150 = 0;
					 *(_t203 - 4) = 0;
					E0040D7D0(_t203 - 0x28,  *((intOrPtr*)(__ecx + 0x30)) +  *((intOrPtr*)(__ecx + 0x1c)));
					_t190 = 0;
					if( *((intOrPtr*)(_t200 + 0x1c)) <= 0) {
						L5:
						_t191 = 0;
						if( *((intOrPtr*)(_t200 + 0x30)) <= _t150) {
							L8:
							E0040D7D0(_t203 - 0x28,  *((intOrPtr*)(_t200 + 0x44)));
							_t192 = 0;
							if( *((intOrPtr*)(_t200 + 0x1c)) <= _t150) {
								L11:
								 *(_t203 - 4) =  *(_t203 - 4) | 0xffffffff;
								E00404320(_t203 - 0x28);
								_t160 = 0x20;
								memset(_t203 - 0xd0, 0, _t160 << 2);
								_t162 = 4;
								 *(_t203 - 0x38) = _t150;
								 *(_t203 - 0x34) = _t150;
								 *(_t203 - 0x30) = _t150;
								 *((intOrPtr*)(_t203 - 0x2c)) = 0;
								 *((intOrPtr*)(_t203 - 0x3c)) = 0x41b380;
								 *(_t203 - 4) = 1;
								 *(_t203 - 0x4c) = _t150;
								 *(_t203 - 0x48) = _t150;
								 *(_t203 - 0x44) = _t150;
								 *((intOrPtr*)(_t203 - 0x40)) = _t162;
								 *((intOrPtr*)(_t203 - 0x50)) = 0x41b380;
								 *(_t203 - 4) = 2;
								 *(_t203 - 0x10) = _t150;
								if( *((intOrPtr*)(_t200 + 8)) > _t150) {
									do {
										 *(_t203 - 0x14) = _t150;
										_t198 =  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0xc)) +  *(_t203 - 0x10) * 4));
										if( *((intOrPtr*)(_t198 + 0x14)) > _t150) {
											do {
												E0040A528(_t203 - 0x3c,  *(_t203 - 0x10));
												 *(_t203 - 0x14) =  *(_t203 - 0x14) + 1;
											} while ( *(_t203 - 0x14) <  *((intOrPtr*)(_t198 + 0x14)));
										}
										 *(_t203 - 0x14) = _t150;
										if( *((intOrPtr*)(_t198 + 0x18)) > _t150) {
											do {
												E0040A528(_t203 - 0x50,  *(_t203 - 0x10));
												 *(_t203 - 0x14) =  *(_t203 - 0x14) + 1;
											} while ( *(_t203 - 0x14) <  *((intOrPtr*)(_t198 + 0x18)));
										}
										 *(_t203 - 0x10) =  *(_t203 - 0x10) + 1;
									} while ( *(_t203 - 0x10) <  *((intOrPtr*)(_t200 + 8)));
								}
								_t195 = 0;
								if( *((intOrPtr*)(_t200 + 0x1c)) > _t150) {
									do {
										_t151 = 1;
										 *(_t203 +  *( *(_t203 - 0x30) +  *( *((intOrPtr*)(_t200 + 0x20)) + _t195 * 8) * 4) * 4 - 0xd0) =  *(_t203 +  *( *(_t203 - 0x30) +  *( *((intOrPtr*)(_t200 + 0x20)) + _t195 * 8) * 4) * 4 - 0xd0) | _t151 <<  *( *(_t203 - 0x44) + ( *((intOrPtr*)(_t200 + 0x20)) + _t195 * 8)[1] * 4);
										_t195 = _t195 + 1;
									} while (_t195 <  *((intOrPtr*)(_t200 + 0x1c)));
									_t150 = 0;
								}
								 *(_t203 - 4) = 1;
								E00404320(_t203 - 0x50);
								 *(_t203 - 4) =  *(_t203 - 4) | 0xffffffff;
								E00404320(_t203 - 0x3c);
								_t180 = _t203 - 0xd0;
								 *(_t203 - 0x14) = 0x20;
								do {
									 *(_t203 - 0x10) = _t150;
									_t202 = _t203 - 0xd0;
									do {
										_t129 =  *_t180;
										_t196 = 1;
										if((_t129 & _t196 <<  *(_t203 - 0x10)) != 0) {
											 *_t180 = _t129 |  *_t202;
										}
										 *(_t203 - 0x10) =  *(_t203 - 0x10) + 1;
										_t202 =  &(_t202[1]);
									} while ( *(_t203 - 0x10) < 0x20);
									_t180 =  &(_t180[1]);
									_t106 = _t203 - 0x14;
									 *_t106 =  *(_t203 - 0x14) - 1;
								} while ( *_t106 != 0);
								_t130 = _t203 - 0xd0;
								while(1) {
									_t181 = 1;
									if(( *_t130 & _t181 << _t150) != 0) {
										goto L31;
									}
									_t150 = _t150 + 1;
									_t130 =  &(_t130[1]);
									if(_t150 < 0x20) {
										continue;
									} else {
										_t118 = 1;
									}
									goto L32;
								}
								goto L31;
							} else {
								while(E0040D7F6(_t203 - 0x28,  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0x20)) + 4 + _t192 * 8))) == 0) {
									_t192 = _t192 + 1;
									if(_t192 <  *((intOrPtr*)(_t200 + 0x1c))) {
										continue;
									} else {
										goto L11;
									}
									goto L32;
								}
								goto L30;
							}
						} else {
							while(E0040D7F6(_t203 - 0x28,  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0x34)) + _t191 * 4))) == 0) {
								_t191 = _t191 + 1;
								if(_t191 <  *((intOrPtr*)(_t200 + 0x30))) {
									continue;
								} else {
									goto L8;
								}
								goto L32;
							}
							goto L30;
						}
					} else {
						while(E0040D7F6(_t203 - 0x28,  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0x20)) + _t190 * 8))) == 0) {
							_t190 = _t190 + 1;
							if(_t190 <  *((intOrPtr*)(_t200 + 0x1c))) {
								continue;
							} else {
								goto L5;
							}
							goto L32;
						}
						L30:
						 *(_t203 - 4) =  *(_t203 - 4) | 0xffffffff;
						E00404320(_t203 - 0x28);
						goto L31;
					}
				}
				L32:
				 *[fs:0x0] =  *((intOrPtr*)(_t203 - 0xc));
				return _t118;
			}





















                                                                                                                                                                    0x0040d5a8
                                                                                                                                                                    0x0040d5b5
                                                                                                                                                                    0x0040d5be
                                                                                                                                                                    0x0040d7bf
                                                                                                                                                                    0x0040d7bf
                                                                                                                                                                    0x0040d5ce
                                                                                                                                                                    0x0040d5d3
                                                                                                                                                                    0x0040d5d8
                                                                                                                                                                    0x0040d5e5
                                                                                                                                                                    0x0040d5ed
                                                                                                                                                                    0x0040d5f0
                                                                                                                                                                    0x0040d5f5
                                                                                                                                                                    0x0040d5fa
                                                                                                                                                                    0x0040d618
                                                                                                                                                                    0x0040d618
                                                                                                                                                                    0x0040d61d
                                                                                                                                                                    0x0040d63b
                                                                                                                                                                    0x0040d641
                                                                                                                                                                    0x0040d646
                                                                                                                                                                    0x0040d64b
                                                                                                                                                                    0x0040d66a
                                                                                                                                                                    0x0040d66a
                                                                                                                                                                    0x0040d671
                                                                                                                                                                    0x0040d67a
                                                                                                                                                                    0x0040d681
                                                                                                                                                                    0x0040d68a
                                                                                                                                                                    0x0040d68b
                                                                                                                                                                    0x0040d68e
                                                                                                                                                                    0x0040d691
                                                                                                                                                                    0x0040d694
                                                                                                                                                                    0x0040d697
                                                                                                                                                                    0x0040d69a
                                                                                                                                                                    0x0040d6a1
                                                                                                                                                                    0x0040d6a4
                                                                                                                                                                    0x0040d6a7
                                                                                                                                                                    0x0040d6aa
                                                                                                                                                                    0x0040d6ad
                                                                                                                                                                    0x0040d6b3
                                                                                                                                                                    0x0040d6b7
                                                                                                                                                                    0x0040d6ba
                                                                                                                                                                    0x0040d6bc
                                                                                                                                                                    0x0040d6c2
                                                                                                                                                                    0x0040d6c5
                                                                                                                                                                    0x0040d6cb
                                                                                                                                                                    0x0040d6cd
                                                                                                                                                                    0x0040d6d3
                                                                                                                                                                    0x0040d6d8
                                                                                                                                                                    0x0040d6de
                                                                                                                                                                    0x0040d6cd
                                                                                                                                                                    0x0040d6e6
                                                                                                                                                                    0x0040d6e9
                                                                                                                                                                    0x0040d6eb
                                                                                                                                                                    0x0040d6f1
                                                                                                                                                                    0x0040d6f6
                                                                                                                                                                    0x0040d6fc
                                                                                                                                                                    0x0040d6eb
                                                                                                                                                                    0x0040d701
                                                                                                                                                                    0x0040d707
                                                                                                                                                                    0x0040d6bc
                                                                                                                                                                    0x0040d70c
                                                                                                                                                                    0x0040d711
                                                                                                                                                                    0x0040d713
                                                                                                                                                                    0x0040d721
                                                                                                                                                                    0x0040d737
                                                                                                                                                                    0x0040d739
                                                                                                                                                                    0x0040d73a
                                                                                                                                                                    0x0040d73f
                                                                                                                                                                    0x0040d73f
                                                                                                                                                                    0x0040d744
                                                                                                                                                                    0x0040d748
                                                                                                                                                                    0x0040d74d
                                                                                                                                                                    0x0040d754
                                                                                                                                                                    0x0040d759
                                                                                                                                                                    0x0040d75f
                                                                                                                                                                    0x0040d766
                                                                                                                                                                    0x0040d766
                                                                                                                                                                    0x0040d769
                                                                                                                                                                    0x0040d76f
                                                                                                                                                                    0x0040d772
                                                                                                                                                                    0x0040d776
                                                                                                                                                                    0x0040d77b
                                                                                                                                                                    0x0040d77f
                                                                                                                                                                    0x0040d77f
                                                                                                                                                                    0x0040d781
                                                                                                                                                                    0x0040d784
                                                                                                                                                                    0x0040d787
                                                                                                                                                                    0x0040d78d
                                                                                                                                                                    0x0040d790
                                                                                                                                                                    0x0040d790
                                                                                                                                                                    0x0040d790
                                                                                                                                                                    0x0040d795
                                                                                                                                                                    0x0040d79b
                                                                                                                                                                    0x0040d79f
                                                                                                                                                                    0x0040d7a4
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040d7a6
                                                                                                                                                                    0x0040d7a7
                                                                                                                                                                    0x0040d7ad
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040d7af
                                                                                                                                                                    0x0040d7af
                                                                                                                                                                    0x0040d7af
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040d7ad
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040d64d
                                                                                                                                                                    0x0040d64d
                                                                                                                                                                    0x0040d664
                                                                                                                                                                    0x0040d668
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040d668
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040d64d
                                                                                                                                                                    0x0040d61f
                                                                                                                                                                    0x0040d61f
                                                                                                                                                                    0x0040d635
                                                                                                                                                                    0x0040d639
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040d639
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040d61f
                                                                                                                                                                    0x0040d5fc
                                                                                                                                                                    0x0040d5fc
                                                                                                                                                                    0x0040d612
                                                                                                                                                                    0x0040d616
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040d616
                                                                                                                                                                    0x0040d7b3
                                                                                                                                                                    0x0040d7b3
                                                                                                                                                                    0x0040d7ba
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x0040d7ba
                                                                                                                                                                    0x0040d5fa
                                                                                                                                                                    0x0040d7c1
                                                                                                                                                                    0x0040d7c7
                                                                                                                                                                    0x0040d7cf

                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                    • String ID: $
                                                                                                                                                                    • API String ID: 3519838083-227171996
                                                                                                                                                                    • Opcode ID: 74feb26567ea79c8fd9d5f3f589634721b0a9a4a518abdc39c0b6b7ccedab932
                                                                                                                                                                    • Instruction ID: 116f94ee193b6a60a58d4aec76a07daa8eefdeb27c95ac76265691768f75313a
                                                                                                                                                                    • Opcode Fuzzy Hash: 74feb26567ea79c8fd9d5f3f589634721b0a9a4a518abdc39c0b6b7ccedab932
                                                                                                                                                                    • Instruction Fuzzy Hash: CB712431D0020A9FCB24DF99D981AAEB7B1FF48314F20467ED416B7691D734AA8ACF54
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00417E5D, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                                    			E00417E5D(void* __ebx, void* __edi) {
				char _v17;
				signed char _v18;
				struct _cpinfo _v24;
				char _v280;
				char _v536;
				char _v792;
				char _v1304;
				void* _t43;
				char _t44;
				signed char _t45;
				void* _t55;
				signed int _t56;
				signed char _t64;
				intOrPtr* _t66;
				signed int _t68;
				signed int _t70;
				signed int _t71;
				signed char _t76;
				signed char _t77;
				signed char* _t78;
				void* _t81;
				void* _t87;
				void* _t88;

				if(GetCPInfo( *0x4256e8,  &_v24) == 1) {
					_t44 = 0;
					do {
						 *((char*)(_t87 + _t44 - 0x114)) = _t44;
						_t44 = _t44 + 1;
					} while (_t44 < 0x100);
					_t45 = _v18;
					_v280 = 0x20;
					if(_t45 == 0) {
						L9:
						E0041883C(1,  &_v280, 0x100,  &_v1304,  *0x4256e8,  *0x425904, 0);
						E004185ED( *0x425904, 0x100,  &_v280, 0x100,  &_v536, 0x100,  *0x4256e8, 0);
						E004185ED( *0x425904, 0x200,  &_v280, 0x100,  &_v792, 0x100,  *0x4256e8, 0);
						_t55 = 0;
						_t66 =  &_v1304;
						do {
							_t76 =  *_t66;
							if((_t76 & 0x00000001) == 0) {
								if((_t76 & 0x00000002) == 0) {
									 *(_t55 + 0x425700) =  *(_t55 + 0x425700) & 0x00000000;
									goto L16;
								}
								 *(_t55 + 0x425801) =  *(_t55 + 0x425801) | 0x00000020;
								_t77 =  *((intOrPtr*)(_t87 + _t55 - 0x314));
								L12:
								 *(_t55 + 0x425700) = _t77;
								goto L16;
							}
							 *(_t55 + 0x425801) =  *(_t55 + 0x425801) | 0x00000010;
							_t77 =  *((intOrPtr*)(_t87 + _t55 - 0x214));
							goto L12;
							L16:
							_t55 = _t55 + 1;
							_t66 = _t66 + 2;
						} while (_t55 < 0x100);
						return _t55;
					}
					_t78 =  &_v17;
					do {
						_t68 =  *_t78 & 0x000000ff;
						_t56 = _t45 & 0x000000ff;
						if(_t56 <= _t68) {
							_t81 = _t87 + _t56 - 0x114;
							_t70 = _t68 - _t56 + 1;
							_t71 = _t70 >> 2;
							memset(_t81 + _t71, memset(_t81, 0x20202020, _t71 << 2), (_t70 & 0x00000003) << 0);
							_t88 = _t88 + 0x18;
						}
						_t78 =  &(_t78[2]);
						_t45 =  *((intOrPtr*)(_t78 - 1));
					} while (_t45 != 0);
					goto L9;
				}
				_t43 = 0;
				do {
					if(_t43 < 0x41 || _t43 > 0x5a) {
						if(_t43 < 0x61 || _t43 > 0x7a) {
							 *(_t43 + 0x425700) =  *(_t43 + 0x425700) & 0x00000000;
						} else {
							 *(_t43 + 0x425801) =  *(_t43 + 0x425801) | 0x00000020;
							_t64 = _t43 - 0x20;
							goto L22;
						}
					} else {
						 *(_t43 + 0x425801) =  *(_t43 + 0x425801) | 0x00000010;
						_t64 = _t43 + 0x20;
						L22:
						 *(_t43 + 0x425700) = _t64;
					}
					_t43 = _t43 + 1;
				} while (_t43 < 0x100);
				return _t43;
			}


























                                                                                                                                                                    0x00417e7a
                                                                                                                                                                    0x00417e80
                                                                                                                                                                    0x00417e87
                                                                                                                                                                    0x00417e87
                                                                                                                                                                    0x00417e8e
                                                                                                                                                                    0x00417e8f
                                                                                                                                                                    0x00417e93
                                                                                                                                                                    0x00417e96
                                                                                                                                                                    0x00417e9f
                                                                                                                                                                    0x00417ed8
                                                                                                                                                                    0x00417ef7
                                                                                                                                                                    0x00417f1b
                                                                                                                                                                    0x00417f43
                                                                                                                                                                    0x00417f4b
                                                                                                                                                                    0x00417f4d
                                                                                                                                                                    0x00417f53
                                                                                                                                                                    0x00417f53
                                                                                                                                                                    0x00417f59
                                                                                                                                                                    0x00417f74
                                                                                                                                                                    0x00417f86
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00417f86
                                                                                                                                                                    0x00417f76
                                                                                                                                                                    0x00417f7d
                                                                                                                                                                    0x00417f69
                                                                                                                                                                    0x00417f69
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00417f69
                                                                                                                                                                    0x00417f5b
                                                                                                                                                                    0x00417f62
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00417f8d
                                                                                                                                                                    0x00417f8d
                                                                                                                                                                    0x00417f8f
                                                                                                                                                                    0x00417f90
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00417f53
                                                                                                                                                                    0x00417ea3
                                                                                                                                                                    0x00417ea6
                                                                                                                                                                    0x00417ea6
                                                                                                                                                                    0x00417ea9
                                                                                                                                                                    0x00417eae
                                                                                                                                                                    0x00417eb2
                                                                                                                                                                    0x00417eb9
                                                                                                                                                                    0x00417ec1
                                                                                                                                                                    0x00417ecb
                                                                                                                                                                    0x00417ecb
                                                                                                                                                                    0x00417ecb
                                                                                                                                                                    0x00417ece
                                                                                                                                                                    0x00417ecf
                                                                                                                                                                    0x00417ed2
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00417ed7
                                                                                                                                                                    0x00417f96
                                                                                                                                                                    0x00417f9d
                                                                                                                                                                    0x00417fa0
                                                                                                                                                                    0x00417fbe
                                                                                                                                                                    0x00417fd3
                                                                                                                                                                    0x00417fc5
                                                                                                                                                                    0x00417fc5
                                                                                                                                                                    0x00417fce
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00417fce
                                                                                                                                                                    0x00417fa7
                                                                                                                                                                    0x00417fa7
                                                                                                                                                                    0x00417fb0
                                                                                                                                                                    0x00417fb3
                                                                                                                                                                    0x00417fb3
                                                                                                                                                                    0x00417fb3
                                                                                                                                                                    0x00417fda
                                                                                                                                                                    0x00417fdb
                                                                                                                                                                    0x00417fe1

                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCPInfo.KERNEL32(?,00000000), ref: 00417E71
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Info
                                                                                                                                                                    • String ID: $
                                                                                                                                                                    • API String ID: 1807457897-3032137957
                                                                                                                                                                    • Opcode ID: be8999de8ad5c30073bbd0379d60ad0f54c653f5d04d814f41e486670cb2e0db
                                                                                                                                                                    • Instruction ID: 669041dcfce0968cbe3c51124f50cac4b21f3f9a56807733dc4743f672ff05a2
                                                                                                                                                                    • Opcode Fuzzy Hash: be8999de8ad5c30073bbd0379d60ad0f54c653f5d04d814f41e486670cb2e0db
                                                                                                                                                                    • Instruction Fuzzy Hash: 65417C312482585AEB219714CC49FFB7FF9DB02714F5404E6D149C7153C2794AC6C7BA
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00415ECA, Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E00415ECA() {
				signed int _t15;
				void* _t17;
				void* _t19;
				void* _t25;
				signed int _t26;
				void* _t27;
				intOrPtr* _t29;

				_t15 =  *0x425a48; // 0x0
				_t26 =  *0x425a38; // 0x0
				if(_t15 != _t26) {
					L3:
					_t27 =  *0x425a4c; // 0x0
					_t29 = _t27 + (_t15 + _t15 * 4) * 4;
					_t17 = HeapAlloc( *0x425a54, 8, 0x41c4);
					 *(_t29 + 0x10) = _t17;
					if(_t17 == 0) {
						L6:
						return 0;
					}
					_t19 = VirtualAlloc(0, 0x100000, 0x2000, 4);
					 *(_t29 + 0xc) = _t19;
					if(_t19 != 0) {
						 *(_t29 + 8) =  *(_t29 + 8) | 0xffffffff;
						 *_t29 = 0;
						 *((intOrPtr*)(_t29 + 4)) = 0;
						 *0x425a48 =  *0x425a48 + 1;
						 *( *(_t29 + 0x10)) =  *( *(_t29 + 0x10)) | 0xffffffff;
						return _t29;
					}
					HeapFree( *0x425a54, 0,  *(_t29 + 0x10));
					goto L6;
				}
				_t2 = _t26 * 4; // 0x50
				_t25 = HeapReAlloc( *0x425a54, 0,  *0x425a4c, _t26 + _t2 + 0x50 << 2);
				if(_t25 == 0) {
					goto L6;
				}
				 *0x425a38 =  *0x425a38 + 0x10;
				 *0x425a4c = _t25;
				_t15 =  *0x425a48; // 0x0
				goto L3;
			}










                                                                                                                                                                    0x00415eca
                                                                                                                                                                    0x00415ecf
                                                                                                                                                                    0x00415edb
                                                                                                                                                                    0x00415f0d
                                                                                                                                                                    0x00415f0d
                                                                                                                                                                    0x00415f23
                                                                                                                                                                    0x00415f26
                                                                                                                                                                    0x00415f2e
                                                                                                                                                                    0x00415f31
                                                                                                                                                                    0x00415f5d
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00415f5d
                                                                                                                                                                    0x00415f40
                                                                                                                                                                    0x00415f48
                                                                                                                                                                    0x00415f4b
                                                                                                                                                                    0x00415f61
                                                                                                                                                                    0x00415f65
                                                                                                                                                                    0x00415f67
                                                                                                                                                                    0x00415f6a
                                                                                                                                                                    0x00415f73
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00415f76
                                                                                                                                                                    0x00415f57
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00415f57
                                                                                                                                                                    0x00415edd
                                                                                                                                                                    0x00415ef2
                                                                                                                                                                    0x00415efa
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00000000
                                                                                                                                                                    0x00415efc
                                                                                                                                                                    0x00415f03
                                                                                                                                                                    0x00415f08
                                                                                                                                                                    0x00000000

                                                                                                                                                                    APIs
                                                                                                                                                                    • HeapReAlloc.KERNEL32(00000000,00000050,00000000,00000000,00415C92,00000000,00000000,00000000,00413CC1,00000000,00000000,?,00000000,00000000,00000000), ref: 00415EF2
                                                                                                                                                                    • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,00415C92,00000000,00000000,00000000,00413CC1,00000000,00000000,?,00000000,00000000,00000000), ref: 00415F26
                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 00415F40
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?), ref: 00415F57
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocHeap$FreeVirtual
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3499195154-0
                                                                                                                                                                    • Opcode ID: 712f9e2f9eec85a92a3a672498402ffd9fd7e765c5a6c8233a1a124cbc29739c
                                                                                                                                                                    • Instruction ID: 8f6381cf99308f7e34b2c2e49534b1224184cafd179dea44f4322364d011a6a4
                                                                                                                                                                    • Opcode Fuzzy Hash: 712f9e2f9eec85a92a3a672498402ffd9fd7e765c5a6c8233a1a124cbc29739c
                                                                                                                                                                    • Instruction Fuzzy Hash: A6114C31300A01EFC7308F59EC86DA6BBB5FB85760791462AF156D69B0D3719887CF58
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004154B1, Relevance: 5.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                                    			E004154B1(void* __eax) {
				void* _t1;

				_t1 = __eax;
				InitializeCriticalSection( *0x4207ac);
				InitializeCriticalSection( *0x42079c);
				InitializeCriticalSection( *0x42078c);
				InitializeCriticalSection( *0x42076c);
				return _t1;
			}




                                                                                                                                                                    0x004154b1
                                                                                                                                                                    0x004154be
                                                                                                                                                                    0x004154c6
                                                                                                                                                                    0x004154ce
                                                                                                                                                                    0x004154d6
                                                                                                                                                                    0x004154d9

                                                                                                                                                                    APIs
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154BE
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154C6
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154CE
                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(?,00415292,?,00414944), ref: 004154D6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.579402740.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                    • Associated: 00000000.00000002.579361526.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579504025.000000000041B000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579527997.0000000000420000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579564503.0000000000422000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579586082.0000000000423000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000000.00000002.579657432.0000000000427000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_BitTorrent.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalInitializeSection
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 32694325-0
                                                                                                                                                                    • Opcode ID: ec7037d00a0fc94f488d53f3a91d2e26ae03bdd42e29aafad6c46e686e3ec5a2
                                                                                                                                                                    • Instruction ID: a8e831e61b8b61633fe4a4176da74b0e9d16ee726bcd83620c475df078586321
                                                                                                                                                                    • Opcode Fuzzy Hash: ec7037d00a0fc94f488d53f3a91d2e26ae03bdd42e29aafad6c46e686e3ec5a2
                                                                                                                                                                    • Instruction Fuzzy Hash: 0AC00231A11138ABCF312B55FC048463FA6EB852A03518072A1045203186612C12EFD8
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Analysis Process: installer.exe PID: 5484 Parent PID: 5608 installer.exeCOMMON

                                                                                                                                                                    Execution Graph

                                                                                                                                                                    Execution Coverage:15.6%
                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                    Signature Coverage:12.3%
                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                    Total number of Limit Nodes:83

                                                                                                                                                                    Graph

                                                                                                                                                                    execution_graph 59655 2e4030 CoInitializeEx 59656 2e407d 59655->59656 59657 2e4731 59655->59657 59753 2ee0b0 59656->59753 59659 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 59657->59659 59660 2e4749 59659->59660 59754 2ee0e7 59753->59754 59755 2ee8f0 5 API calls 59754->59755 59756 2e409d 59755->59756 59757 2e6670 59756->59757 59758 2e9790 29 API calls 59757->59758 59759 2e66c5 59758->59759 59760 2e9790 29 API calls 59759->59760 59761 2e66ef 59760->59761 59762 2e9790 29 API calls 59761->59762 59763 2e6716 59762->59763 59764 2e9790 29 API calls 59763->59764 59765 2e673d 59764->59765 60445 2e6800 CoCreateInstance 59765->60445 59768 2e676f 59770 2e6798 59768->59770 60515 2ea700 26 API calls collate 59768->60515 59771 2e67c1 59770->59771 60516 2ea700 26 API calls collate 59770->60516 59774 2e40a8 59771->59774 60517 2ea700 26 API calls collate 59771->60517 59776 2e6280 59774->59776 59777 2e9790 29 API calls 59776->59777 59778 2e62ea 59777->59778 59779 2e9790 29 API calls 59778->59779 59780 2e631f 59779->59780 59781 2e9790 29 API calls 59780->59781 59782 2e6352 59781->59782 59783 2e9790 29 API calls 59782->59783 59784 2e637f 59783->59784 59785 2e9790 29 API calls 59784->59785 59786 2e63a5 59785->59786 59787 2e9790 29 API calls 59786->59787 59788 2e63cb 59787->59788 59789 2e9790 29 API calls 59788->59789 59790 2e63f2 59789->59790 59791 2e9790 29 API calls 59790->59791 59792 2e6419 59791->59792 59793 2e6800 97 API calls 59792->59793 59794 2e6443 59793->59794 59795 2e6800 97 API calls 59794->59795 59796 2e6463 59795->59796 59797 2ebdf0 29 API calls 59796->59797 59798 2e646f 59797->59798 59799 2e6490 59798->59799 60539 2ea700 26 API calls collate 59798->60539 59801 2e64cb 59799->59801 60540 2ea700 26 API calls collate 59799->60540 59803 2e64fd 59801->59803 60541 2ea700 26 API calls collate 59801->60541 59805 2e6526 59803->59805 60542 2ea700 26 API calls collate 59803->60542 59807 2e654f 59805->59807 60543 2ea700 26 API calls collate 59805->60543 59810 2e6578 59807->59810 60544 2ea700 26 API calls collate 59807->60544 59812 2e65a7 59810->59812 60545 2ea700 26 API calls collate 59810->60545 59811 2e65dc 59815 2e6617 59811->59815 60547 2ea700 26 API calls collate 59811->60547 59812->59811 60546 2ea700 26 API calls collate 59812->60546 59817 2e40bd 59815->59817 60548 2ea700 26 API calls collate 59815->60548 59819 2e5ba0 59817->59819 59820 2e9790 29 API calls 59819->59820 59821 2e5c0e 59820->59821 59822 2e9790 29 API calls 59821->59822 59823 2e5c37 59822->59823 59824 2e9790 29 API calls 59823->59824 59825 2e5c5e 59824->59825 59826 2e9790 29 API calls 59825->59826 59827 2e5c91 59826->59827 59828 2e9790 29 API calls 59827->59828 59829 2e5cc3 59828->59829 59830 2e9790 29 API calls 59829->59830 59831 2e5cf5 59830->59831 59832 2e9790 29 API calls 59831->59832 59833 2e5d28 59832->59833 59834 2e9790 29 API calls 59833->59834 59835 2e5d5b 59834->59835 59836 2e6800 97 API calls 59835->59836 59837 2e5d7c 59836->59837 59838 2e6800 97 API calls 59837->59838 59839 2e5da8 59838->59839 59840 2ebdf0 29 API calls 59839->59840 59841 2e5db4 59840->59841 59842 2e5ddf 59841->59842 60549 2ea700 26 API calls collate 59841->60549 59844 2e5e17 59842->59844 60550 2ea700 26 API calls collate 59842->60550 59846 2e5e4c 59844->59846 60551 2ea700 26 API calls collate 59844->60551 59848 2e5e87 59846->59848 60552 2ea700 26 API calls collate 59846->60552 59850 2e5ec2 59848->59850 60553 2ea700 26 API calls collate 59848->60553 59852 2e5efd 59850->59852 60554 2ea700 26 API calls collate 59850->60554 59854 2e5f38 59852->59854 60555 2ea700 26 API calls collate 59852->60555 59855 2e5f6a 59854->59855 60556 2ea700 26 API calls collate 59854->60556 59858 2e5f93 59855->59858 60557 2ea700 26 API calls collate 59855->60557 59860 2e5fbf 59858->59860 60558 2ea700 26 API calls collate 59858->60558 59862 2e8300 29 API calls 59860->59862 59863 2e5fe3 59862->59863 59864 2e8300 29 API calls 59863->59864 59865 2e5ffa 59864->59865 59866 2e8300 29 API calls 59865->59866 59867 2e600e 59866->59867 59868 2e8300 29 API calls 59867->59868 59869 2e6022 59868->59869 59870 2e6800 97 API calls 59869->59870 59871 2e6049 59870->59871 59872 2e606a 59871->59872 60559 2ea700 26 API calls collate 59871->60559 59874 2e60a5 59872->59874 60560 2ea700 26 API calls collate 59872->60560 59876 2e60e0 59874->59876 60561 2ea700 26 API calls collate 59874->60561 59880 2e611f 59876->59880 60562 2ea700 26 API calls collate 59876->60562 59879 2e6160 59882 2e8300 29 API calls 59879->59882 59880->59879 59881 2ea8d0 29 API calls 59880->59881 59881->59879 59883 2e616d 59882->59883 59884 2e8300 29 API calls 59883->59884 59885 2e617e 59884->59885 59886 2e8300 29 API calls 59885->59886 59887 2e6192 59886->59887 59888 2e8300 29 API calls 59887->59888 59889 2e61a3 59888->59889 59890 2e6800 97 API calls 59889->59890 59891 2e61c4 59890->59891 59892 2ea8d0 29 API calls 59891->59892 59893 2e61d7 59892->59893 59894 2e61f2 59893->59894 60563 2ea700 26 API calls collate 59893->60563 59896 2e621e 59894->59896 60564 2ea700 26 API calls collate 59894->60564 59898 2e8240 26 API calls 59896->59898 59899 2e623d 59898->59899 59900 2e8240 26 API calls 59899->59900 59901 2e6245 59900->59901 59902 2e8240 26 API calls 59901->59902 59903 2e624d 59902->59903 59904 2e8240 26 API calls 59903->59904 59905 2e6255 59904->59905 59906 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 59905->59906 59907 2e40d2 59906->59907 59908 2e5550 59907->59908 59909 2e9790 29 API calls 59908->59909 59910 2e55b6 59909->59910 59911 2e9790 29 API calls 59910->59911 59912 2e55eb 59911->59912 59913 2e9790 29 API calls 59912->59913 59914 2e561e 59913->59914 59915 2e9790 29 API calls 59914->59915 59916 2e5651 59915->59916 59917 2e9790 29 API calls 59916->59917 59918 2e5683 59917->59918 59919 2e9790 29 API calls 59918->59919 59920 2e56b5 59919->59920 59921 2e9790 29 API calls 59920->59921 59922 2e56e8 59921->59922 59923 2e9790 29 API calls 59922->59923 59924 2e571b 59923->59924 59925 2e9790 29 API calls 59924->59925 59926 2e574d 59925->59926 59927 2e9790 29 API calls 59926->59927 59928 2e577f 59927->59928 59929 2e9790 29 API calls 59928->59929 59930 2e57b2 59929->59930 59931 2e9790 29 API calls 59930->59931 59932 2e57e5 59931->59932 59933 2e9790 29 API calls 59932->59933 59934 2e5817 59933->59934 59935 2e9790 29 API calls 59934->59935 59936 2e583d 59935->59936 59937 2e8300 29 API calls 59936->59937 59938 2e584e 59937->59938 59939 2e8300 29 API calls 59938->59939 59940 2e585f 59939->59940 59941 2e6800 97 API calls 59940->59941 59942 2e5889 59941->59942 59943 2e6800 97 API calls 59942->59943 59944 2e58b5 59943->59944 59945 2e6800 97 API calls 59944->59945 59946 2e58e1 59945->59946 59947 2e6800 97 API calls 59946->59947 59948 2e5904 59947->59948 59949 2ebdf0 29 API calls 59948->59949 59950 2e5916 59949->59950 59951 2ebdf0 29 API calls 59950->59951 59952 2e5925 59951->59952 59953 2ebdf0 29 API calls 59952->59953 59954 2e5937 59953->59954 59955 2e594f 59954->59955 60565 2ea700 26 API calls collate 59954->60565 59957 2e597e 59955->59957 60566 2ea700 26 API calls collate 59955->60566 59959 2e59b3 59957->59959 60567 2ea700 26 API calls collate 59957->60567 59961 2e59ee 59959->59961 60568 2ea700 26 API calls collate 59959->60568 59963 2e5a29 59961->59963 60569 2ea700 26 API calls collate 59961->60569 59965 2e5a64 59963->59965 60570 2ea700 26 API calls collate 59963->60570 59967 2e5a96 59965->59967 60571 2ea700 26 API calls collate 59965->60571 59969 2e5abf 59967->59969 60572 2ea700 26 API calls collate 59967->60572 59971 2e5ae8 59969->59971 60573 2ea700 26 API calls collate 59969->60573 59973 2e8240 26 API calls 59971->59973 59974 2e5b07 59973->59974 59975 2e8240 26 API calls 59974->59975 59976 2e5b12 59975->59976 59977 2e8240 26 API calls 59976->59977 59978 2e5b1d 59977->59978 59979 2e8240 26 API calls 59978->59979 59980 2e5b28 59979->59980 59981 2e8240 26 API calls 59980->59981 59982 2e5b33 59981->59982 59983 2e8240 26 API calls 59982->59983 59984 2e5b3e 59983->59984 59985 2e8240 26 API calls 59984->59985 59986 2e5b49 59985->59986 59987 2e8240 26 API calls 59986->59987 59988 2e5b54 59987->59988 59989 2e8240 26 API calls 59988->59989 59990 2e5b5f 59989->59990 59991 2e8240 26 API calls 59990->59991 59992 2e5b6a 59991->59992 59993 2e8240 26 API calls 59992->59993 59994 2e5b75 59993->59994 59995 2e8240 26 API calls 59994->59995 59996 2e5b80 59995->59996 59997 2e8240 26 API calls 59996->59997 59998 2e40e3 59997->59998 59999 2e4d40 59998->59999 60000 2e9790 29 API calls 59999->60000 60001 2e4da6 60000->60001 60002 2e9790 29 API calls 60001->60002 60003 2e4ddb 60002->60003 60004 2e9790 29 API calls 60003->60004 60005 2e4e0e 60004->60005 60006 2e9790 29 API calls 60005->60006 60007 2e4e41 60006->60007 60008 2e9790 29 API calls 60007->60008 60009 2e4e73 60008->60009 60010 2e9790 29 API calls 60009->60010 60011 2e4ea5 60010->60011 60012 2e9790 29 API calls 60011->60012 60446 2e68cc 60445->60446 60447 2e6888 60445->60447 60518 2e3680 60446->60518 60449 2e9790 29 API calls 60447->60449 60450 2e68b4 60449->60450 60453 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 60450->60453 60451 2e68f0 60523 2e3730 60451->60523 60455 2e6757 60453->60455 60454 2e6938 60456 2e697a CoSetProxyBlanket 60454->60456 60457 2e6941 60454->60457 60455->59768 60514 2ea700 26 API calls collate 60455->60514 60456->60457 60459 2e6995 60456->60459 60458 2e8300 29 API calls 60457->60458 60458->60450 60460 2e69bf 60459->60460 60461 2e69e1 60459->60461 60463 2ebb00 29 API calls 60460->60463 60462 2ebb00 29 API calls 60461->60462 60465 2e69ec 60462->60465 60464 2e69ca 60463->60464 60466 2e8280 26 API calls 60464->60466 60467 2ebc60 29 API calls 60465->60467 60468 2e69d6 60466->60468 60469 2e6a02 60467->60469 60471 2e8240 26 API calls 60468->60471 60470 2ebda0 29 API calls 60469->60470 60472 2e6a1c 60470->60472 60473 2e6a8c 60471->60473 60474 2ebc60 29 API calls 60472->60474 60475 2e3680 30 API calls 60473->60475 60476 2e6a35 60474->60476 60477 2e6ab7 60475->60477 60478 2ebda0 29 API calls 60476->60478 60528 2e35e0 60477->60528 60480 2e6a4c 60478->60480 60481 2e8280 26 API calls 60480->60481 60482 2e6a58 60481->60482 60483 2e8240 26 API calls 60482->60483 60484 2e6a63 60483->60484 60486 2e8240 26 API calls 60484->60486 60485 2e6ac6 60490 2e3730 2 API calls 60485->60490 60487 2e6a6e 60486->60487 60488 2e8240 26 API calls 60487->60488 60489 2e6a79 60488->60489 60491 2e8240 26 API calls 60489->60491 60492 2e6b08 60490->60492 60491->60468 60493 2e3730 2 API calls 60492->60493 60494 2e6b17 60493->60494 60495 2e6b1b 60494->60495 60496 2e6b45 60494->60496 60497 2e8300 29 API calls 60495->60497 60501 2e6bfa 60496->60501 60533 2ee1d0 60496->60533 60498 2e6b27 60497->60498 60499 2e8240 26 API calls 60498->60499 60499->60450 60502 2e8240 26 API calls 60501->60502 60502->60450 60504 2e6c2a 60506 2e6bf2 60504->60506 60537 2e81f0 29 API calls 60504->60537 60505 2e6bc3 60505->60506 60507 2e3340 29 API calls 60505->60507 60508 2e34d0 87 API calls 60506->60508 60510 2e6bde 60507->60510 60508->60501 60511 2e8280 26 API calls 60510->60511 60512 2e6be7 60511->60512 60513 2e8240 26 API calls 60512->60513 60513->60506 60514->59768 60515->59770 60516->59771 60517->59774 60519 3727c3 new 29 API calls 60518->60519 60520 2e36ae 60519->60520 60521 2e36c1 SysAllocString 60520->60521 60522 2e36ec _com_issue_error 60520->60522 60521->60522 60522->60451 60524 2e373a InterlockedDecrement 60523->60524 60525 2e375f std::ios_base::_Ios_base_dtor 60523->60525 60524->60525 60526 2e3748 60524->60526 60525->60454 60526->60525 60527 2e3752 SysFreeString 60526->60527 60527->60525 60529 3727c3 new 29 API calls 60528->60529 60530 2e360e 60529->60530 60532 2e3647 _com_issue_error 60530->60532 60538 36dcc0 10 API calls 4 library calls 60530->60538 60532->60485 60534 2ee207 60533->60534 60535 2ee8f0 5 API calls 60534->60535 60536 2e6b95 60535->60536 60536->60504 60536->60505 60537->60506 60538->60532 60539->59799 60540->59801 60541->59803 60542->59805 60543->59807 60544->59810 60545->59812 60546->59811 60547->59815 60548->59817 60549->59842 60550->59844 60551->59846 60552->59848 60553->59850 60554->59852 60555->59854 60556->59855 60557->59858 60558->59860 60559->59872 60560->59874 60561->59876 60562->59880 60563->59894 60564->59896 60565->59955 60566->59957 60567->59959 60568->59961 60569->59963 60570->59965 60571->59967 60572->59969 60573->59971 60676 2ef440 60681 35c031 60676->60681 60679 35c398 __Getcvt 38 API calls 60680 2ef465 60679->60680 60682 3edbe4 __Toupper 38 API calls 60681->60682 60683 35c03a 60682->60683 60684 3edb00 __Getctype 20 API calls 60683->60684 60685 35c04b 60684->60685 60686 35c054 60685->60686 60687 35c072 60685->60687 60695 3edb5d 38 API calls __Toupper 60686->60695 60696 3edb5d 38 API calls __Toupper 60687->60696 60690 35c05b 60691 3edc32 __Toupper 38 API calls 60690->60691 60692 35c083 60691->60692 60693 2ef452 60692->60693 60697 3edb83 26 API calls 2 library calls 60692->60697 60693->60679 60695->60690 60696->60690 60697->60693 58619 300a90 58626 301da0 58619->58626 58621 300ae8 58625 300b2c 58621->58625 58629 301e30 58621->58629 58623 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58624 300bbd 58623->58624 58625->58623 58627 3727c3 new 29 API calls 58626->58627 58628 301de1 58627->58628 58628->58621 58630 2e9890 29 API calls 58629->58630 58631 301e9e 58630->58631 58636 38b570 58631->58636 58637 3727c3 new 29 API calls 58636->58637 58638 38b5a1 58637->58638 58639 38b5c5 58638->58639 58733 388900 87 API calls 58638->58733 58644 38e6a0 58639->58644 58645 2e9890 29 API calls 58644->58645 58646 38e6f9 58645->58646 58647 38e7b9 58646->58647 58817 38ba70 29 API calls 58646->58817 58649 3775e0 37 API calls 58647->58649 58651 38e7c9 58649->58651 58650 38e713 58652 2e9890 29 API calls 58650->58652 58658 38e7eb 58651->58658 58821 2ea700 26 API calls collate 58651->58821 58654 38e73a 58652->58654 58653 38e82b 58656 2e9890 29 API calls 58653->58656 58663 38e753 58654->58663 58818 2ea700 26 API calls collate 58654->58818 58659 38e854 58656->58659 58658->58653 58822 2ea700 26 API calls collate 58658->58822 58734 374bc0 58659->58734 58662 38e78c 58662->58647 58820 2ea700 26 API calls collate 58662->58820 58663->58662 58819 2ea700 26 API calls collate 58663->58819 58733->58639 58841 374ad0 GetCurrentDirectoryW 58734->58841 58817->58650 58818->58663 58819->58662 58820->58647 58821->58658 58822->58653 58850 372ce7 58841->58850 59363 36ba9c 59364 36baa8 __EH_prolog3 59363->59364 59476 36a9dc 59364->59476 59478 36a9e8 __EH_prolog3_GS 59476->59478 59477 36aa79 59539 373738 59477->59539 59478->59477 59480 3727c3 new 29 API calls 59478->59480 59482 36aa05 59480->59482 59484 36aa4c 59482->59484 59542 36a181 87 API calls 2 library calls 59482->59542 59485 36aa68 59484->59485 59487 2e26a0 moneypunct 74 API calls 59484->59487 59485->59477 59544 2e9a20 87 API calls 2 library calls 59485->59544 59486 36aa1e 59489 2e25b0 moneypunct 75 API calls 59486->59489 59487->59485 59490 36aa3a 59489->59490 59543 36d5f2 38 API calls 2 library calls 59490->59543 59540 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 59539->59540 59541 373743 59540->59541 59541->59541 59542->59486 59543->59484 59544->59477 52936 30c8d0 53364 30aab0 52936->53364 52941 30ed26 52944 30ed44 52941->52944 54412 2ea700 26 API calls collate 52941->54412 52942 30c966 GetLastError 52942->52941 52943 30c977 52942->52943 53413 2e8300 52943->53413 53356 30e451 52944->53356 54413 2ea700 26 API calls collate 52944->54413 52947 30c980 53420 30a940 52947->53420 52951 30ed99 52954 30c9a8 52955 30c9d2 52954->52955 54159 2ea240 87 API calls collate 52954->54159 52956 30ca16 52955->52956 54160 2ea240 87 API calls collate 52955->54160 52959 30ca4f 52956->52959 54161 2ea700 26 API calls collate 52956->54161 52961 30ca85 52959->52961 54162 2ea700 26 API calls collate 52959->54162 53448 311320 52961->53448 52964 30caac 53454 328ec0 52964->53454 52970 30caef 52971 30cb08 52970->52971 54163 2ea700 26 API calls collate 52970->54163 52973 2e9890 29 API calls 52971->52973 52974 30cb4e 52973->52974 53498 309290 52974->53498 52977 2e9890 29 API calls 52978 30cb9a 52977->52978 53509 308800 52978->53509 52984 30cbb8 53585 2e8440 52984->53585 52993 30cd35 53636 311f10 52993->53636 53010 2f09d0 87 API calls 53028 30cbda 53010->53028 53028->52993 53028->53010 53589 2f2ab0 53028->53589 53592 2f0dc0 53028->53592 53602 3156d0 53028->53602 53606 2f18f0 53028->53606 53616 37ab20 53028->53616 54165 37cd70 119 API calls 53028->54165 54414 3727a4 53356->54414 53365 311bb0 87 API calls 53364->53365 53366 30ab0b 53365->53366 53367 328ec0 89 API calls 53366->53367 53368 30ab1a 53367->53368 53369 378600 28 API calls 53368->53369 53370 30ab25 53369->53370 53371 2f4b90 29 API calls 53370->53371 53372 30ab33 53371->53372 53373 30ab54 53372->53373 54455 2ea700 26 API calls collate 53372->54455 53375 30ab8a 53373->53375 54456 2ea700 26 API calls collate 53373->54456 53377 377a70 29 API calls 53375->53377 53378 30abaa 53377->53378 53379 311320 29 API calls 53378->53379 53380 30abc9 53379->53380 53381 35bdd1 std::locale::_Init 45 API calls 53380->53381 53382 30abd4 53381->53382 53383 311c90 116 API calls 53382->53383 53384 30abf0 53383->53384 54421 2e9ab0 53384->54421 53386 30ac39 53387 3117b0 97 API calls 53386->53387 53388 30ac62 53387->53388 54437 3293d0 53388->54437 53390 30ac74 53391 30ac95 53390->53391 54457 2ea240 87 API calls collate 53390->54457 53393 30acc5 53391->53393 54458 2ea240 87 API calls collate 53391->54458 53395 30ace6 std::ios_base::_Ios_base_dtor 53393->53395 54459 315070 87 API calls collate 53393->54459 53396 30ad0e 53395->53396 54460 2ea240 87 API calls collate 53395->54460 53399 30ad35 53396->53399 54461 2ea240 87 API calls collate 53396->54461 53401 30ad5c 53399->53401 54462 2ea700 26 API calls collate 53399->54462 53403 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 53401->53403 53404 30ad97 53403->53404 53405 2ebb00 53404->53405 53406 2ebb58 53405->53406 53408 2ebba4 53406->53408 54495 2ea760 29 API calls std::invalid_argument::invalid_argument 53406->54495 54467 2ed7e0 53408->54467 53410 2ebbe8 54482 2ea8d0 53410->54482 53412 2ebbf6 CreateMutexW 53412->52941 53412->52942 53414 2e8321 53413->53414 53417 2e8333 53413->53417 54526 2e9790 53414->54526 53416 2e832c 53416->52947 53418 2e9790 29 API calls 53417->53418 53419 2e8359 53418->53419 53419->52947 54539 3c8630 53420->54539 53422 30a9a9 __cftof 54553 318e50 53422->54553 53425 30aa3c 54568 311ab0 29 API calls 53425->54568 53426 30aa5f 54563 30f4e0 53426->54563 53428 30aa7c 53431 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 53428->53431 53432 30aa9d 53431->53432 53433 329500 53432->53433 53434 329553 WideCharToMultiByte 53433->53434 53435 32952e 53433->53435 53434->53435 53439 32957a 53434->53439 53436 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 53435->53436 53437 32954f 53436->53437 53437->52954 54959 2f7c90 87 API calls 2 library calls 53439->54959 53441 32959b WideCharToMultiByte 53443 3295d3 collate 53441->53443 53444 3295eb 53443->53444 54960 2ea240 87 API calls collate 53443->54960 53446 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 53444->53446 53447 3295fb 53446->53447 53447->52954 53449 31136e 53448->53449 53450 3727c3 new 29 API calls 53449->53450 53451 311385 53450->53451 53452 3727c3 new 29 API calls 53451->53452 53453 311395 53452->53453 53453->52964 54961 3d7830 53454->54961 53457 328f30 __cftof 54963 2ea290 87 API calls 53457->54963 53458 32909f 53459 2e9790 29 API calls 53458->53459 53460 3290e2 53459->53460 53463 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 53460->53463 53462 328f88 54964 2eac10 53462->54964 53465 30cab8 53463->53465 53476 378600 53465->53476 53470 329010 54978 2e8590 87 API calls 53470->54978 53472 329022 53473 3d6a34 ___std_exception_copy 26 API calls 53472->53473 53474 32905f 53473->53474 54979 2ec130 87 API calls __CxxThrowException@8 53474->54979 53477 378608 53476->53477 53478 30cac3 53477->53478 55020 35bab5 28 API calls 2 library calls 53477->55020 53481 2e9890 53478->53481 53480 378638 53482 2e998c 53481->53482 53483 2e98a9 53481->53483 55022 35bab5 28 API calls 2 library calls 53482->55022 53485 2e98ea 53483->53485 53486 2e98b7 53483->53486 53487 2e98f6 53485->53487 53488 2e99a0 53485->53488 53489 2e9996 53486->53489 53490 2e98c3 53486->53490 53493 2eaff0 29 API calls 53487->53493 53497 2e9906 _Yarn 53487->53497 55024 35ba95 28 API calls 2 library calls 53488->55024 55023 35bab5 28 API calls 2 library calls 53489->55023 55021 2ea7e0 28 API calls 2 library calls 53490->55021 53493->53497 53494 2e99aa 53496 2e98e1 53496->52970 53497->52970 55025 3117f0 53498->55025 53501 3727c3 new 29 API calls 53502 30932d 53501->53502 53504 309376 53502->53504 55030 372a71 29 API calls __onexit 53502->55030 53505 30941f 53504->53505 55031 2ea700 26 API calls collate 53504->55031 53507 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 53505->53507 53508 309437 53507->53508 53508->52977 53510 30885c 53509->53510 53511 2e9790 29 API calls 53510->53511 53512 30887e 53511->53512 53513 2e9890 29 API calls 53512->53513 53514 3088a5 53513->53514 55637 305820 53514->55637 53516 3088b5 53524 3088ca 53516->53524 55653 2ea700 26 API calls collate 53516->55653 53519 2e9890 29 API calls 53522 308a59 53519->53522 53520 30899b 53520->53519 53521 2e9890 29 API calls 53521->53524 53525 305820 96 API calls 53522->53525 53524->53520 53524->53521 53526 308800 221 API calls 53524->53526 55646 375e70 53524->55646 55650 305950 53524->55650 53527 308a69 53525->53527 53526->53524 53570 308a7e 53527->53570 55654 2ea700 26 API calls collate 53527->55654 53529 375e70 34 API calls 53529->53570 53530 308ef3 53532 308f0f MoveFileExW 53530->53532 53531 305950 101 API calls 53531->53570 53534 309124 53532->53534 53535 308f3b 53532->53535 53533 308b2c MoveFileExW 53533->53570 53565 30912d 53534->53565 55659 2f34c0 32 API calls new 53534->55659 53564 308f44 53535->53564 55655 2f34c0 32 API calls new 53535->55655 53538 2f34c0 32 API calls 53538->53570 53539 30908f 53540 3090d9 53539->53540 55657 2ea700 26 API calls collate 53539->55657 53542 309102 53540->53542 55658 2ea700 26 API calls collate 53540->55658 53544 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 53542->53544 53545 30911a 53544->53545 53572 30a840 53545->53572 53546 2f2ab0 143 API calls 53546->53564 53547 2f2ab0 143 API calls 53547->53565 53548 2f2ab0 143 API calls 53548->53570 53549 2f09d0 87 API calls 53549->53564 53550 2f0dc0 87 API calls 53550->53564 53551 2f0dc0 87 API calls 53551->53565 53552 2f0dc0 87 API calls 53552->53570 53553 2f09d0 87 API calls 53553->53570 53554 2f09d0 87 API calls 53554->53565 53555 3156f0 87 API calls 53555->53564 53556 3156f0 87 API calls 53556->53565 53557 2ef8f0 29 API calls 53557->53570 53558 2f3860 87 API calls 53558->53570 53559 2ea700 26 API calls 53559->53570 53560 2f18f0 87 API calls 53560->53564 53561 2f18f0 87 API calls 53561->53565 53564->53539 53564->53546 53564->53549 53564->53550 53564->53555 53564->53560 53566 37ab20 195 API calls 53564->53566 55656 37cd70 119 API calls 53564->55656 53565->53539 53565->53547 53565->53551 53565->53554 53565->53556 53565->53561 53567 37ab20 195 API calls 53565->53567 55660 37cd70 119 API calls 53565->55660 53566->53564 53567->53565 53568 2f18f0 87 API calls 53568->53570 53569 37cd70 119 API calls 53569->53570 53570->53529 53570->53530 53570->53531 53570->53533 53570->53538 53570->53548 53570->53552 53570->53553 53570->53557 53570->53558 53570->53559 53570->53568 53570->53569 53571 37ab20 195 API calls 53570->53571 53571->53570 53573 30a8b1 UuidCreate UuidToStringA 53572->53573 53575 30a91c 53573->53575 53576 30a8eb 53573->53576 53577 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 53575->53577 53579 2e9ab0 collate 87 API calls 53576->53579 53578 30a935 53577->53578 53581 30f770 53578->53581 53580 30a912 RpcStringFreeA 53579->53580 53580->53575 53582 30f79a 53581->53582 53583 30f7ab 53581->53583 53582->53583 55901 2ea240 87 API calls collate 53582->55901 53583->52984 53586 2e844b 53585->53586 53587 2e8454 53585->53587 55902 2ea240 87 API calls collate 53586->55902 53587->53028 54164 2f34c0 32 API calls new 53587->54164 55903 37c340 53589->55903 53593 2f0e05 53592->53593 53594 2f18f0 87 API calls 53593->53594 53596 2f0e37 53593->53596 53594->53596 53603 3156df 53602->53603 55923 2f2b70 53603->55923 53607 2f192b 53606->53607 53612 2f1995 53606->53612 55939 2f10a0 87 API calls 53607->55939 53609 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 53610 2f19cf 53609->53610 53610->53028 53612->53609 53613 2f1934 55941 37aa40 53616->55941 53637 311f5f 53636->53637 53638 2e9ab0 collate 87 API calls 53637->53638 54159->52955 54160->52956 54161->52959 54162->52961 54163->52971 54164->53028 54165->53028 54412->52944 54413->53356 54415 3727af IsProcessorFeaturePresent 54414->54415 54416 3727ad 54414->54416 54418 373006 54415->54418 54416->52951 58210 372fca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 54418->58210 54420 3730e9 54420->52951 54422 2e9b15 54421->54422 54427 2e9abe 54421->54427 54423 2e9b1e 54422->54423 54424 2e9b9b 54422->54424 54430 2e9b2e _Yarn 54423->54430 54463 2eb1a0 87 API calls 4 library calls 54423->54463 54464 35ba95 28 API calls 2 library calls 54424->54464 54427->54422 54429 2e9ae4 54427->54429 54428 2e9ba5 54431 2e9aff 54429->54431 54432 2e9ae9 54429->54432 54430->53386 54434 2e9bb0 std::invalid_argument::invalid_argument 87 API calls 54431->54434 54433 2e9bb0 std::invalid_argument::invalid_argument 87 API calls 54432->54433 54435 2e9af9 54433->54435 54436 2e9b0f 54434->54436 54435->53386 54436->53386 54438 329421 MultiByteToWideChar 54437->54438 54439 3293fe 54437->54439 54443 329446 54438->54443 54444 329467 54438->54444 54440 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 54439->54440 54441 32941d 54440->54441 54441->53390 54445 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 54443->54445 54465 2f2960 32 API calls std::invalid_argument::invalid_argument 54444->54465 54447 329463 54445->54447 54447->53390 54448 329488 MultiByteToWideChar 54450 3294cf 54448->54450 54451 3294e7 54450->54451 54466 2ea700 26 API calls collate 54450->54466 54453 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 54451->54453 54454 3294f7 54453->54454 54454->53390 54455->53373 54456->53375 54457->53391 54458->53393 54459->53395 54460->53396 54461->53399 54462->53401 54463->54430 54464->54428 54465->54448 54466->54451 54468 2ed7ee 54467->54468 54469 2ed836 54467->54469 54468->54469 54478 2ed815 54468->54478 54470 2ed8ef 54469->54470 54471 2ed848 54469->54471 54509 35ba95 28 API calls 2 library calls 54470->54509 54473 2ed8f9 54471->54473 54474 2ed860 54471->54474 54480 2ed86e _Yarn 54471->54480 54510 35ba95 28 API calls 2 library calls 54473->54510 54474->54480 54496 2eaff0 54474->54496 54477 2ed903 54479 2ea8d0 29 API calls 54478->54479 54481 2ed830 54479->54481 54480->53410 54481->53410 54483 2ea9b9 54482->54483 54484 2ea8e9 54482->54484 54523 35bab5 28 API calls 2 library calls 54483->54523 54485 2ea905 54484->54485 54486 2ea9c3 54484->54486 54489 2ea91c 54485->54489 54490 2ea9cd 54485->54490 54494 2ea92a _Yarn 54485->54494 54524 35ba95 28 API calls 2 library calls 54486->54524 54493 2eaff0 29 API calls 54489->54493 54489->54494 54525 35ba95 28 API calls 2 library calls 54490->54525 54492 2ea9d7 54493->54494 54494->53412 54495->53408 54498 2eb030 54496->54498 54497 2eb079 54500 2eb0a2 54497->54500 54501 2eb082 54497->54501 54498->54497 54507 2eb069 _Yarn 54498->54507 54517 35ba78 28 API calls 3 library calls 54498->54517 54511 3727c3 54500->54511 54502 2eb08e 54501->54502 54518 35ba78 28 API calls 3 library calls 54501->54518 54506 3727c3 new 29 API calls 54502->54506 54506->54507 54508 2eb10f 54507->54508 54519 2ea700 26 API calls collate 54507->54519 54508->54480 54509->54473 54510->54477 54516 3727c8 _Yarn 54511->54516 54512 3727f4 54512->54507 54516->54512 54520 3f04ed 7 API calls 2 library calls 54516->54520 54521 37390f IsProcessorFeaturePresent KiUserExceptionDispatcher Concurrency::cancel_current_task __CxxThrowException@8 54516->54521 54522 35ba78 28 API calls 3 library calls 54516->54522 54517->54497 54518->54502 54519->54508 54520->54516 54521->54516 54522->54516 54523->54486 54524->54490 54525->54492 54527 2e97e6 54526->54527 54533 2e979e 54526->54533 54528 2e987e 54527->54528 54529 2e97f6 54527->54529 54538 35ba95 28 API calls 2 library calls 54528->54538 54532 2eaff0 29 API calls 54529->54532 54534 2e9806 _Yarn 54529->54534 54531 2e9888 54532->54534 54533->54527 54535 2e97c5 54533->54535 54534->53416 54536 2e9890 29 API calls 54535->54536 54537 2e97e0 54536->54537 54537->53416 54538->54531 54540 3c8679 54539->54540 54541 3c86ca 54539->54541 54543 3727c3 new 29 API calls 54540->54543 54542 3727c3 new 29 API calls 54541->54542 54547 3c86cf 54542->54547 54544 3c867e 54543->54544 54545 3c8695 54544->54545 54569 3c39d0 54544->54569 54584 3c36d0 29 API calls 54545->54584 54585 3c36d0 29 API calls 54547->54585 54550 3c86b5 54577 3c7570 54550->54577 54554 318e88 __cftof 54553->54554 54562 318e96 std::ios_base::_Ios_base_dtor 54554->54562 54956 31c3b0 87 API calls 54554->54956 54555 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 54556 30aa20 54555->54556 54556->53425 54556->53426 54567 30fd80 87 API calls ___std_exception_copy 54556->54567 54558 318ec5 54957 31d020 26 API calls 54558->54957 54560 318ee1 54561 30f4e0 26 API calls 54560->54561 54560->54562 54561->54562 54562->54555 54564 30f515 54563->54564 54565 30f572 54564->54565 54958 310750 26 API calls collate 54564->54958 54565->53428 54568->53426 54570 3727c3 new 29 API calls 54569->54570 54571 3c3a1e 54570->54571 54572 3c3a2e GetUserDefaultLCID 54571->54572 54573 3c3a3a 54571->54573 54586 3c21f0 54572->54586 54589 3c3630 29 API calls 54573->54589 54576 3c3a5e 54576->54545 54864 3c3770 54577->54864 54584->54550 54585->54550 54590 3cadd0 54586->54590 54588 3c2209 54588->54573 54589->54576 54601 3d5640 54590->54601 54593 3cae4c 54639 3d6a34 54593->54639 54594 3cae21 54605 3c87c0 54594->54605 54597 3cae73 54643 2f9400 87 API calls __CxxThrowException@8 54597->54643 54598 3cae2f 54598->54588 54602 3cae0b 54601->54602 54603 3d5654 54601->54603 54602->54593 54602->54594 54644 3d5680 Sleep 54603->54644 54606 3c880f 54605->54606 54609 3c8896 54605->54609 54699 372bd7 EnterCriticalSection LeaveCriticalSection WaitForSingleObjectEx __Init_thread_wait __Init_thread_footer 54606->54699 54610 3c89ac 54609->54610 54611 3c88d7 54609->54611 54613 3727c3 new 29 API calls 54610->54613 54623 3c8952 54611->54623 54700 3c51c0 29 API calls 2 library calls 54611->54700 54616 3c89b3 54613->54616 54617 3c89cd 54616->54617 54645 3c3ff0 54616->54645 54703 3c3590 29 API calls 54617->54703 54619 3c8903 54622 3c892f 54619->54622 54701 3c6480 28 API calls std::invalid_argument::invalid_argument 54619->54701 54622->54623 54702 3c6480 28 API calls std::invalid_argument::invalid_argument 54622->54702 54623->54598 54628 3c89f0 54704 3c0310 29 API calls 54628->54704 54632 3c8a39 54633 3c8a57 54632->54633 54705 35ba95 28 API calls 2 library calls 54632->54705 54706 3c02e0 29 API calls 54633->54706 54636 3c8ac3 54707 3c1520 28 API calls 54636->54707 54638 3c8ad8 54638->54598 54640 3d6a41 _Yarn 54639->54640 54642 3d6a6e 54639->54642 54640->54642 54863 3f6cf4 26 API calls _Mpunct 54640->54863 54642->54597 54644->54602 54708 3c3c40 54645->54708 54649 3c4054 54650 3c5130 29 API calls 54649->54650 54651 3c4074 54650->54651 54755 3c5160 54651->54755 54653 3c4094 54762 3cae90 54653->54762 54655 3c40b1 54656 3c40c5 54655->54656 54675 3c41e6 54655->54675 54784 3d5860 30 API calls 54656->54784 54660 3c451e 54663 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 54660->54663 54661 3c40d0 54665 2e8500 collate 87 API calls 54661->54665 54661->54675 54666 3c457d 54663->54666 54668 3c412e 54665->54668 54666->54617 54667 3c4584 54798 35ba95 28 API calls 2 library calls 54667->54798 54785 3c00b0 87 API calls 54668->54785 54672 3c458e 54673 3c4143 54676 3d6a34 ___std_exception_copy 26 API calls 54673->54676 54674 2eaff0 29 API calls 54674->54675 54675->54667 54675->54674 54677 2e9bb0 std::invalid_argument::invalid_argument 87 API calls 54675->54677 54681 2ea700 26 API calls 54675->54681 54683 3c441d 54675->54683 54697 3c44f2 54675->54697 54789 3d57a0 30 API calls UnDecorator::getTemplateArgumentList 54675->54789 54790 2eb1a0 87 API calls 4 library calls 54675->54790 54791 3c1ba0 87 API calls 54675->54791 54792 2e24d0 26 API calls 2 library calls 54675->54792 54679 3c4171 54676->54679 54677->54675 54682 3c4194 54679->54682 54786 2ea240 87 API calls collate 54679->54786 54681->54675 54787 3d4e20 87 API calls 2 library calls 54682->54787 54689 3c4483 54683->54689 54793 372bd7 EnterCriticalSection LeaveCriticalSection WaitForSingleObjectEx __Init_thread_wait __Init_thread_footer 54683->54793 54689->54697 54794 3d57a0 30 API calls UnDecorator::getTemplateArgumentList 54689->54794 54795 3c1c30 87 API calls 54689->54795 54796 2ea700 26 API calls collate 54689->54796 54690 3c41b2 ___std_exception_destroy 54691 3c41e2 54690->54691 54788 2ea240 87 API calls collate 54690->54788 54691->54675 54769 3c2280 54697->54769 54700->54619 54701->54622 54702->54623 54703->54628 54704->54632 54705->54633 54706->54636 54707->54638 54799 3c5190 54708->54799 54710 3c3c95 54711 3cae90 88 API calls 54710->54711 54712 3c3cb9 54711->54712 54713 3c3ccd 54712->54713 54714 3c3df1 54712->54714 54806 3d5860 30 API calls 54713->54806 54718 3c3e02 54714->54718 54724 3c3ef4 54714->54724 54722 3c3f32 54718->54722 54811 3cafd0 29 API calls 54718->54811 54812 3d57a0 30 API calls UnDecorator::getTemplateArgumentList 54718->54812 54813 2ea700 26 API calls collate 54718->54813 54814 3c1cd0 29 API calls 54718->54814 54720 3c3cd8 54723 2e8500 collate 87 API calls 54720->54723 54746 3c3dea 54720->54746 54725 3c3f53 54722->54725 54738 3c3f75 54722->54738 54817 3e0381 26 API calls 2 library calls 54722->54817 54728 3c3d36 54723->54728 54724->54722 54815 3d4f80 5 API calls UnDecorator::getTemplateArgumentList 54724->54815 54816 3c1cd0 29 API calls 54724->54816 54730 3c3f5f 54725->54730 54818 3e0381 26 API calls 2 library calls 54725->54818 54727 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 54732 3c3fe3 54727->54732 54807 3c00b0 87 API calls 54728->54807 54735 3c3f6b 54730->54735 54819 3e0381 26 API calls 2 library calls 54730->54819 54748 3c5130 54732->54748 54735->54738 54820 3e0381 26 API calls 2 library calls 54735->54820 54736 3c3d4b 54740 3d6a34 ___std_exception_copy 26 API calls 54736->54740 54738->54727 54741 3c3d79 54740->54741 54742 3c3d9c 54741->54742 54808 2ea240 87 API calls collate 54741->54808 54809 3d4e20 87 API calls 2 library calls 54742->54809 54745 3c3dba ___std_exception_destroy 54745->54746 54810 2ea240 87 API calls collate 54745->54810 54746->54714 54749 3727c3 new 29 API calls 54748->54749 54752 3c5137 54749->54752 54751 3e0390 54753 3e039e __Getcoll 11 API calls 54751->54753 54752->54649 54826 3e02f6 26 API calls 4 library calls 54752->54826 54754 3e039d 54753->54754 54756 3727c3 new 29 API calls 54755->54756 54759 3c5167 54756->54759 54758 3e0390 54760 3e039e __Getcoll 11 API calls 54758->54760 54759->54653 54827 3e02f6 26 API calls 4 library calls 54759->54827 54761 3e039d 54760->54761 54763 3d5640 Sleep 54762->54763 54764 3caecc 54763->54764 54828 3caf20 54764->54828 54767 2e9bb0 std::invalid_argument::invalid_argument 87 API calls 54768 3caef8 54767->54768 54768->54655 54837 3d2f60 54769->54837 54771 3c22d1 54772 3c2323 54771->54772 54773 3d2f60 89 API calls 54771->54773 54775 3c24a3 54772->54775 54842 2ea700 26 API calls collate 54772->54842 54774 3c2348 54773->54774 54776 3d2f60 89 API calls 54774->54776 54778 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 54775->54778 54780 3c2367 54776->54780 54779 3c24bd 54778->54779 54779->54660 54797 2ea240 87 API calls collate 54779->54797 54781 3c2440 54780->54781 54840 2ea700 26 API calls collate 54780->54840 54781->54772 54841 2ea700 26 API calls collate 54781->54841 54784->54661 54785->54673 54786->54682 54787->54690 54788->54691 54789->54675 54790->54675 54791->54675 54792->54675 54794->54689 54795->54689 54796->54689 54797->54660 54798->54672 54800 3727c3 new 29 API calls 54799->54800 54802 3c5197 54800->54802 54802->54710 54821 3e02f6 26 API calls 4 library calls 54802->54821 54803 3e0390 54822 3e039e IsProcessorFeaturePresent 54803->54822 54805 3e039d 54806->54720 54807->54736 54808->54742 54809->54745 54810->54746 54811->54718 54812->54718 54813->54718 54814->54718 54815->54724 54816->54724 54821->54803 54823 3e03a9 54822->54823 54824 3e01a7 _abort 8 API calls 54823->54824 54825 3e03be GetCurrentProcess TerminateProcess 54824->54825 54825->54805 54826->54751 54827->54758 54829 3caed8 54828->54829 54830 3caf5e 54828->54830 54829->54767 54836 372bd7 EnterCriticalSection LeaveCriticalSection WaitForSingleObjectEx __Init_thread_wait __Init_thread_footer 54830->54836 54843 3d59e0 LCMapStringW 54837->54843 54840->54781 54841->54772 54842->54775 54844 3d5a3f 54843->54844 54845 3d5a63 54843->54845 54846 3d5a5e 54844->54846 54849 2e9790 29 API calls 54844->54849 54847 2f7c90 87 API calls 54845->54847 54848 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 54846->54848 54850 3d5a84 LCMapStringW 54847->54850 54851 3d2f7c 54848->54851 54849->54846 54853 3d5ab1 54850->54853 54854 3d5aea 54850->54854 54851->54771 54852 3d5b24 54855 3d5b80 54852->54855 54859 2f0a20 29 API calls 54852->54859 54856 2e9790 29 API calls 54853->54856 54861 3d5ade 54853->54861 54854->54852 54857 3d5b76 54854->54857 54855->54861 54862 2ea700 26 API calls 54855->54862 54856->54861 54858 35bab5 std::invalid_argument::invalid_argument 28 API calls 54857->54858 54858->54855 54859->54852 54860 2ea240 collate 87 API calls 54860->54846 54861->54846 54861->54860 54862->54861 54863->54642 54915 3c5280 54864->54915 54866 3c37f0 54921 3cb690 54866->54921 54869 3cb690 30 API calls 54870 3c3840 54869->54870 54871 3cb690 30 API calls 54870->54871 54872 3c3857 54871->54872 54873 3cb690 30 API calls 54872->54873 54874 3c386e 54873->54874 54875 3cb690 30 API calls 54874->54875 54876 3c3885 54875->54876 54877 3cdb40 54876->54877 54878 3cdb9e 54877->54878 54879 3cdbb6 54877->54879 54878->54879 54880 3cdba6 54878->54880 54881 3cdc2d 54879->54881 54882 3cdbc0 54879->54882 54947 3ca0e0 87 API calls 3 library calls 54880->54947 54949 3c74d0 29 API calls 54881->54949 54885 3cdbca 54882->54885 54888 3cdc1b 54882->54888 54887 2e8500 collate 87 API calls 54885->54887 54886 3cdbb1 54890 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 54886->54890 54889 3cdbd7 54887->54889 54950 3d3980 87 API calls 2 library calls 54888->54950 54891 2e9bb0 std::invalid_argument::invalid_argument 87 API calls 54889->54891 54893 3c75fb 54890->54893 54894 3cdc03 54891->54894 54909 3c4670 54893->54909 54948 3ca1e0 87 API calls 2 library calls 54894->54948 54895 3cdc74 54898 3cdcfc 54895->54898 54899 3cdc88 54895->54899 54897 3cdc0e 54900 2e8440 87 API calls 54897->54900 54898->54886 54953 3ca3c0 101 API calls __cftof 54898->54953 54901 2e8500 collate 87 API calls 54899->54901 54900->54886 54903 3cdc95 54901->54903 54904 2e9bb0 std::invalid_argument::invalid_argument 87 API calls 54903->54904 54905 3cdcd4 54904->54905 54951 3ca1e0 87 API calls 2 library calls 54905->54951 54907 3cdcde 54907->54886 54952 2ea240 87 API calls collate 54907->54952 54910 3c46a4 54909->54910 54911 3c46b9 54909->54911 54954 3c84a0 26 API calls collate 54910->54954 54913 3c46f1 54911->54913 54955 2fe530 87 API calls collate 54911->54955 54913->53422 54916 3c52cb 54915->54916 54917 3c52e3 54915->54917 54918 3c52dd 54916->54918 54934 35ba95 28 API calls 2 library calls 54916->54934 54917->54866 54935 2fe7f0 29 API calls 2 library calls 54918->54935 54936 3cb7a0 54921->54936 54923 3cb77d 54925 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 54923->54925 54928 3c3829 54925->54928 54926 3cb6f8 54927 3cb742 54926->54927 54944 3d59a0 LCMapStringW 54926->54944 54930 3cb7a0 29 API calls 54927->54930 54928->54869 54929 2e9790 29 API calls 54929->54926 54932 3cb75f 54930->54932 54932->54923 54945 2ea700 26 API calls collate 54932->54945 54934->54918 54935->54917 54937 3cb7e3 54936->54937 54942 3cb871 54936->54942 54938 2e9790 29 API calls 54937->54938 54939 3cb80a 54937->54939 54938->54939 54939->54942 54946 2ea700 26 API calls collate 54939->54946 54940 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 54941 3cb6cd 54940->54941 54941->54923 54941->54926 54941->54929 54942->54940 54944->54926 54945->54923 54946->54942 54947->54886 54948->54897 54949->54888 54950->54895 54951->54907 54952->54886 54953->54886 54954->54911 54955->54913 54956->54558 54957->54560 54958->54565 54959->53441 54960->53444 54962 328f11 GetModuleFileNameW 54961->54962 54962->53457 54962->53458 54963->53462 54965 3727c3 new 29 API calls 54964->54965 54966 2eac43 54965->54966 54967 35bdd1 std::locale::_Init 45 API calls 54966->54967 54968 2eac5a GetLastError 54967->54968 54969 2ebe80 54968->54969 54970 2ebec3 54969->54970 54976 2ebf46 54970->54976 54980 2ed910 54970->54980 54973 2ec0e8 54974 2ec102 54973->54974 55009 2ed9e0 87 API calls 54973->55009 54977 30fa00 87 API calls 54974->54977 54976->54973 54986 2e3000 54976->54986 54977->53470 54978->53472 54981 2ed947 54980->54981 54982 2ed9c1 54980->54982 55010 2ed180 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 54981->55010 54984 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 54982->54984 54985 2ed9d9 54984->54985 54985->54976 54987 2e302b 54986->54987 54988 2e3019 54986->54988 54987->54973 54989 2e301f 54988->54989 55011 3d83e3 54988->55011 54990 2e3024 54989->54990 55014 2eb8a0 34 API calls __Init_thread_footer 54989->55014 54992 2e3029 54990->54992 55016 2eb8a0 34 API calls __Init_thread_footer 54990->55016 55018 2eb8a0 34 API calls __Init_thread_footer 54992->55018 54995 2e303f 55015 2e2e80 87 API calls collate 54995->55015 54996 2e306c 55017 2e2e80 87 API calls collate 54996->55017 55000 2e3099 55019 2e2e80 87 API calls collate 55000->55019 55001 2e3050 55002 3d83e3 __CxxThrowException@8 KiUserExceptionDispatcher 55001->55002 55002->54990 55003 2e307d 55005 3d83e3 __CxxThrowException@8 KiUserExceptionDispatcher 55003->55005 55005->54992 55006 2e30aa 55007 3d83e3 __CxxThrowException@8 KiUserExceptionDispatcher 55006->55007 55008 2e30c1 55007->55008 55009->54974 55010->54982 55012 3d8403 55011->55012 55013 3d8435 KiUserExceptionDispatcher 55012->55013 55013->54989 55014->54995 55015->55001 55016->54996 55017->55003 55018->55000 55019->55006 55020->53480 55021->53496 55022->53489 55023->53488 55024->53494 55026 3727c3 new 29 API calls 55025->55026 55027 31182e 55026->55027 55028 3092fd 55027->55028 55032 2f59c0 55027->55032 55028->53501 55028->53504 55030->53504 55031->53505 55133 2f7360 55032->55133 55037 328ec0 89 API calls 55038 2f5a33 55037->55038 55147 3775e0 55038->55147 55043 2ebb00 29 API calls 55044 2f5a6c 55043->55044 55134 37a880 118 API calls 55133->55134 55135 2f7393 55134->55135 55262 37efb0 55135->55262 55137 2f73a5 55265 37f0c0 55137->55265 55144 2e3340 55311 2eb9c0 55144->55311 55150 377624 55147->55150 55148 377688 55149 2e9790 29 API calls 55148->55149 55159 37767e 55149->55159 55150->55148 55152 377659 55150->55152 55321 377310 55152->55321 55155 3776e1 55160 37770b 55155->55160 55331 2ea700 26 API calls collate 55155->55331 55156 2e9890 29 API calls 55156->55159 55157 377747 55161 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 55157->55161 55317 328800 55159->55317 55160->55157 55332 2ea700 26 API calls collate 55160->55332 55163 2f5a45 55161->55163 55164 378b70 55163->55164 55165 3775e0 37 API calls 55164->55165 55166 378bae 55165->55166 55167 377310 37 API calls 55166->55167 55168 378bba 55167->55168 55335 376ff0 55168->55335 55170 378bd6 55171 376ff0 29 API calls 55170->55171 55172 378bee 55171->55172 55347 377c40 55172->55347 55174 378bf3 55175 378cf5 55174->55175 55391 377270 37 API calls __Init_thread_footer 55174->55391 55177 328800 26 API calls 55175->55177 55178 378d00 55177->55178 55202 378cf3 55178->55202 55393 2ea700 26 API calls collate 55178->55393 55180 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 55183 2f5a57 55180->55183 55181 378c0a 55182 376ff0 29 API calls 55181->55182 55184 378c26 55182->55184 55183->55043 55185 376ff0 29 API calls 55184->55185 55186 378c3e 55185->55186 55187 377c40 37 API calls 55186->55187 55202->55180 55263 3727c3 new 29 API calls 55262->55263 55264 37efbe 55263->55264 55264->55137 55266 37f0cc _Yarn 55265->55266 55267 2f73c0 55266->55267 55268 3d83e3 __CxxThrowException@8 KiUserExceptionDispatcher 55266->55268 55270 380fa0 55267->55270 55269 37f0fe 55268->55269 55276 380d00 55270->55276 55273 37f140 55303 37f160 55273->55303 55291 380d47 55276->55291 55277 380efc 55279 380f13 55277->55279 55301 380b00 39 API calls 55277->55301 55281 2f7402 55279->55281 55302 372bd7 EnterCriticalSection LeaveCriticalSection WaitForSingleObjectEx __Init_thread_wait __Init_thread_footer 55279->55302 55281->55273 55283 3727c3 new 29 API calls 55283->55291 55291->55277 55291->55283 55294 37e5a0 116 API calls 55291->55294 55295 380770 39 API calls 55291->55295 55296 372bd7 EnterCriticalSection LeaveCriticalSection WaitForSingleObjectEx __Init_thread_wait __Init_thread_footer 55291->55296 55297 372a71 29 API calls __onexit 55291->55297 55298 372b98 SetEvent ResetEvent EnterCriticalSection LeaveCriticalSection __Init_thread_footer 55291->55298 55299 380c50 29 API calls new 55291->55299 55300 380370 39 API calls 55291->55300 55294->55291 55295->55291 55297->55291 55298->55291 55299->55291 55300->55291 55301->55279 55305 37f17a 55303->55305 55304 3727c3 new 29 API calls 55306 37f1bb 55304->55306 55305->55304 55308 2f5a0d GetCurrentProcessId 55305->55308 55306->55308 55310 3e0381 26 API calls 2 library calls 55306->55310 55308->55144 55312 2eb9e4 55311->55312 55312->55312 55313 2eba29 55312->55313 55314 2e9790 29 API calls 55312->55314 55315 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 55313->55315 55314->55313 55316 2e3358 55315->55316 55316->55037 55319 328839 55317->55319 55318 32885c 55318->55155 55319->55318 55333 2ea700 26 API calls collate 55319->55333 55322 37734e 55321->55322 55330 37738e 55321->55330 55334 372bd7 EnterCriticalSection LeaveCriticalSection WaitForSingleObjectEx __Init_thread_wait __Init_thread_footer 55322->55334 55330->55156 55331->55160 55332->55157 55333->55318 55336 37704c 55335->55336 55394 378d40 55336->55394 55339 37709e 55345 3770ba 55339->55345 55397 2ea700 26 API calls collate 55339->55397 55340 2e9890 29 API calls 55340->55339 55342 37712c 55343 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 55342->55343 55344 377146 55343->55344 55344->55170 55345->55342 55346 2e9790 29 API calls 55345->55346 55346->55342 55378 377c70 55347->55378 55348 377dce 55351 377e04 55348->55351 55355 377de2 55348->55355 55399 3e0381 26 API calls 2 library calls 55348->55399 55349 377d55 55349->55348 55349->55351 55398 3e0381 26 API calls 2 library calls 55349->55398 55352 377e42 55351->55352 55353 377e78 55351->55353 55403 3e0381 26 API calls 2 library calls 55351->55403 55352->55353 55357 377e56 55352->55357 55404 3e0381 26 API calls 2 library calls 55352->55404 55354 377eb3 55353->55354 55359 377ee9 55353->55359 55408 3e0381 26 API calls 2 library calls 55353->55408 55354->55359 55365 377ec7 55354->55365 55409 3e0381 26 API calls 2 library calls 55354->55409 55362 377dee 55355->55362 55400 3e0381 26 API calls 2 library calls 55355->55400 55367 377e62 55357->55367 55405 3e0381 26 API calls 2 library calls 55357->55405 55360 377f27 55359->55360 55369 377f5c 55359->55369 55413 3e0381 26 API calls 2 library calls 55359->55413 55360->55369 55376 377f3a 55360->55376 55414 3e0381 26 API calls 2 library calls 55360->55414 55364 377dfa 55362->55364 55401 3e0381 26 API calls 2 library calls 55362->55401 55364->55351 55402 3e0381 26 API calls 2 library calls 55364->55402 55373 377ed3 55365->55373 55410 3e0381 26 API calls 2 library calls 55365->55410 55375 377e6e 55367->55375 55406 3e0381 26 API calls 2 library calls 55367->55406 55369->55174 55372 378070 37 API calls 55372->55378 55380 377edf 55373->55380 55411 3e0381 26 API calls 2 library calls 55373->55411 55375->55353 55407 3e0381 26 API calls 2 library calls 55375->55407 55383 377f46 55376->55383 55415 3e0381 26 API calls 2 library calls 55376->55415 55378->55349 55378->55372 55380->55359 55412 3e0381 26 API calls 2 library calls 55380->55412 55384 377f52 55383->55384 55416 3e0381 26 API calls 2 library calls 55383->55416 55384->55369 55417 3e0381 26 API calls 2 library calls 55384->55417 55391->55181 55393->55202 55395 2e9890 29 API calls 55394->55395 55396 377087 55395->55396 55396->55339 55396->55340 55397->55345 55638 3727c3 new 29 API calls 55637->55638 55639 30585a 55638->55639 55661 3157c0 55639->55661 55641 30589e 55664 305390 55641->55664 55645 3058c6 55645->53516 55647 375e7d 55646->55647 55648 372720 34 API calls 55647->55648 55649 375eba 55647->55649 55648->55649 55649->53524 55861 305600 55650->55861 55652 305962 55652->53524 55653->53524 55654->53570 55655->53564 55656->53564 55657->53540 55658->53542 55659->53565 55660->53565 55678 3180f0 55661->55678 55663 3157f6 55663->55641 55665 3727c3 new 29 API calls 55664->55665 55666 3053c2 55665->55666 55681 315710 55666->55681 55668 305411 55684 374fd0 55668->55684 55671 30ffd0 55672 30ffe1 55671->55672 55673 310018 55671->55673 55672->55673 55674 30ffe7 55672->55674 55677 30fff9 55673->55677 55860 3102b0 29 API calls std::invalid_argument::invalid_argument 55673->55860 55674->55677 55859 3102b0 29 API calls std::invalid_argument::invalid_argument 55674->55859 55677->55645 55679 3727c3 new 29 API calls 55678->55679 55680 318131 55679->55680 55680->55663 55712 318050 55681->55712 55683 315742 55683->55668 55715 3758e0 55684->55715 55686 375202 55687 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 55686->55687 55688 305423 55687->55688 55688->55671 55690 2e9790 29 API calls 55691 3750a9 55690->55691 55731 374c10 55691->55731 55694 3750e8 55696 3750ff 55694->55696 55697 37511d 55694->55697 55700 3758e0 87 API calls 55696->55700 55698 2e9890 29 API calls 55697->55698 55701 375115 55697->55701 55699 37514f 55698->55699 55702 2f4b90 29 API calls 55699->55702 55700->55701 55701->55686 55791 2ea700 26 API calls collate 55701->55791 55703 375161 55702->55703 55704 37517a 55703->55704 55706 2e9890 29 API calls 55703->55706 55707 2e8240 26 API calls 55704->55707 55706->55704 55708 37519a 55707->55708 55709 2e8240 26 API calls 55708->55709 55710 3751a2 55709->55710 55710->55701 55755 375220 55710->55755 55713 3727c3 new 29 API calls 55712->55713 55714 318091 55713->55714 55714->55683 55716 37591b 55715->55716 55717 375928 55715->55717 55719 375926 55716->55719 55792 372720 55716->55792 55718 37595a 55717->55718 55722 2e8500 collate 87 API calls 55717->55722 55723 372720 34 API calls 55718->55723 55720 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 55719->55720 55724 375020 55720->55724 55725 375935 55722->55725 55723->55719 55724->55686 55724->55690 55726 372720 34 API calls 55725->55726 55727 37593d 55726->55727 55800 374050 29 API calls 2 library calls 55727->55800 55729 37594c 55730 3d83e3 __CxxThrowException@8 KiUserExceptionDispatcher 55729->55730 55730->55718 55732 2e9890 29 API calls 55731->55732 55733 374c7c 55732->55733 55733->55733 55734 2ed7e0 29 API calls 55733->55734 55735 374d03 FindFirstFileW 55734->55735 55736 374d29 GetLastError 55735->55736 55740 374d6f 55735->55740 55737 374d3c GetLastError 55736->55737 55738 374d49 55736->55738 55737->55738 55739 374d43 GetLastError 55737->55739 55742 372720 34 API calls 55738->55742 55739->55738 55741 2e9790 29 API calls 55740->55741 55747 374da8 55741->55747 55750 374d50 55742->55750 55743 374e41 55744 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 55743->55744 55748 374e5b 55744->55748 55745 372720 34 API calls 55745->55750 55753 374db5 55747->55753 55802 328790 29 API calls 55747->55802 55748->55694 55754 2ea700 26 API calls collate 55748->55754 55750->55743 55803 2ea700 26 API calls collate 55750->55803 55751 374df0 55752 2e8240 26 API calls 55751->55752 55752->55753 55753->55745 55754->55694 55756 372720 34 API calls 55755->55756 55757 375293 55756->55757 55804 374e60 FindNextFileW 55757->55804 55759 375357 55820 378260 55759->55820 55762 372720 34 API calls 55763 3752ae 55762->55763 55763->55759 55763->55762 55764 3753ff 55763->55764 55768 374e60 40 API calls 55763->55768 55771 37546b 55763->55771 55765 2e9890 29 API calls 55764->55765 55768->55763 55772 37551e 55771->55772 55852 2ea700 26 API calls collate 55771->55852 55791->55686 55793 37275e 55792->55793 55799 372788 55792->55799 55801 372bd7 EnterCriticalSection LeaveCriticalSection WaitForSingleObjectEx __Init_thread_wait __Init_thread_footer 55793->55801 55799->55719 55800->55729 55802->55751 55803->55743 55805 374ebc GetLastError 55804->55805 55810 374ef1 55804->55810 55806 374ed0 FindClose 55805->55806 55807 374edd 55805->55807 55806->55807 55808 372720 34 API calls 55807->55808 55809 374ee2 55808->55809 55812 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 55809->55812 55811 2e9790 29 API calls 55810->55811 55813 374f32 55811->55813 55815 374fcc 55812->55815 55814 374f3f 55813->55814 55853 328790 29 API calls 55813->55853 55816 372720 34 API calls 55814->55816 55815->55763 55816->55809 55818 374f7a 55819 2e8240 26 API calls 55818->55819 55819->55814 55852->55772 55853->55818 55859->55677 55860->55677 55862 372720 34 API calls 55861->55862 55863 305645 55862->55863 55876 3054d0 55863->55876 55865 3057b5 55866 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 55865->55866 55867 3057cd 55866->55867 55867->55652 55868 375220 92 API calls 55874 305653 55868->55874 55869 305770 55869->55865 55870 2e8500 collate 87 API calls 55869->55870 55871 30578e 55870->55871 55889 304ef0 29 API calls 3 library calls 55871->55889 55873 3057a7 55875 3d83e3 __CxxThrowException@8 KiUserExceptionDispatcher 55873->55875 55874->55865 55874->55868 55874->55869 55875->55865 55877 372720 34 API calls 55876->55877 55878 30550c 55877->55878 55879 305535 55878->55879 55888 305516 55878->55888 55900 305340 92 API calls 55878->55900 55879->55888 55890 3052f0 55879->55890 55881 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 55883 3055f8 55881->55883 55883->55874 55886 30557f 55887 30ffd0 29 API calls 55886->55887 55886->55888 55887->55888 55888->55881 55889->55873 55891 375e70 34 API calls 55890->55891 55892 30531d 55891->55892 55892->55888 55893 305440 55892->55893 55894 3727c3 new 29 API calls 55893->55894 55895 30546c 55894->55895 55896 315710 29 API calls 55895->55896 55897 3054ab 55896->55897 55898 374fd0 96 API calls 55897->55898 55899 3054b7 55898->55899 55899->55886 55900->55879 55901->53583 55902->53587 55917 37c6d0 119 API calls new 55903->55917 55939->53613 55942 37aae3 55941->55942 55943 37aa5b 55941->55943 55947 379c10 55942->55947 55965 37f410 94 API calls 55943->55965 58210->54420 59075 37f710 59078 2f6d50 59075->59078 59076 37f724 59079 37f0c0 KiUserExceptionDispatcher 59078->59079 59080 2f6d84 59079->59080 59081 2f6dea 59080->59081 59084 2f6e40 GetSystemTimeAsFileTime 59080->59084 59081->59076 59085 2f6e97 __aulldiv 59084->59085 59110 2f4d00 59085->59110 59087 2f6eef 59088 2f6f09 59087->59088 59121 2f4da0 87 API calls 3 library calls 59087->59121 59092 2f6f3d 59088->59092 59123 2f4ee0 87 API calls 3 library calls 59088->59123 59090 2f6ee2 59120 2f9670 87 API calls __CxxThrowException@8 59090->59120 59096 2f6f5a 59092->59096 59125 2f4ee0 87 API calls 3 library calls 59092->59125 59094 2f6efc 59122 2f9670 87 API calls __CxxThrowException@8 59094->59122 59127 2f6980 87 API calls 59096->59127 59099 2f6f30 59124 2fa440 87 API calls __CxxThrowException@8 59099->59124 59101 2f6f72 59128 2f4f80 87 API calls 3 library calls 59101->59128 59103 2f6f4d 59126 2fa440 87 API calls __CxxThrowException@8 59103->59126 59106 2f6f7a 59107 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 59106->59107 59108 2f6da5 59107->59108 59108->59076 59129 3e4ad7 59110->59129 59113 2f4d79 59114 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 59113->59114 59116 2f4d8e 59114->59116 59115 3d6a34 ___std_exception_copy 26 API calls 59117 2f4d5f 59115->59117 59116->59087 59119 2f4da0 87 API calls 3 library calls 59116->59119 59134 2f9400 87 API calls __CxxThrowException@8 59117->59134 59119->59090 59121->59094 59123->59099 59125->59103 59127->59101 59128->59106 59135 3ec678 59129->59135 59133 2f4d31 59133->59113 59133->59115 59136 3f7144 _abort 20 API calls 59135->59136 59137 3ec680 59136->59137 59138 3e4ae2 59137->59138 59143 3ec69e 59137->59143 59179 3ee0d4 59137->59179 59138->59133 59144 3e484d 59138->59144 59142 3ee435 _free 20 API calls 59142->59143 59143->59138 59186 3e4d69 20 API calls _abort 59143->59186 59145 3e485d 59144->59145 59146 3e4870 59144->59146 59204 3e4d69 20 API calls _abort 59145->59204 59147 3e4882 59146->59147 59157 3e4895 59146->59157 59206 3e4d69 20 API calls _abort 59147->59206 59150 3e4862 59205 3e0371 26 API calls _Mpunct 59150->59205 59151 3e4887 59207 3e0371 26 API calls _Mpunct 59151->59207 59152 3e48b5 59208 3e4d69 20 API calls _abort 59152->59208 59153 3e48c8 59189 3f902d 59153->59189 59157->59152 59157->59153 59159 3e486c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 59159->59133 59160 3e48cd 59197 3f8862 59160->59197 59162 3e48df 59163 3e4acc 59162->59163 59209 3f888e 59162->59209 59164 3e039e __Getcoll 11 API calls 59163->59164 59166 3e4ad6 59164->59166 59168 3ec678 21 API calls 59166->59168 59167 3e48f1 59167->59163 59216 3f88ba 59167->59216 59170 3e4ae2 59168->59170 59172 3e4af1 59170->59172 59173 3e484d 48 API calls 59170->59173 59171 3e4903 59171->59163 59175 3e490c 59171->59175 59172->59133 59173->59172 59174 3e4994 59174->59159 59224 3f907e 26 API calls 2 library calls 59174->59224 59175->59174 59177 3e4930 59175->59177 59177->59159 59223 3f907e 26 API calls 2 library calls 59177->59223 59180 3ee112 59179->59180 59184 3ee0e2 ___crtLCMapStringA 59179->59184 59188 3e4d69 20 API calls _abort 59180->59188 59182 3ee0fd RtlAllocateHeap 59183 3ec694 59182->59183 59182->59184 59183->59142 59184->59180 59184->59182 59187 3f04ed 7 API calls 2 library calls 59184->59187 59186->59138 59187->59184 59188->59183 59190 3f9039 ___unDName 59189->59190 59191 3f906f ___unDName 59190->59191 59225 3ed895 EnterCriticalSection 59190->59225 59191->59160 59193 3f9049 59194 3f905c 59193->59194 59226 3f8f4d 59193->59226 59244 3f9075 LeaveCriticalSection std::_Lockit::~_Lockit 59194->59244 59198 3f886e 59197->59198 59199 3f8883 59197->59199 59357 3e4d69 20 API calls _abort 59198->59357 59199->59162 59201 3f8873 59358 3e0371 26 API calls _Mpunct 59201->59358 59203 3f887e 59203->59162 59204->59150 59205->59159 59206->59151 59207->59159 59208->59159 59210 3f88af 59209->59210 59211 3f889a 59209->59211 59210->59167 59359 3e4d69 20 API calls _abort 59211->59359 59213 3f889f 59360 3e0371 26 API calls _Mpunct 59213->59360 59215 3f88aa 59215->59167 59217 3f88db 59216->59217 59218 3f88c6 59216->59218 59217->59171 59361 3e4d69 20 API calls _abort 59218->59361 59220 3f88cb 59362 3e0371 26 API calls _Mpunct 59220->59362 59222 3f88d6 59222->59171 59223->59159 59224->59159 59225->59193 59228 3f8f99 __cftoe 59226->59228 59227 3f8fa0 59230 3f9010 59227->59230 59234 3f9007 59227->59234 59228->59227 59229 3ee0d4 ___crtLCMapStringA 21 API calls 59228->59229 59233 3f8fb8 __cftoe 59229->59233 59231 3f900d 59230->59231 59306 3f8df2 59230->59306 59236 3ee435 _free 20 API calls 59231->59236 59240 3f8fe5 59233->59240 59241 3f8fbf 59233->59241 59245 3f8c1d 59234->59245 59237 3f901b 59236->59237 59238 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 59237->59238 59242 3f9029 59238->59242 59239 3ee435 _free 20 API calls 59239->59227 59243 3ee435 _free 20 API calls 59240->59243 59241->59239 59242->59194 59243->59227 59244->59191 59246 3f8c2c __cftoe 59245->59246 59247 3f88ba __cftoe 26 API calls 59246->59247 59248 3f8c42 59247->59248 59249 3f8dbc 59248->59249 59250 3f8862 __cftoe 26 API calls 59248->59250 59251 3e039e __Getcoll 11 API calls 59249->59251 59304 3f8dc5 __cftoe 59249->59304 59254 3f8c54 59250->59254 59252 3f8df1 __cftoe 59251->59252 59255 3f88ba __cftoe 26 API calls 59252->59255 59253 3ee435 _free 20 API calls 59256 3f8ca4 59253->59256 59254->59249 59254->59253 59254->59304 59257 3f8e17 59255->59257 59261 3ee0d4 ___crtLCMapStringA 21 API calls 59256->59261 59258 3f8f42 59257->59258 59260 3f8862 __cftoe 26 API calls 59257->59260 59259 3e039e __Getcoll 11 API calls 59258->59259 59266 3f8f4c __cftoe 59259->59266 59262 3f8e29 59260->59262 59263 3f8cbc 59261->59263 59262->59258 59265 3f888e __cftoe 26 API calls 59262->59265 59264 3ee435 _free 20 API calls 59263->59264 59269 3f8cc8 59264->59269 59267 3f8e3b 59265->59267 59272 3ee0d4 ___crtLCMapStringA 21 API calls 59266->59272 59291 3f8fa0 59266->59291 59267->59258 59268 3f8e44 59267->59268 59270 3ee435 _free 20 API calls 59268->59270 59269->59304 59342 3f6cf4 26 API calls _Mpunct 59269->59342 59274 3f8e4f GetTimeZoneInformation 59270->59274 59284 3f8fb8 __cftoe 59272->59284 59273 3f9010 59275 3f900d 59273->59275 59276 3f8df2 __cftoe 45 API calls 59273->59276 59285 3f8e6b 59274->59285 59294 3f8f0c __cftoe 59274->59294 59280 3ee435 _free 20 API calls 59275->59280 59276->59275 59277 3f8cf2 59277->59249 59343 3faca7 26 API calls _Mpunct 59277->59343 59278 3f9007 59279 3f8c1d __cftoe 45 API calls 59278->59279 59279->59275 59282 3f901b 59280->59282 59281 3f8fbf 59287 3ee435 _free 20 API calls 59281->59287 59286 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 59282->59286 59284->59281 59288 3f8fe5 59284->59288 59348 3edbe4 59285->59348 59290 3f9029 59286->59290 59287->59291 59292 3ee435 _free 20 API calls 59288->59292 59290->59231 59291->59273 59291->59278 59292->59291 59294->59231 59295 3f8ede WideCharToMultiByte 59295->59294 59296 3f8d0b 59296->59249 59344 3e4463 42 API calls UnDecorator::getTemplateArgumentList 59296->59344 59299 3f8d33 59300 3f8d7f 59299->59300 59345 3e4463 42 API calls UnDecorator::getTemplateArgumentList 59299->59345 59300->59304 59347 3faca7 26 API calls _Mpunct 59300->59347 59303 3f8d5a 59303->59300 59346 3e4463 42 API calls UnDecorator::getTemplateArgumentList 59303->59346 59304->59231 59307 3f8e01 __cftoe 59306->59307 59308 3f88ba __cftoe 26 API calls 59307->59308 59309 3f8e17 59308->59309 59310 3f8f42 59309->59310 59312 3f8862 __cftoe 26 API calls 59309->59312 59311 3e039e __Getcoll 11 API calls 59310->59311 59315 3f8f4c __cftoe 59311->59315 59313 3f8e29 59312->59313 59313->59310 59314 3f888e __cftoe 26 API calls 59313->59314 59316 3f8e3b 59314->59316 59319 3ee0d4 ___crtLCMapStringA 21 API calls 59315->59319 59336 3f8fa0 59315->59336 59316->59310 59317 3f8e44 59316->59317 59318 3ee435 _free 20 API calls 59317->59318 59321 3f8e4f GetTimeZoneInformation 59318->59321 59329 3f8fb8 __cftoe 59319->59329 59320 3f9010 59322 3f900d 59320->59322 59323 3f8df2 __cftoe 45 API calls 59320->59323 59330 3f8e6b 59321->59330 59339 3f8f0c __cftoe 59321->59339 59326 3ee435 _free 20 API calls 59322->59326 59323->59322 59324 3f9007 59325 3f8c1d __cftoe 45 API calls 59324->59325 59325->59322 59328 3f901b 59326->59328 59327 3f8fbf 59332 3ee435 _free 20 API calls 59327->59332 59331 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 59328->59331 59329->59327 59333 3f8fe5 59329->59333 59334 3edbe4 __Toupper 38 API calls 59330->59334 59335 3f9029 59331->59335 59332->59336 59337 3ee435 _free 20 API calls 59333->59337 59338 3f8ec0 WideCharToMultiByte 59334->59338 59335->59231 59336->59320 59336->59324 59337->59336 59340 3f8ede WideCharToMultiByte 59338->59340 59339->59231 59340->59339 59342->59277 59343->59296 59344->59299 59345->59303 59346->59300 59347->59249 59349 3f70c0 __Toupper 38 API calls 59348->59349 59350 3edbef 59349->59350 59353 3f7549 59350->59353 59354 3f755c 59353->59354 59355 3edbff WideCharToMultiByte 59353->59355 59354->59355 59356 3ff8ce __Toupper 38 API calls 59354->59356 59355->59295 59356->59355 59357->59201 59358->59203 59359->59213 59360->59215 59361->59220 59362->59222 58211 30bd70 CoInitializeEx 58212 30c114 58211->58212 58215 30bdbb __cftof 58211->58215 58213 3727c3 new 29 API calls 58212->58213 58252 30c17d 58212->58252 58214 30c131 58213->58214 58214->58252 58273 372a71 29 API calls __onexit 58214->58273 58216 30bdff ShellExecuteExW 58215->58216 58219 30bf30 GetLastError 58216->58219 58220 30be29 58216->58220 58217 30c0bd 58223 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58217->58223 58221 30bf4b 58219->58221 58255 30bf50 58219->58255 58222 30bf11 WaitForSingleObject CloseHandle 58220->58222 58225 311320 29 API calls 58220->58225 58270 2f34c0 32 API calls new 58221->58270 58222->58217 58226 30c10a 58223->58226 58227 30be51 58225->58227 58228 30a580 163 API calls 58227->58228 58230 30be63 58228->58230 58229 2f2ab0 143 API calls 58229->58252 58231 311420 87 API calls 58230->58231 58232 30be70 58231->58232 58233 3113c0 87 API calls 58232->58233 58235 30be7f 58233->58235 58234 2f09d0 87 API calls 58234->58252 58237 311210 87 API calls 58235->58237 58236 2f2ab0 143 API calls 58236->58255 58238 30be93 58237->58238 58263 311e80 58238->58263 58241 30bec9 58243 2e8500 collate 87 API calls 58241->58243 58244 30bed9 58243->58244 58246 309450 231 API calls 58244->58246 58245 2f09d0 87 API calls 58245->58255 58247 30beeb 58246->58247 58248 30bef6 58247->58248 58249 30bf09 58247->58249 58269 2ea240 87 API calls collate 58248->58269 58250 3113c0 87 API calls 58249->58250 58250->58222 58252->58217 58252->58229 58252->58234 58254 2f0dc0 87 API calls 58252->58254 58257 2f18f0 87 API calls 58252->58257 58259 37ab20 195 API calls 58252->58259 58274 37cd70 119 API calls 58252->58274 58253 2f0dc0 87 API calls 58253->58255 58254->58252 58255->58217 58255->58236 58255->58245 58255->58253 58260 2f18f0 87 API calls 58255->58260 58262 37ab20 195 API calls 58255->58262 58271 310310 87 API calls 58255->58271 58272 37cd70 119 API calls 58255->58272 58257->58252 58259->58252 58260->58255 58262->58255 58264 35bdd1 std::locale::_Init 45 API calls 58263->58264 58265 311eb5 58264->58265 58275 3162c0 58265->58275 58268 2ea240 87 API calls collate 58268->58241 58269->58249 58270->58255 58271->58255 58272->58255 58273->58252 58274->58252 58276 317bb0 87 API calls 58275->58276 58277 316308 58276->58277 58278 316314 58277->58278 58279 311320 29 API calls 58277->58279 58288 319270 58278->58288 58280 316327 58279->58280 58311 317cb0 87 API calls 4 library calls 58280->58311 58283 316334 58285 3113c0 87 API calls 58283->58285 58285->58278 58286 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58287 30bea7 58286->58287 58287->58241 58287->58268 58312 31c050 58288->58312 58291 31932c 58292 2e9ab0 collate 87 API calls 58291->58292 58296 319358 58292->58296 58293 3192c2 58294 3192d5 58293->58294 58295 2e9bb0 std::invalid_argument::invalid_argument 87 API calls 58293->58295 58297 3192f1 58294->58297 58329 2ea240 87 API calls collate 58294->58329 58295->58294 58330 3d7079 53 API calls 4 library calls 58296->58330 58301 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58297->58301 58299 31936b 58302 31e260 87 API calls 58299->58302 58303 31635e 58301->58303 58304 319379 58302->58304 58303->58286 58305 31e260 87 API calls 58304->58305 58306 319392 58305->58306 58331 31eab0 26 API calls 2 library calls 58306->58331 58308 3193a6 58332 31e460 87 API calls __CxxThrowException@8 58308->58332 58311->58283 58313 31c09f __cftof 58312->58313 58333 30f8d0 58313->58333 58315 31c0b1 58316 2ebe80 87 API calls 58315->58316 58317 31c10a 58316->58317 58318 31c120 58317->58318 58319 31c18f 58317->58319 58321 30f7f0 87 API calls 58318->58321 58345 30f810 26 API calls std::ios_base::_Ios_base_dtor 58319->58345 58322 31c132 collate 58321->58322 58323 31c163 58322->58323 58343 2ea240 87 API calls collate 58322->58343 58344 30f810 26 API calls std::ios_base::_Ios_base_dtor 58323->58344 58324 31c186 std::ios_base::_Ios_base_dtor 58327 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58324->58327 58328 3192b2 58327->58328 58328->58291 58328->58293 58329->58297 58330->58299 58331->58308 58334 30f90a 58333->58334 58335 2e3120 87 API calls 58334->58335 58336 30f94b 58335->58336 58337 2eb650 78 API calls 58336->58337 58338 30f961 58337->58338 58339 30f97a 58338->58339 58341 2e3000 87 API calls 58338->58341 58340 2eac10 45 API calls 58339->58340 58342 30f9ac 58340->58342 58341->58339 58342->58315 58343->58323 58344->58324 58345->58324 58346 30eda0 58347 30a580 163 API calls 58346->58347 58348 30edf6 58347->58348 58413 328210 58348->58413 58350 30ef61 58351 2e9ab0 collate 87 API calls 58350->58351 58353 30ef8e 58351->58353 58352 30ee08 58352->58350 58354 2e9790 29 API calls 58352->58354 58444 3123d0 58353->58444 58356 30ee65 58354->58356 58358 2e9ab0 collate 87 API calls 58356->58358 58360 30ee96 58358->58360 58359 317bb0 87 API calls 58361 30efed 58359->58361 58362 329500 89 API calls 58360->58362 58363 30f02f 58361->58363 58366 311320 29 API calls 58361->58366 58365 30eece 58362->58365 58364 318d20 97 API calls 58363->58364 58367 30f03d 58364->58367 58458 311a00 97 API calls UnDecorator::getTemplateArgumentList 58365->58458 58369 30f007 58366->58369 58371 30f05b 58367->58371 58463 2ea240 87 API calls collate 58367->58463 58462 317cb0 87 API calls 4 library calls 58369->58462 58375 30f098 58371->58375 58464 2ea240 87 API calls collate 58371->58464 58372 30eee8 58376 30ef06 58372->58376 58459 2ea240 87 API calls collate 58372->58459 58373 30f01e 58378 3113c0 87 API calls 58373->58378 58380 2e9ab0 collate 87 API calls 58375->58380 58377 30ef3f 58376->58377 58460 2ea240 87 API calls collate 58376->58460 58377->58350 58461 2ea700 26 API calls collate 58377->58461 58378->58363 58383 30f0c5 58380->58383 58385 309450 231 API calls 58383->58385 58386 30f0da 58385->58386 58387 30f0fc 58386->58387 58465 2ea240 87 API calls collate 58386->58465 58389 30a580 163 API calls 58387->58389 58390 30f107 58389->58390 58391 311420 87 API calls 58390->58391 58392 30f117 58391->58392 58393 30f12d std::ios_base::_Ios_base_dtor 58392->58393 58466 315070 87 API calls collate 58392->58466 58394 30f15e 58393->58394 58467 2ea240 87 API calls collate 58393->58467 58397 2e9ab0 collate 87 API calls 58394->58397 58398 30f192 58397->58398 58453 312570 58398->58453 58401 30f1f2 58403 2e8500 collate 87 API calls 58401->58403 58404 30f202 58403->58404 58405 309450 231 API calls 58404->58405 58406 30f217 58405->58406 58407 30f235 58406->58407 58469 2ea240 87 API calls collate 58406->58469 58408 3113c0 87 API calls 58407->58408 58410 30f240 58408->58410 58411 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58410->58411 58412 30f257 58411->58412 58414 3d7830 __cftof 58413->58414 58415 328254 GetVersionExW 58414->58415 58416 328272 58415->58416 58417 328283 GetModuleHandleW GetProcAddress 58415->58417 58420 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58416->58420 58418 3282a9 GetSystemInfo 58417->58418 58419 32829e GetNativeSystemInfo 58417->58419 58422 3282b6 58418->58422 58419->58422 58421 32827f 58420->58421 58421->58352 58423 3286ec 58422->58423 58428 3282d3 58422->58428 58471 3280a0 76 API calls UnDecorator::getTemplateConstant 58423->58471 58425 3286f6 58426 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58425->58426 58427 328707 58426->58427 58427->58352 58429 328496 58428->58429 58430 328347 58428->58430 58436 328313 58428->58436 58431 3284ae GetSystemMetrics 58429->58431 58429->58436 58432 32835c 58430->58432 58434 3283c6 GetModuleHandleW GetProcAddress 58430->58434 58431->58436 58432->58434 58435 3283f6 58434->58435 58435->58436 58470 328140 51 API calls UnDecorator::getTemplateConstant 58436->58470 58437 3286c9 58440 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58437->58440 58438 328684 58438->58437 58439 3286ab 58438->58439 58442 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58439->58442 58441 3286e8 58440->58441 58441->58352 58443 3286c5 58442->58443 58443->58352 58448 312434 58444->58448 58445 31254d 58446 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58445->58446 58447 30efc1 58446->58447 58447->58359 58448->58445 58472 31d080 87 API calls std::invalid_argument::invalid_argument 58448->58472 58450 2f8a00 87 API calls 58451 31248c 58450->58451 58451->58445 58451->58450 58452 2eaa90 28 API calls std::invalid_argument::invalid_argument 58451->58452 58452->58451 58454 35bdd1 std::locale::_Init 45 API calls 58453->58454 58455 3125a5 58454->58455 58473 3169b0 58455->58473 58458->58372 58459->58376 58460->58377 58461->58350 58462->58373 58463->58371 58464->58375 58465->58387 58466->58393 58467->58394 58468 2ea240 87 API calls collate 58468->58401 58469->58407 58470->58438 58471->58425 58472->58451 58474 317bb0 87 API calls 58473->58474 58475 3169f8 58474->58475 58476 316a04 58475->58476 58477 311320 29 API calls 58475->58477 58486 31a6c0 58476->58486 58478 316a17 58477->58478 58509 317cb0 87 API calls 4 library calls 58478->58509 58480 316a24 58482 3113c0 87 API calls 58480->58482 58482->58476 58484 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58485 30f1d0 58484->58485 58485->58401 58485->58468 58510 31beb0 58486->58510 58489 31a714 58491 31a727 58489->58491 58493 2e9bb0 std::invalid_argument::invalid_argument 87 API calls 58489->58493 58490 31a77e 58492 2e9ab0 collate 87 API calls 58490->58492 58495 31a743 58491->58495 58527 2ea240 87 API calls collate 58491->58527 58494 31a7aa 58492->58494 58493->58491 58528 3d7079 53 API calls 4 library calls 58494->58528 58498 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58495->58498 58501 316a50 58498->58501 58499 31a7bd 58500 31e260 87 API calls 58499->58500 58502 31a7cb 58500->58502 58501->58484 58503 31e260 87 API calls 58502->58503 58504 31a7e4 58503->58504 58529 31eab0 26 API calls 2 library calls 58504->58529 58506 31a7f8 58530 31e460 87 API calls __CxxThrowException@8 58506->58530 58509->58480 58511 31beff __cftof 58510->58511 58512 30f8d0 87 API calls 58511->58512 58513 31bf11 58512->58513 58531 31d3f0 58513->58531 58516 31c00b 58543 30f810 26 API calls std::ios_base::_Ios_base_dtor 58516->58543 58517 31bf9c 58519 30f7f0 87 API calls 58517->58519 58520 31bfae collate 58519->58520 58521 31bfdf 58520->58521 58541 2ea240 87 API calls collate 58520->58541 58542 30f810 26 API calls std::ios_base::_Ios_base_dtor 58521->58542 58524 31c002 std::ios_base::_Ios_base_dtor 58525 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58524->58525 58526 31a704 58525->58526 58526->58489 58526->58490 58527->58495 58528->58499 58529->58506 58532 31d435 58531->58532 58533 31d45e 58532->58533 58534 2ed910 5 API calls 58532->58534 58540 31d491 58533->58540 58544 2fa030 58533->58544 58534->58533 58535 2e3000 87 API calls 58538 31d549 58535->58538 58537 31bf89 58537->58516 58537->58517 58538->58537 58561 2ed9e0 87 API calls 58538->58561 58540->58535 58540->58538 58541->58521 58542->58524 58543->58524 58545 35bb22 std::_Lockit::_Lockit 2 API calls 58544->58545 58546 2fa06b 58545->58546 58547 35bb22 std::_Lockit::_Lockit 2 API calls 58546->58547 58551 2fa0ae std::locale::_Locimp::_Makexloc 58546->58551 58548 2fa08e 58547->58548 58550 35bb7a std::_Lockit::~_Lockit 2 API calls 58548->58550 58549 35bb7a std::_Lockit::~_Lockit 2 API calls 58552 2fa158 58549->58552 58550->58551 58560 2fa0ec 58551->58560 58562 2fc220 58551->58562 58553 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58552->58553 58554 2fa172 58553->58554 58554->58540 58557 3d83e3 __CxxThrowException@8 KiUserExceptionDispatcher 58558 2fa128 58557->58558 58570 35bd9d 29 API calls new 58558->58570 58560->58549 58561->58537 58563 2fa0fc 58562->58563 58564 2fc255 58562->58564 58563->58557 58563->58558 58564->58563 58565 3727c3 new 29 API calls 58564->58565 58566 2fc261 58565->58566 58571 2e25b0 58566->58571 58570->58560 58572 35bb22 std::_Lockit::_Lockit 2 API calls 58571->58572 58573 2e25ec 58572->58573 58574 2e2670 58573->58574 58576 3d6a34 ___std_exception_copy 26 API calls 58573->58576 58587 35bed4 58574->58587 58578 2e2658 58576->58578 58577 2e2677 58579 3727a4 UnDecorator::getTemplateArgumentList 5 API calls 58577->58579 58580 3d83e3 __CxxThrowException@8 KiUserExceptionDispatcher 58578->58580 58581 2e2693 58579->58581 58580->58574 58582 2e26a0 58581->58582 58615 35bf1f 58582->58615 58584 2e26cb 58585 35bb7a std::_Lockit::~_Lockit 2 API calls 58584->58585 58586 2e275f 58585->58586 58586->58563 58592 3ed9a3 58587->58592 58589 35bee0 _Yarn 58590 3ed9a3 std::_Locinfo::_Locinfo_ctor 73 API calls 58589->58590 58591 35bf08 _Yarn 58589->58591 58590->58591 58591->58577 58593 3ed9af ___unDName 58592->58593 58594 3ed906 std::_Locinfo::_Locinfo_ctor 73 API calls 58593->58594 58595 3ed9bb 58594->58595 58596 3f70c0 __Toupper 38 API calls 58595->58596 58599 3ed9c3 ___unDName 58595->58599 58597 3ed9cf 58596->58597 58598 3fbbc1 std::_Locinfo::_Locinfo_ctor 43 API calls 58597->58598 58603 3ed9f4 58598->58603 58599->58589 58600 3ee0d4 ___crtLCMapStringA 21 API calls 58600->58603 58601 3e039e __Getcoll 11 API calls 58601->58603 58602 3fbbc1 std::_Locinfo::_Locinfo_ctor 43 API calls 58602->58603 58603->58599 58603->58600 58603->58601 58603->58602 58604 3eda67 58603->58604 58606 3eda57 58603->58606 58605 3ed895 std::_Lockit::_Lockit EnterCriticalSection 58604->58605 58607 3eda71 58605->58607 58606->58604 58608 3eda5b 58606->58608 58610 3ee435 _free 20 API calls 58607->58610 58612 3eda94 58607->58612 58609 3ee435 _free 20 API calls 58608->58609 58609->58599 58610->58612 58611 3edaf7 std::_Locinfo::_Locinfo_ctor LeaveCriticalSection 58611->58599 58613 3ee435 _free 20 API calls 58612->58613 58614 3edaca 58612->58614 58613->58614 58614->58611 58616 35bf3d 58615->58616 58617 35bf2b 58615->58617 58616->58584 58618 3ed9a3 std::_Locinfo::_Locinfo_ctor 73 API calls 58617->58618 58618->58616 59646 3b6d90 59647 3727c3 new 29 API calls 59646->59647 59648 3b6d9a 59647->59648 59650 3b6da3 59648->59650 59654 3e0381 26 API calls 2 library calls 59648->59654

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 00328210, Relevance: 105.3, APIs: 8, Strings: 52, Instructions: 347libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 0 328210-328270 call 3d7830 GetVersionExW 3 328272-328282 call 3727a4 0->3 4 328283-32829c GetModuleHandleW GetProcAddress 0->4 5 3282a9-3282b0 GetSystemInfo 4->5 6 32829e-3282a7 GetNativeSystemInfo 4->6 9 3282b6-3282be 5->9 6->9 10 3282c4-3282cd 9->10 11 3286ec-32870a call 3280a0 call 3727a4 9->11 10->11 13 3282d3-3282e0 10->13 15 3282e2-3282ea 13->15 17 328300-328311 15->17 18 3282ec-3282f3 15->18 21 328313-328319 17->21 22 32833e-328341 17->22 18->17 20 3282f5-3282fe 18->20 20->15 20->17 25 328636-32863f 21->25 26 32831f-328328 21->26 23 328496-328499 22->23 24 328347-32834f 22->24 23->25 29 32849f-3284a8 23->29 27 328351-32835a 24->27 28 32836a-32836d 24->28 30 328640-328649 25->30 31 328334-328339 26->31 32 32832a-32832f 26->32 33 328363-328368 27->33 34 32835c-328361 27->34 35 328387-32838a 28->35 36 32836f-328377 28->36 37 3285c1-3285c4 29->37 38 3284ae-3284b8 GetSystemMetrics 29->38 30->30 39 32864b-32864f 30->39 40 328631 call 3280d0 31->40 32->40 41 3283c1 call 3280d0 33->41 34->41 49 3283a5-3283a8 35->49 50 32838c-328395 35->50 42 328380-328385 36->42 43 328379-32837e 36->43 46 3285c6-3285de call 3280d0 37->46 47 3285ee-3285f0 37->47 44 3284c1-3284cc 38->44 45 3284ba-3284bf 38->45 51 328651-328666 call 3280d0 * 2 39->51 52 32866b-32869c call 328140 call 3280d0 39->52 40->25 62 3283c6-328400 GetModuleHandleW GetProcAddress 41->62 42->41 43->41 56 3284d5-3284da 44->56 57 3284ce-3284d3 44->57 55 328502-328510 call 3280d0 45->55 77 3285e0-3285e5 46->77 78 3285e7-3285ec 46->78 47->25 61 3285f2-328605 call 3280d0 47->61 49->62 63 3283aa-3283b3 49->63 59 328397-32839c 50->59 60 32839e-3283a3 50->60 51->52 94 3286da-3286eb call 3727a4 52->94 95 32869e-3286a9 52->95 55->25 85 328516-328521 55->85 68 3284e3-3284ea 56->68 69 3284dc-3284e1 56->69 57->55 59->41 60->41 83 328607-32860c 61->83 84 32860e-328616 61->84 62->25 87 328406-32840d 62->87 71 3283b5-3283ba 63->71 72 3283bc 63->72 79 3284ec-3284f4 68->79 80 3284fd 68->80 69->55 71->41 72->41 77->40 78->40 79->80 88 3284f6-3284fb 79->88 80->55 89 32862f 83->89 90 328618-32861d 84->90 91 32861f-328621 84->91 92 328523-32852b 85->92 93 328549-328553 85->93 87->25 87->83 96 328432-328437 87->96 97 328592-328597 87->97 98 328450-328455 87->98 99 328414-328419 87->99 100 32845a-32845f 87->100 101 328478-32847d 87->101 102 32841e-328423 87->102 103 32853f-328544 87->103 104 32843c-328441 87->104 105 328482-328487 87->105 106 3285a0-3285a5 87->106 107 328446-32844b 87->107 108 328464-328469 87->108 109 328428-32842d 87->109 110 32846e-328473 87->110 111 32848c-328491 87->111 88->55 89->40 90->89 115 328623-328628 91->115 116 32862a 91->116 117 328537-328539 92->117 118 32852d-328532 92->118 119 328555-328557 93->119 120 32857d-328582 93->120 112 3286ab-3286c8 call 3280d0 call 3727a4 95->112 113 3286c9-3286cc 95->113 96->89 97->89 98->89 99->89 100->89 101->89 102->89 103->89 104->89 105->89 106->89 107->89 108->89 109->89 110->89 111->89 113->94 125 3286ce-3286d5 call 3280d0 113->125 115->89 116->89 117->25 117->103 118->89 123 328563-328567 119->123 124 328559-32855e 119->124 126 328584-328589 120->126 127 32858e-328590 120->127 131 328573-328578 123->131 132 328569-32856e 123->132 124->89 125->94 126->89 127->97 128 32859c-32859e 127->128 128->106 133 3285aa-3285b1 128->133 131->40 132->40 135 3285b3-3285b8 133->135 136 3285ba-3285bf 133->136 135->40 136->40
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetVersionExW.KERNEL32(0000011C), ref: 00328268
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 0032828D
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00328294
                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32(?), ref: 003282A5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressHandleInfoModuleNativeProcSystemVersion
                                                                                                                                                                    • String ID: (build %d)$, 32-bit$, 64-bit$Advanced Server$Business Edition$Cluster Server Edition$Compute Cluster Edition$Datacenter Edition$Datacenter Edition (core installation)$Datacenter Edition for Itanium-based Systems$Datacenter Server$Datacenter x64 Edition$Enterprise Edition$Enterprise Edition (core installation)$Enterprise Edition for Itanium-based Systems$Enterprise x64 Edition$GetNativeSystemInfo$GetProductInfo$Home Basic Edition$Home Edition$Home Premium Edition$Microsoft $Professional$Server$Small Business Server$Small Business Server Premium Edition$Standard Edition$Standard Edition (core installation)$Standard x64 Edition$Starter Edition$This sample does not support this version of Windows.$Ultimate Edition$Web Edition$Web Server Edition$Windows 10 $Windows 2000 $Windows 7 $Windows 8 $Windows 8.1 $Windows Home Server$Windows Server 2003 R2, $Windows Server 2003, $Windows Server 2008 $Windows Server 2008 R2 $Windows Server 2012 $Windows Server 2012 R2 $Windows Server 2016 $Windows Storage Server 2003$Windows Vista $Windows XP $Windows XP Professional x64 Edition$kernel32.dll
                                                                                                                                                                    • API String ID: 2167034304-4026996278
                                                                                                                                                                    • Opcode ID: 1f101d6fe999d98e425f8714ed09c6f182465512fcf7c99754a036ff87c6f1a2
                                                                                                                                                                    • Instruction ID: d57e106a82f0210951b52784da837650b2ca55bb3324cb2ac10fa4c0d85f47a5
                                                                                                                                                                    • Opcode Fuzzy Hash: 1f101d6fe999d98e425f8714ed09c6f182465512fcf7c99754a036ff87c6f1a2
                                                                                                                                                                    • Instruction Fuzzy Hash: 97B10734B463349ADF379B10BC46BBDB228AB19B00F3150CBF50A764C1CFB85E819A59
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0030C8D0, Relevance: 89.8, APIs: 8, Strings: 42, Instructions: 2260synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0030AAB0: std::locale::_Init.LIBCPMT ref: 0030ABCF
                                                                                                                                                                    • CreateMutexW.KERNEL32(00000000,00000001,?), ref: 0030C953
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0030C966
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateErrorInitLastMutexstd::locale::_
                                                                                                                                                                    • String ID: 3.5$4.0 Client$4.0 Full$4.5$4.5.1$4.5.2$4.6$4.6.1$4.6.2$<xmlattr>.key$<xmlattr>.value$Administrator rights required for this setup$BT002$BundleBypass$BundleConfig$BundleId$BundleId=$EventServiceUrl$GenericSetupInstaller_$InstallId$MachineId$Message$ParentProcess$RCC$StubError$UserType$]: $bundle config file path=$carrier path=$cmd=$event service url=$generic setup config file path=$generic setup path=$hMC$install id=$installer$run installer complete. exit code=$t$wWinMain$>F$>F$>F
                                                                                                                                                                    • API String ID: 947009227-3572753506
                                                                                                                                                                    • Opcode ID: 774829b3e8cba875b6353c52465d11a992550ea4bbb1c18a1c17d22f54956e37
                                                                                                                                                                    • Instruction ID: bb2bac49938880ff1075e24c8eafcb82aabe283f0280ac0570b365e640dc2937
                                                                                                                                                                    • Opcode Fuzzy Hash: 774829b3e8cba875b6353c52465d11a992550ea4bbb1c18a1c17d22f54956e37
                                                                                                                                                                    • Instruction Fuzzy Hash: 8013BF30A112589BDF16EBA0CC55BEEB7B5AF14304F104099E44ABB2C2DB746F85CF95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002E74C0, Relevance: 49.4, APIs: 7, Strings: 21, Instructions: 366encryptionCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    APIs
                                                                                                                                                                    • CryptAcquireContextW.ADVAPI32(?,00000000,Microsoft Strong Cryptographic Provider,00000001,F0000000,?,00000000,06E5DBC0,00000000,00000000), ref: 002E753A
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002E765B
                                                                                                                                                                    • CryptCreateHash.ADVAPI32(?,00008003,00000000,00000000,00000000), ref: 002E76B3
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002E77D7
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002E796D
                                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,?,00000010,00000000,?,00000000), ref: 002E7A3E
                                                                                                                                                                      • Part of subcall function 002F4420: ___std_exception_copy.LIBVCRUNTIME ref: 002F445A
                                                                                                                                                                      • Part of subcall function 002EC130: __CxxThrowException@8.LIBVCRUNTIME ref: 002EC199
                                                                                                                                                                    • CryptHashData.ADVAPI32(00000000,?,?,00000000), ref: 002E7849
                                                                                                                                                                      • Part of subcall function 002EAC10: new.LIBCMT ref: 002EAC3E
                                                                                                                                                                      • Part of subcall function 002EAC10: std::locale::_Init.LIBCPMT ref: 002EAC55
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Crypt___std_exception_copy$Hash$AcquireContextCreateDataException@8InitParamThrowstd::locale::_
                                                                                                                                                                    • String ID: $2C$,2C$HEB$HEB$HEB$HEB$L2C$L2C$L2C$L2C$Microsoft Strong Cryptographic Provider$T2C$T2C$T2C$T2C$class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __cdecl Generator::Md5Hash(const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &)$couldn't acquire crypt context$couldn't create hash$couldn't crypt get hash param$couldn't crypt hash data$src\generator.cpp
                                                                                                                                                                    • API String ID: 16277222-95923808
                                                                                                                                                                    • Opcode ID: a486df67dfa11e53b77b61f312028e9e6cca422aecee25b56e8982c1f7be8c34
                                                                                                                                                                    • Instruction ID: 2c6f9394e85c04fb3fa3620bf16b32dd9fbee254a2a3c93f67d4c92ae8ee2d94
                                                                                                                                                                    • Opcode Fuzzy Hash: a486df67dfa11e53b77b61f312028e9e6cca422aecee25b56e8982c1f7be8c34
                                                                                                                                                                    • Instruction Fuzzy Hash: 61028E709502989BDB21DF54CD49BDEBBF8AF08304F5084EAE509BB281D7B49B88CF54
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F8C1D, Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 2875 3f8c1d-3f8c45 call 3f885c call 3f88ba 2880 3f8c4b-3f8c57 call 3f8862 2875->2880 2881 3f8de5-3f8e1a call 3e039e call 3f885c call 3f88ba 2875->2881 2880->2881 2887 3f8c5d-3f8c68 2880->2887 2906 3f8f42-3f8f9e call 3e039e call 3ed761 2881->2906 2907 3f8e20-3f8e2c call 3f8862 2881->2907 2889 3f8c9e-3f8ca7 call 3ee435 2887->2889 2890 3f8c6a-3f8c6c 2887->2890 2902 3f8caa-3f8caf 2889->2902 2893 3f8c6e-3f8c72 2890->2893 2896 3f8c8e-3f8c90 2893->2896 2897 3f8c74-3f8c76 2893->2897 2900 3f8c93-3f8c95 2896->2900 2898 3f8c8a-3f8c8c 2897->2898 2899 3f8c78-3f8c7e 2897->2899 2898->2900 2899->2896 2903 3f8c80-3f8c88 2899->2903 2904 3f8ddf-3f8de4 2900->2904 2905 3f8c9b 2900->2905 2902->2902 2908 3f8cb1-3f8cd2 call 3ee0d4 call 3ee435 2902->2908 2903->2893 2903->2898 2905->2889 2925 3f8fa8-3f8fab 2906->2925 2926 3f8fa0-3f8fa6 2906->2926 2907->2906 2916 3f8e32-3f8e3e call 3f888e 2907->2916 2908->2904 2923 3f8cd8-3f8cdb 2908->2923 2916->2906 2927 3f8e44-3f8e65 call 3ee435 GetTimeZoneInformation 2916->2927 2924 3f8cde-3f8ce3 2923->2924 2924->2924 2928 3f8ce5-3f8cf7 call 3f6cf4 2924->2928 2929 3f8fee-3f9000 2925->2929 2930 3f8fad-3f8fbd call 3ee0d4 2925->2930 2926->2929 2942 3f8f1e-3f8f41 call 3f8856 call 3f884a call 3f8850 2927->2942 2943 3f8e6b-3f8e8c 2927->2943 2928->2881 2949 3f8cfd-3f8d10 call 3fad58 2928->2949 2934 3f9002-3f9005 2929->2934 2935 3f9010 2929->2935 2950 3f8fbf 2930->2950 2951 3f8fc7-3f8fe0 call 3ed761 2930->2951 2934->2935 2941 3f9007-3f900e call 3f8c1d 2934->2941 2937 3f9015-3f902c call 3ee435 call 3727a4 2935->2937 2938 3f9010 call 3f8df2 2935->2938 2938->2937 2941->2937 2946 3f8e8e-3f8e93 2943->2946 2947 3f8e96-3f8e9d 2943->2947 2946->2947 2954 3f8e9f-3f8ea6 2947->2954 2955 3f8eb5-3f8eb8 2947->2955 2949->2881 2972 3f8d16-3f8d19 2949->2972 2958 3f8fc0-3f8fc5 call 3ee435 2950->2958 2967 3f8fe5-3f8feb call 3ee435 2951->2967 2968 3f8fe2-3f8fe3 2951->2968 2954->2955 2962 3f8ea8-3f8eb3 2954->2962 2963 3f8ebb-3f8edc call 3edbe4 WideCharToMultiByte 2955->2963 2979 3f8fed 2958->2979 2962->2963 2982 3f8ede-3f8ee1 2963->2982 2983 3f8eea-3f8eec 2963->2983 2967->2979 2968->2958 2977 3f8d1b-3f8d1f 2972->2977 2978 3f8d21-3f8d2a 2972->2978 2977->2972 2977->2978 2984 3f8d2d-3f8d3a call 3e4463 2978->2984 2985 3f8d2c 2978->2985 2979->2929 2982->2983 2986 3f8ee3-3f8ee8 2982->2986 2987 3f8eee-3f8f0a WideCharToMultiByte 2983->2987 2993 3f8d3d-3f8d41 2984->2993 2985->2984 2986->2987 2989 3f8f0c-3f8f0f 2987->2989 2990 3f8f19-3f8f1c 2987->2990 2989->2990 2992 3f8f11-3f8f17 2989->2992 2990->2942 2992->2942 2994 3f8d4b-3f8d4c 2993->2994 2995 3f8d43-3f8d45 2993->2995 2994->2993 2996 3f8d4e-3f8d51 2995->2996 2997 3f8d47-3f8d49 2995->2997 2998 3f8d95-3f8d97 2996->2998 2999 3f8d53-3f8d66 call 3e4463 2996->2999 2997->2994 2997->2996 3000 3f8d9e-3f8dad 2998->3000 3001 3f8d99-3f8d9b 2998->3001 3007 3f8d6d-3f8d71 2999->3007 3003 3f8daf-3f8dc1 call 3fad58 3000->3003 3004 3f8dc5-3f8dc8 3000->3004 3001->3000 3008 3f8dcb-3f8ddd call 3f8856 call 3f884a 3003->3008 3013 3f8dc3 3003->3013 3004->3008 3010 3f8d68-3f8d6a 3007->3010 3011 3f8d73-3f8d76 3007->3011 3008->2904 3010->3011 3014 3f8d6c 3010->3014 3011->2998 3015 3f8d78-3f8d88 call 3e4463 3011->3015 3013->2881 3014->3007 3021 3f8d8f-3f8d93 3015->3021 3021->2998 3022 3f8d8a-3f8d8c 3021->3022 3022->2998 3023 3f8d8e 3022->3023 3023->3021
                                                                                                                                                                    APIs
                                                                                                                                                                    • _free.LIBCMT ref: 003F8C9F
                                                                                                                                                                    • _free.LIBCMT ref: 003F8CC3
                                                                                                                                                                    • _free.LIBCMT ref: 003F8E4A
                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0042B218), ref: 003F8E5C
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,Pacific Standard Time,000000FF,00000000,0000003F,00000000,?,?), ref: 003F8ED4
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,Pacific Daylight Time,000000FF,?,0000003F,00000000,?), ref: 003F8F01
                                                                                                                                                                    • _free.LIBCMT ref: 003F9016
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                    • String ID: 1M/$Pacific Daylight Time$Pacific Standard Time
                                                                                                                                                                    • API String ID: 314583886-919189503
                                                                                                                                                                    • Opcode ID: d6af5da0c1faf72fef20b49c0a45ea9c51e09d1162b8044f84750fefa670e898
                                                                                                                                                                    • Instruction ID: 776d6dd7fb6942bcd1f275dfba0af09e0bbd273ad959a32b9f437ed1ce70b878
                                                                                                                                                                    • Opcode Fuzzy Hash: d6af5da0c1faf72fef20b49c0a45ea9c51e09d1162b8044f84750fefa670e898
                                                                                                                                                                    • Instruction Fuzzy Hash: E4C15C7290024D9FCB2ADF79DC41AB9BBB9EF51310F1541AAF6449B281EF308E41CB50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0030ADA0, Relevance: 13.7, APIs: 9, Instructions: 214memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000008,?,06E5DBC0), ref: 0030ADE7
                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 0030ADEE
                                                                                                                                                                    • GetTokenInformation.KERNELBASE(00000000,00000002,00000000,00000000,?,00000000), ref: 0030AE5F
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0030AE68
                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000), ref: 0030AE7B
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ProcessToken$AllocCurrentErrorGlobalInformationLastOpen
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4180416819-0
                                                                                                                                                                    • Opcode ID: f2b615a3e2d01c7411157984fe26abec9a413298a6d8622b8f90d5debc1ba38e
                                                                                                                                                                    • Instruction ID: aafb28aa64e33242fbe871447f9f6576deb89b8d1e2a0cab36f809a41aa50752
                                                                                                                                                                    • Opcode Fuzzy Hash: f2b615a3e2d01c7411157984fe26abec9a413298a6d8622b8f90d5debc1ba38e
                                                                                                                                                                    • Instruction Fuzzy Hash: AE8180B1A013189BDB22CF14CC94BDAF7B9BF08710F5581D9E619A7290DB359E84CF98
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002E6800, Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 348comCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CoCreateInstance.OLE32(0042389C,00000000,00000001,004237CC,00000000,06E5DBC0,?,?), ref: 002E687E
                                                                                                                                                                    • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?), ref: 002E698B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: BlanketCreateInstanceProxy
                                                                                                                                                                    • String ID: WHERE $ROOT\CIMV2$SELECT * FROM
                                                                                                                                                                    • API String ID: 1899829610-2498882015
                                                                                                                                                                    • Opcode ID: 846123229420c1e0f4815378d3bc8293ce100f600d2e1247219c24de856e4867
                                                                                                                                                                    • Instruction ID: 40d87dd5e3190248b7999f8d47946a4ac2d0068940611ce547ba4a932475a154
                                                                                                                                                                    • Opcode Fuzzy Hash: 846123229420c1e0f4815378d3bc8293ce100f600d2e1247219c24de856e4867
                                                                                                                                                                    • Instruction Fuzzy Hash: 17E19170E60288DFDF14DFA5C849B9EB7B4AF14704F54409DE409AB281DB74AE58CF61
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00335FC0, Relevance: 7.8, APIs: 5, Instructions: 296networkCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastselect
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 215497628-0
                                                                                                                                                                    • Opcode ID: 7fb741ce01072f73269b69e446c53617066f8cfea6058f1775027fe29661f393
                                                                                                                                                                    • Instruction ID: 7576718a155091899f92c69d2acb72f61db53d817effb40bc31bb4a7f98436b8
                                                                                                                                                                    • Opcode Fuzzy Hash: 7fb741ce01072f73269b69e446c53617066f8cfea6058f1775027fe29661f393
                                                                                                                                                                    • Instruction Fuzzy Hash: B8B18270A002199FCF2ACF28DDD27AAB3B9AF88310F5585ADD859D7152DB719E808F40
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00374C10, Relevance: 6.2, APIs: 4, Instructions: 176fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,00423BC8,?,?,00000000,000000FF,06E5DBC0,00000008,?,?), ref: 00374D16
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00374D35
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00374D3C
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00374D43
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$FileFindFirst
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1013685494-0
                                                                                                                                                                    • Opcode ID: e2d207baddaa9d9e33cb985153b7f8e1ff215df844262ecb8575af33c20862a5
                                                                                                                                                                    • Instruction ID: 6e75ba87d30dc1498f6acdc6acdcf12bdf6f51fbe187a995346e60cca5d7d790
                                                                                                                                                                    • Opcode Fuzzy Hash: e2d207baddaa9d9e33cb985153b7f8e1ff215df844262ecb8575af33c20862a5
                                                                                                                                                                    • Instruction Fuzzy Hash: 73717C7490020ADFCB26DF54C895BEEBBB5FF48310F25815DD80AA7681D7786A85CF60
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00306CE0, Relevance: 6.1, APIs: 4, Instructions: 52processCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00306D25
                                                                                                                                                                    • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00306D35
                                                                                                                                                                    • Process32NextW.KERNEL32(00000000,0000022C), ref: 00306D56
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00306D6C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 420147892-0
                                                                                                                                                                    • Opcode ID: 391acd55e41b86347fbff6cc224ebd34427c1b984357820840de62bedf2377f9
                                                                                                                                                                    • Instruction ID: 4a1b4fee26e9539b6f8781709a35e1a924627acaca18b8ffc34a91f048bbe9aa
                                                                                                                                                                    • Opcode Fuzzy Hash: 391acd55e41b86347fbff6cc224ebd34427c1b984357820840de62bedf2377f9
                                                                                                                                                                    • Instruction Fuzzy Hash: 3511A934A0221CABD721EB54DD9DBEEB7B8EB48300F0101E9E80896280DB349F44CE69
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F6E40, Relevance: 4.6, APIs: 3, Instructions: 129timeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(00406623,06E5DBC0,00000000,?,00000000), ref: 002F6E75
                                                                                                                                                                    • __aulldiv.LIBCMT ref: 002F6E92
                                                                                                                                                                    • __aulldiv.LIBCMT ref: 002F6EA2
                                                                                                                                                                      • Part of subcall function 002F4DA0: ___std_exception_copy.LIBVCRUNTIME ref: 002F4DFE
                                                                                                                                                                      • Part of subcall function 002F9670: __CxxThrowException@8.LIBVCRUNTIME ref: 002F96BE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Time__aulldiv$Exception@8FileSystemThrow___std_exception_copy
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1498349571-0
                                                                                                                                                                    • Opcode ID: 2f844650c80244d7ee723639c4d323850fc38c3f02f068fd4210e5f9b689b4ae
                                                                                                                                                                    • Instruction ID: 3b06d73f4f9e9ed2a9e21c54221b5e51345cfaffb12dc5ea2040fea53f77d7fc
                                                                                                                                                                    • Opcode Fuzzy Hash: 2f844650c80244d7ee723639c4d323850fc38c3f02f068fd4210e5f9b689b4ae
                                                                                                                                                                    • Instruction Fuzzy Hash: 564180B191020DABCB15EFA4D842BBFF7B8EF08740F10452AF50AE7681DB75A914CB65
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00309450, Relevance: 44.9, APIs: 4, Strings: 21, Instructions: 1146COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: data=$ failed. curl returned error=$ succeeded$.$. disable stub events=$/v1/event-stat?ProductID=IS&Type=$1$Accept: application/json$Content-Type: application/json$Data$H$HEB$SendEvent$]: $charsets: utf-8$curl easy init failed$https://flow.lavasoft.com$installer$send event $send event. event name=$url=
                                                                                                                                                                    • API String ID: 0-3930944357
                                                                                                                                                                    • Opcode ID: 0cd60e1a01d11b0d9fbcc8ad9a5afecc9df78ba2c62698187b3c328bc37715a6
                                                                                                                                                                    • Instruction ID: ea6272acce738e91301ae28d247154cb64912b820706552fca96e7408ed37dfa
                                                                                                                                                                    • Opcode Fuzzy Hash: 0cd60e1a01d11b0d9fbcc8ad9a5afecc9df78ba2c62698187b3c328bc37715a6
                                                                                                                                                                    • Instruction Fuzzy Hash: BEA2C170E012589BDF12EBA4CC51BEEB7B4AF49700F1440AAE4467B2C2DBB56E44CF95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0030C320, Relevance: 26.7, APIs: 5, Strings: 10, Instructions: 415COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1674 30c320-30c370 1675 30c3e0-30c3fc call 2f44b0 1674->1675 1676 30c372-30c3b5 call 3727c3 1674->1676 1681 30c402-30c42d call 2f2a70 1675->1681 1682 30c584-30c589 1675->1682 1683 30c3c0-30c3d9 call 372a71 1676->1683 1684 30c3b7-30c3be 1676->1684 1693 30c430-30c43a 1681->1693 1686 30c58b-30c595 1682->1686 1687 30c5ac-30c65e call 3727c3 * 2 1682->1687 1683->1675 1684->1675 1684->1683 1686->1687 1690 30c597-30c5a3 1686->1690 1705 30c664-30c6ba call 30a580 call 2e9bb0 call 3727c3 call 3135c0 1687->1705 1706 30c7bb-30c7c3 1687->1706 1690->1687 1701 30c5a5-30c5a7 1690->1701 1695 30c440-30c519 call 2f2ab0 call 2f09d0 * 7 call 2f0dc0 call 2f09d0 * 2 call 3156f0 call 2f09d0 call 3156f0 call 2f09d0 call 2f0dc0 1693->1695 1696 30c563-30c565 1693->1696 1695->1693 1810 30c51f-30c531 call 37b870 1695->1810 1696->1682 1699 30c567-30c570 call 37a5e0 1696->1699 1699->1682 1701->1687 1750 30c6f1-30c6f5 1705->1750 1751 30c6bc-30c6c0 1705->1751 1709 30c7e1-30c7e4 1706->1709 1710 30c7c5-30c7c8 1706->1710 1715 30c7e6-30c7e8 1709->1715 1716 30c7ee-30c7f8 call 30b9e0 1709->1716 1713 30c7cb-30c7dc call 30b140 call 3113c0 1710->1713 1737 30c8a5-30c8c0 call 3727a4 1713->1737 1715->1716 1720 30c898-30c8a0 call 3113c0 1715->1720 1726 30c7fd-30c7ff 1716->1726 1720->1737 1731 30c810-30c818 1726->1731 1732 30c801-30c80b call 3113c0 1726->1732 1734 30c820-30c822 1731->1734 1735 30c81a-30c81e 1731->1735 1732->1737 1734->1720 1741 30c824-30c82a 1734->1741 1735->1713 1741->1720 1745 30c82c-30c892 call 311210 call 311df0 call 2e8440 call 2e8500 call 309450 call 2e8440 MessageBoxW 1741->1745 1745->1720 1753 30c6f7-30c6f9 1750->1753 1754 30c718-30c721 1750->1754 1757 30c6d0-30c6d9 1751->1757 1758 30c6c2-30c6ce 1751->1758 1759 30c700-30c714 1753->1759 1761 30c723-30c731 call 3d7990 1754->1761 1762 30c734 1754->1762 1765 30c6db-30c6e9 call 3d7990 1757->1765 1766 30c6ec-30c6ef 1757->1766 1764 30c737-30c79d call 3113c0 * 2 call 2e9ab0 call 309450 1758->1764 1759->1759 1767 30c716 1759->1767 1761->1762 1762->1764 1793 30c7a2-30c7ac 1764->1793 1765->1766 1766->1764 1767->1764 1793->1706 1796 30c7ae-30c7b6 call 2ea240 1793->1796 1796->1706 1813 30c533-30c549 call 2f18f0 call 37ab20 1810->1813 1814 30c54e-30c55e call 37cd70 1810->1814 1813->1814 1814->1693
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: . cmd=$. uac=$Administrator rights required for this setup$Message$RunInstaller$StubPostUAC$StubPreUAC$]: $installer$run installer. path=
                                                                                                                                                                    • API String ID: 0-1273710044
                                                                                                                                                                    • Opcode ID: dcb865ddc1191b4bf341fb4181d26eeced4d123c476e4b8a651de83ee5d431d5
                                                                                                                                                                    • Instruction ID: d144a721f8bc7788f54046a8f290cd9e1a1d61b97f7a67c0f8a675ac111cf796
                                                                                                                                                                    • Opcode Fuzzy Hash: dcb865ddc1191b4bf341fb4181d26eeced4d123c476e4b8a651de83ee5d431d5
                                                                                                                                                                    • Instruction Fuzzy Hash: B902DE70E11248DFDB16DFA4C851BEEFBB0AF45700F14416AE405AB3C2EBB4AA45CB95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0030BD70, Relevance: 26.6, APIs: 6, Strings: 9, Instructions: 373synchronizationCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1820 30bd70-30bdb5 CoInitializeEx 1821 30c114-30c123 1820->1821 1822 30bdbb-30bded call 3d7830 1820->1822 1824 30c193-30c1af call 2f44b0 1821->1824 1825 30c125-30c168 call 3727c3 1821->1825 1830 30bdf1-30bdfb 1822->1830 1831 30bdef 1822->1831 1837 30c1b5-30c1dc call 2f2a70 1824->1837 1838 30c0ca-30c0cf 1824->1838 1833 30c173-30c18c call 372a71 1825->1833 1834 30c16a-30c171 1825->1834 1835 30bdfd 1830->1835 1836 30bdff-30be23 ShellExecuteExW 1830->1836 1831->1830 1833->1824 1834->1824 1834->1833 1835->1836 1842 30bf30-30bf49 GetLastError 1836->1842 1843 30be29-30be30 1836->1843 1856 30c1e0-30c1ea 1837->1856 1840 30c0d1-30c0db 1838->1840 1841 30c0f2-30c10d call 3727a4 1838->1841 1840->1841 1848 30c0dd-30c0e9 1840->1848 1845 30bf56-30bf70 call 2f44b0 1842->1845 1846 30bf4b-30bf50 call 2f34c0 1842->1846 1849 30bf11-30bf2b WaitForSingleObject CloseHandle 1843->1849 1850 30be36-30beb4 call 311320 call 30a580 call 311420 call 3113c0 call 311210 call 311e80 1843->1850 1845->1838 1865 30bf76-30bfa3 call 2f2a70 1845->1865 1846->1845 1848->1841 1866 30c0eb-30c0ed 1848->1866 1849->1841 1903 30beb6-30bec4 call 2ea240 1850->1903 1904 30bec9-30bee6 call 2e8500 call 309450 1850->1904 1862 30c1f0-30c2a3 call 2f2ab0 call 2f09d0 * 7 call 2f0dc0 call 2f09d0 * 2 call 2f0dc0 1856->1862 1863 30c2f9-30c2fb 1856->1863 1862->1856 1942 30c2a9-30c2c1 call 37b870 1862->1942 1863->1838 1864 30c301-30c30a call 37a5e0 1863->1864 1864->1838 1878 30bfa7-30bfb1 1865->1878 1866->1841 1882 30bfb7-30c067 call 2f2ab0 call 2f09d0 * 7 call 2f0dc0 call 2f09d0 * 2 call 310310 1878->1882 1883 30c0bd-30c0bf 1878->1883 1882->1878 1953 30c06d-30c085 call 37b870 1882->1953 1883->1838 1885 30c0c1-30c0c7 call 37a5e0 1883->1885 1885->1838 1903->1904 1917 30beeb-30bef4 1904->1917 1920 30bef6-30bf04 call 2ea240 1917->1920 1921 30bf09-30bf0c call 3113c0 1917->1921 1920->1921 1921->1849 1948 30c2c3-30c2df call 2f18f0 call 37ab20 1942->1948 1949 30c2e4-30c2f4 call 37cd70 1942->1949 1948->1949 1949->1856 1959 30c087-30c0a3 call 2f18f0 call 37ab20 1953->1959 1960 30c0a8-30c0b8 call 37cd70 1953->1960 1959->1960 1960->1878
                                                                                                                                                                    APIs
                                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000002,06E5DBC0), ref: 0030BDA7
                                                                                                                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 0030BE1B
                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0030BF16
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0030BF1F
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0030BF30
                                                                                                                                                                      • Part of subcall function 002F34C0: new.LIBCMT ref: 002F34D6
                                                                                                                                                                    • new.LIBCMT ref: 0030C12C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseErrorExecuteHandleInitializeLastObjectShellSingleWait
                                                                                                                                                                    • String ID: <$@$Message$RunInstallerWithUAC::<lambda_7deb6ba16c5d38bc4137c15d407862b4>::operator ()$StubPostUAC$]: $failed coinitializeex. result=$installer$shell execute ex failed. err=
                                                                                                                                                                    • API String ID: 2044801028-2011905007
                                                                                                                                                                    • Opcode ID: e0586890cf544f6130832584a81b69321ec686504fb36a67fa6a68ed2586bed8
                                                                                                                                                                    • Instruction ID: 251a7d74dd5c9724f721b54399934aefaecff1f3e0d9498448de09adb10d97f3
                                                                                                                                                                    • Opcode Fuzzy Hash: e0586890cf544f6130832584a81b69321ec686504fb36a67fa6a68ed2586bed8
                                                                                                                                                                    • Instruction Fuzzy Hash: 41E1CF70A11258DBDB12DBA4CC51BEEFBB4AF05700F1041AAE5467B2C2DBB4AE44CF95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00307640, Relevance: 23.3, APIs: 2, Strings: 11, Instructions: 569COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1966 307640-3076ce call 2e9ab0 call 3117b0 1971 3076d0-3076d8 call 2ea240 1966->1971 1972 3076dd-3076fe 1966->1972 1971->1972 1974 307700-307740 call 3727c3 1972->1974 1975 30776b-307780 call 2f44b0 1972->1975 1980 307742-307749 1974->1980 1981 30774b-307764 call 372a71 1974->1981 1982 307786-3077ad call 2f2a70 1975->1982 1983 3078c9-3078d2 1975->1983 1980->1975 1980->1981 1981->1975 1993 3077b1-3077bb 1982->1993 1985 3078d4-3078de 1983->1985 1986 3078f6-307914 1983->1986 1985->1986 1989 3078e0-3078ed 1985->1989 1991 307916-30791e 1986->1991 1992 307979-30797b 1986->1992 1989->1986 2012 3078ef-3078f1 1989->2012 1996 307920-307924 1991->1996 1997 307931-307934 1991->1997 1994 307986-307997 1992->1994 1995 30797d 1992->1995 2001 3077c1-307867 call 2f2ab0 call 2f09d0 * 7 call 2f0dc0 call 2f09d0 * 2 call 3156d0 1993->2001 2002 3078ae-3078b0 1993->2002 2004 3079f3-3079f6 1994->2004 2005 307999-3079a1 1994->2005 1995->1994 2003 30797f-307981 1995->2003 1999 307936-30793a 1996->1999 2006 307926-30792f 1996->2006 1998 307970 1997->1998 1997->1999 2011 307972-307977 1998->2011 2009 307963-307968 1999->2009 2010 30793c-30793f 1999->2010 2001->1993 2155 30786d-30787f call 37b870 2001->2155 2007 3078c2 2002->2007 2008 3078b2-3078bb call 37a5e0 2002->2008 2014 307d0f-307d15 2003->2014 2015 307a04-307a1a 2004->2015 2016 3079f8 2004->2016 2017 3079a3-3079a7 2005->2017 2018 3079b4-3079b7 2005->2018 2006->1996 2006->1997 2007->1983 2008->2007 2009->2011 2010->1998 2024 307941-307947 2010->2024 2011->1992 2011->1994 2012->1986 2026 307e98-307eb5 call 3727a4 2014->2026 2027 307d1b-307d21 2014->2027 2019 307a76-307a79 2015->2019 2020 307a1c-307a24 2015->2020 2016->2015 2029 3079fa-3079ff 2016->2029 2021 3079b9-3079bd 2017->2021 2022 3079a9-3079b2 2017->2022 2018->2021 2025 3079ed 2018->2025 2040 307a87-307a9d 2019->2040 2041 307a7b 2019->2041 2030 307a26-307a2a 2020->2030 2031 307a37-307a3a 2020->2031 2033 3079e6-3079eb 2021->2033 2034 3079bf-3079c2 2021->2034 2022->2017 2022->2018 2024->2009 2035 307949-30794c 2024->2035 2039 3079ef-3079f1 2025->2039 2036 307d23-307d26 2027->2036 2037 307d57-307d60 call 37279f 2027->2037 2029->2014 2043 307a3c-307a40 2030->2043 2044 307a2c-307a35 2030->2044 2031->2043 2045 307a70 2031->2045 2033->2039 2034->2025 2054 3079c4-3079ca 2034->2054 2035->1998 2046 30794e-307954 2035->2046 2047 307d33-307d38 2036->2047 2048 307d28-307d32 call 3e0381 2036->2048 2037->2026 2039->2004 2039->2015 2051 307b00-307b03 2040->2051 2052 307a9f-307aa7 2040->2052 2041->2040 2049 307a7d-307a82 2041->2049 2058 307a42-307a45 2043->2058 2059 307a69-307a6e 2043->2059 2044->2030 2044->2031 2064 307a72-307a74 2045->2064 2046->2009 2060 307956-307959 2046->2060 2062 307d3a call 3e0381 2047->2062 2063 307d3f-307d44 2047->2063 2049->2014 2056 307b11-307b20 2051->2056 2057 307b05 2051->2057 2066 307ac1-307ac4 2052->2066 2067 307aa9 2052->2067 2054->2033 2069 3079cc-3079cf 2054->2069 2071 307b22-307b62 call 3727c3 2056->2071 2072 307b8d-307ba6 call 2f44b0 2056->2072 2057->2056 2070 307b07-307b0c 2057->2070 2058->2045 2073 307a47-307a4d 2058->2073 2059->2064 2060->1998 2074 30795b-307961 2060->2074 2062->2063 2077 307d46 call 3e0381 2063->2077 2078 307d4b-307d4e 2063->2078 2064->2019 2064->2040 2082 307ac6-307aca 2066->2082 2083 307afa 2066->2083 2080 307ab0-307ab4 2067->2080 2069->2025 2081 3079d1-3079d7 2069->2081 2070->2014 2103 307b64-307b6b 2071->2103 2104 307b6d-307b86 call 372a71 2071->2104 2106 307ce1-307cec 2072->2106 2107 307bac-307bd3 call 2f2a70 2072->2107 2073->2059 2086 307a4f-307a52 2073->2086 2074->1998 2074->2009 2077->2078 2089 307d50 call 3e0381 2078->2089 2090 307d55 2078->2090 2080->2082 2092 307ab6-307abf 2080->2092 2081->2033 2093 3079d9-3079dc 2081->2093 2094 307af3-307af8 2082->2094 2095 307acc-307acf 2082->2095 2084 307afc-307afe 2083->2084 2084->2051 2084->2056 2086->2045 2097 307a54-307a5a 2086->2097 2089->2090 2090->2037 2092->2066 2092->2080 2093->2025 2101 3079de-3079e4 2093->2101 2094->2084 2095->2083 2102 307ad1-307ad7 2095->2102 2097->2059 2105 307a5c-307a5f 2097->2105 2101->2025 2101->2033 2102->2094 2109 307ad9-307adc 2102->2109 2103->2072 2103->2104 2104->2072 2105->2045 2111 307a61-307a67 2105->2111 2114 307d0c 2106->2114 2115 307cee-307cf5 2106->2115 2122 307bd7-307be1 2107->2122 2109->2083 2116 307ade-307ae4 2109->2116 2111->2045 2111->2059 2114->2014 2115->2114 2120 307cf7-307d03 2115->2120 2116->2094 2121 307ae6-307ae9 2116->2121 2120->2114 2132 307d05-307d07 2120->2132 2121->2083 2124 307aeb-307af1 2121->2124 2125 307cd4-307cd6 2122->2125 2126 307be7-307c8d call 2f2ab0 call 2f09d0 * 7 call 2f0dc0 call 2f09d0 * 2 call 3156d0 2122->2126 2124->2083 2124->2094 2125->2106 2130 307cd8-307cde call 37a5e0 2125->2130 2126->2122 2178 307c93-307ca5 call 37b870 2126->2178 2130->2106 2132->2114 2162 307881-307897 call 2f18f0 call 37ab20 2155->2162 2163 30789c-3078a9 call 37cd70 2155->2163 2162->2163 2163->1993 2181 307cc2-307ccf call 37cd70 2178->2181 2182 307ca7-307cbd call 2f18f0 call 37ab20 2178->2182 2181->2122 2182->2181
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: .$ReadUACSetting$UACNotRequired$UACOptional$UACOptionalByGS$UACRequired$UACSetting$UACSetting=$]: $installer$unknown uac setting=
                                                                                                                                                                    • API String ID: 0-192363854
                                                                                                                                                                    • Opcode ID: add460f973777fbb138f4dc4ae6242711308e9d609fcab7ccdf4c6cd44947d6a
                                                                                                                                                                    • Instruction ID: bbdde0009f94704b90a6d17fb5bc6e5722ccb1a58911774e77431f93572ccf7e
                                                                                                                                                                    • Opcode Fuzzy Hash: add460f973777fbb138f4dc4ae6242711308e9d609fcab7ccdf4c6cd44947d6a
                                                                                                                                                                    • Instruction Fuzzy Hash: A7223730F192888BDF27DBA8C8607AEFBA1AF41710F154269D0926B3C2D774BD45CB95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F59C0, Relevance: 21.6, APIs: 1, Strings: 11, Instructions: 603COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 2188 2f59c0-2f5d00 call 2f7360 GetCurrentProcessId call 2e3340 call 328ec0 call 3775e0 call 378b70 call 2ebb00 call 2ebc60 call 2ebda0 call 2ebc60 call 2e9890 call 2f4b90 call 2e9ab0 call 397a90 call 2f59a0 call 397eb0 2226 2f5d15-2f5f87 call 37e5a0 * 6 call 2f98a0 call 2f96d0 call 2f97b0 call 2f9840 call 2f9870 call 2f9980 call 2f9a90 call 2f9ac0 call 2f9af0 call 2f9b20 call 2f9b50 call 2f9b80 call 2f9bb0 call 2f9be0 call 2f9c10 2188->2226 2227 2f5d02-2f5d10 call 2ea240 2188->2227 2270 2f5f8c-2f6018 call 2f6570 call 2e3b60 call 2f6450 * 9 2226->2270 2227->2226 2293 2f602d-2f6039 2270->2293 2294 2f601a-2f6023 2270->2294 2295 2f604e-2f605a 2293->2295 2296 2f603b-2f6044 2293->2296 2294->2293 2297 2f606f-2f607b 2295->2297 2298 2f605c-2f6065 2295->2298 2296->2295 2300 2f607d-2f6086 2297->2300 2301 2f6090-2f609c 2297->2301 2298->2297 2300->2301 2304 2f609e-2f60a4 2301->2304 2305 2f60a7-2f60f9 call 37a880 call 37e5a0 call 2f67e0 call 37a2f0 2301->2305 2304->2305 2316 2f60fb-2f6106 2305->2316 2317 2f6119-2f6152 call 37e5a0 call 2f68a0 call 37a2f0 2305->2317 2316->2317 2318 2f6108-2f6111 2316->2318 2326 2f6154-2f6160 2317->2326 2327 2f6173-2f61ac call 37e5a0 call 381ae0 call 37a2f0 2317->2327 2318->2317 2320 2f6113-2f6115 2318->2320 2320->2317 2326->2327 2328 2f6162-2f616b 2326->2328 2336 2f61ae-2f61ba 2327->2336 2337 2f61cd-2f6206 call 37e5a0 call 2f51e0 call 37a2f0 2327->2337 2328->2327 2330 2f616d-2f616f 2328->2330 2330->2327 2336->2337 2339 2f61bc-2f61c5 2336->2339 2346 2f6208-2f6214 2337->2346 2347 2f6227-2f6260 call 37e5a0 call 2f5350 call 37a2f0 2337->2347 2339->2337 2341 2f61c7-2f61c9 2339->2341 2341->2337 2346->2347 2348 2f6216-2f621f 2346->2348 2356 2f6262-2f626e 2347->2356 2357 2f6281-2f62e2 call 37e5a0 call 2f9cc0 call 37a880 call 37ae70 call 2e3b60 2347->2357 2348->2347 2350 2f6221-2f6223 2348->2350 2350->2347 2356->2357 2358 2f6270-2f6279 2356->2358 2370 2f62ed-2f62fe call 2e3b60 2357->2370 2371 2f62e4-2f62ea 2357->2371 2358->2357 2360 2f627b-2f627d 2358->2360 2360->2357 2375 2f6311-2f634a call 2e8240 * 3 call 3727a4 2370->2375 2376 2f6300-2f6307 2370->2376 2371->2370 2376->2375 2380 2f6309-2f630d 2376->2380 2380->2375
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(06E5DBC0), ref: 002F5A14
                                                                                                                                                                      • Part of subcall function 00328EC0: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,06E5DBC0), ref: 00328F22
                                                                                                                                                                      • Part of subcall function 00328EC0: GetLastError.KERNEL32(?,00000000,?,?,?,?,06E5DBC0), ref: 00328FEE
                                                                                                                                                                      • Part of subcall function 00328EC0: ___std_exception_copy.LIBVCRUNTIME ref: 0032905A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentErrorFileLastModuleNameProcess___std_exception_copy
                                                                                                                                                                    • String ID: %Y.%m.%d_%H.%M.%S.%f_$.txt$4$LineID$ProcessID$Severity$ThreadID$TimeStamp$UpTime$_pid=$en_US.UTF-8
                                                                                                                                                                    • API String ID: 1340941257-3898198101
                                                                                                                                                                    • Opcode ID: c93b2a5e245c271501a25227fdf99592d57488f0d48d2865a5954a6f7bd00fdc
                                                                                                                                                                    • Instruction ID: 5d46d6b9fd4d83939a3e8bab0c60de3904292fa4dccc7bf4fc20780860c8ba3b
                                                                                                                                                                    • Opcode Fuzzy Hash: c93b2a5e245c271501a25227fdf99592d57488f0d48d2865a5954a6f7bd00fdc
                                                                                                                                                                    • Instruction Fuzzy Hash: 35424B70D1425CDADB25DFA4CC45BDEBBB8AF15304F1081E9E509A7282EB749B88CF61
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00308800, Relevance: 18.3, APIs: 2, Strings: 8, Instructions: 793COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 2387 308800-30885a 2388 308860-308862 2387->2388 2389 30885c-30885e 2387->2389 2391 308865-30886e 2388->2391 2390 308874-3088bb call 2e9790 call 2e9890 call 305820 2389->2390 2399 3088ca-3088e5 2390->2399 2400 3088bd-3088c5 call 2ea700 2390->2400 2391->2391 2392 308870-308872 2391->2392 2392->2390 2402 3088f0-308901 call 305980 2399->2402 2403 3088e7-3088ec 2399->2403 2400->2399 2406 308904-30890b 2402->2406 2403->2402 2407 308911-308918 2406->2407 2408 30899b-3089a7 2406->2408 2409 30892a-308931 2407->2409 2410 30891a-308921 2407->2410 2411 3089e8-3089ee 2408->2411 2412 3089a9-3089b5 2408->2412 2417 308943-30895a call 375e70 2409->2417 2418 308933-30893a 2409->2418 2410->2409 2415 308923-308928 2410->2415 2413 3089f0-3089fc 2411->2413 2414 308a2a-308a6f call 2e3b60 call 2e9890 call 305820 2411->2414 2412->2411 2416 3089b7-3089cd 2412->2416 2413->2414 2421 3089fe-308a12 2413->2421 2447 308a71-308a79 call 2ea700 2414->2447 2448 308a7e-308a94 2414->2448 2415->2408 2415->2409 2416->2411 2426 3089cf-3089db 2416->2426 2427 308988-30898b call 305950 2417->2427 2428 30895c-308980 call 2e9890 call 308800 2417->2428 2418->2417 2422 30893c-308941 2418->2422 2421->2414 2436 308a14-308a20 2421->2436 2422->2408 2422->2417 2431 3089e3 2426->2431 2432 3089dd-3089e1 2426->2432 2439 308990-308996 2427->2439 2446 308985 2428->2446 2443 3089e5 2431->2443 2432->2443 2440 308a22-308a26 2436->2440 2441 308a28 2436->2441 2439->2406 2440->2414 2441->2414 2443->2411 2446->2427 2447->2448 2451 308a96-308a99 2448->2451 2452 308a9d-308aae call 305980 2448->2452 2451->2452 2455 308ab0-308aba 2452->2455 2456 308ac0-308ac7 2455->2456 2457 308ef3-308f35 call 2e3b60 * 3 MoveFileExW 2455->2457 2458 308ac9-308ad0 2456->2458 2459 308add-308ae4 2456->2459 2479 309124-309126 2457->2479 2480 308f3b-308f3d 2457->2480 2458->2459 2461 308ad2-308ad7 2458->2461 2462 308ae6-308aed 2459->2462 2463 308afa-308b1a call 375e70 2459->2463 2461->2457 2461->2459 2462->2463 2465 308aef-308af4 2462->2465 2470 308b20-308b24 2463->2470 2471 308edd-308ee0 call 305950 2463->2471 2465->2457 2465->2463 2474 308b26-308b28 2470->2474 2475 308b2a 2470->2475 2477 308ee5-308ee8 2471->2477 2478 308b2c-308b47 MoveFileExW 2474->2478 2475->2478 2477->2455 2485 308d0a-308d0c 2478->2485 2486 308b4d-308b4f 2478->2486 2483 309133-30914a call 2f44b0 2479->2483 2484 309128-30912d call 2f34c0 2479->2484 2481 308f4a-308f61 call 2f44b0 2480->2481 2482 308f3f-308f44 call 2f34c0 2480->2482 2505 308f67-308f8e call 2f2a70 2481->2505 2506 30909c-3090a4 2481->2506 2482->2481 2483->2506 2507 309150-30917b call 2f2a70 2483->2507 2484->2483 2491 308d19-308d2c call 2f44b0 2485->2491 2492 308d0e-308d13 call 2f34c0 2485->2492 2493 308b51-308b56 call 2f34c0 2486->2493 2494 308b5c-308b6f call 2f44b0 2486->2494 2512 308eb0-308ebc 2491->2512 2516 308d32-308d5d call 2f2a70 2491->2516 2492->2491 2493->2494 2494->2512 2513 308b75-308b9c call 2f2a70 2494->2513 2527 308f92-308f9c 2505->2527 2510 3090c4-3090ca 2506->2510 2511 3090a6-3090ad 2506->2511 2529 309180-30918a 2507->2529 2520 3090d9-3090f3 2510->2520 2521 3090cc-3090d4 call 2ea700 2510->2521 2511->2510 2517 3090af-3090bb 2511->2517 2512->2471 2524 308ebe-308ec5 2512->2524 2535 308ba0-308baa 2513->2535 2533 308d60-308d6a 2516->2533 2517->2510 2545 3090bd-3090bf 2517->2545 2530 309102-30911d call 3727a4 2520->2530 2531 3090f5-3090fd call 2ea700 2520->2531 2521->2520 2524->2471 2525 308ec7-308ed4 2524->2525 2525->2471 2554 308ed6-308ed8 2525->2554 2536 308fa2-309048 call 2f2ab0 call 2f09d0 * 7 call 2f0dc0 call 2f09d0 * 2 call 3156f0 2527->2536 2537 30908f-309091 2527->2537 2529->2537 2538 309190-309236 call 2f2ab0 call 2f09d0 * 7 call 2f0dc0 call 2f09d0 * 2 call 3156f0 2529->2538 2531->2530 2542 308d70-308e31 call 2f2ab0 call 2f09d0 * 7 call 2f0dc0 call 2f09d0 * 2 call 2ef8f0 call 2f3860 2533->2542 2543 308e95-308e97 2533->2543 2546 308bb0-308c74 call 2f2ab0 call 2f09d0 * 7 call 2f0dc0 call 2f09d0 * 2 call 2ef8f0 call 2f3860 2535->2546 2547 308ce4-308ce6 2535->2547 2536->2527 2655 30904e-309060 call 37b870 2536->2655 2537->2506 2550 309093-309099 call 37a5e0 2537->2550 2538->2529 2656 30923c-30924e call 37b870 2538->2656 2672 308e33-308e41 call 2ea700 2542->2672 2673 308e46-308e4e 2542->2673 2555 308ea9 2543->2555 2556 308e99-308ea2 call 37a5e0 2543->2556 2545->2510 2666 308c76-308c84 call 2ea700 2546->2666 2667 308c89-308c94 2546->2667 2552 308cf8-308cff 2547->2552 2553 308ce8-308cf1 call 37a5e0 2547->2553 2550->2506 2552->2512 2553->2552 2554->2471 2555->2512 2556->2555 2668 309062-309078 call 2f18f0 call 37ab20 2655->2668 2669 30907d-30908a call 37cd70 2655->2669 2670 309250-309266 call 2f18f0 call 37ab20 2656->2670 2671 30926b-309278 call 37cd70 2656->2671 2666->2667 2667->2535 2675 308c9a-308caf call 37b870 2667->2675 2668->2669 2669->2527 2670->2671 2671->2529 2672->2673 2673->2533 2681 308e54-308e66 call 37b870 2673->2681 2694 308cb1-308ccd call 2f18f0 call 37ab20 2675->2694 2695 308cd2-308cdf call 37cd70 2675->2695 2692 308e83-308e90 call 37cd70 2681->2692 2693 308e68-308e7e call 2f18f0 call 37ab20 2681->2693 2692->2533 2693->2692 2694->2695 2695->2535
                                                                                                                                                                    APIs
                                                                                                                                                                    • MoveFileExW.KERNEL32(?,00000000,00000004,00000002,00000000,?,00000000,?,00000000,000000FF,?,00000000,000000FF,?,?,06E5DBC0), ref: 00308B31
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileMove
                                                                                                                                                                    • String ID: $$DeleteTempOnNextReboot$Set Delete File On Next Reboot Done:$Set Delete File On Next Reboot Failed:$Set Delete Folder On Next Reboot Done:$Set Delete Folder On Next Reboot Failed:$]: $installer
                                                                                                                                                                    • API String ID: 3562171763-619542210
                                                                                                                                                                    • Opcode ID: 0aafaf5c79227cc1cbda28adcbfba79314e5451e040ba4f55af438e77ca69541
                                                                                                                                                                    • Instruction ID: 8f34e94846a0010b559af609e97aadd288f547b713c6b85d2feb8cac26043773
                                                                                                                                                                    • Opcode Fuzzy Hash: 0aafaf5c79227cc1cbda28adcbfba79314e5451e040ba4f55af438e77ca69541
                                                                                                                                                                    • Instruction Fuzzy Hash: F062D030E11248DBDF16EFA4C891BEEF7B5AF44700F14806AE4466B2C2DB74AE45CB95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00306D90, Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 424COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 2706 306d90-306df5 OpenProcess 2707 306dfb-306e23 K32GetModuleFileNameExW 2706->2707 2708 30719f-3071b1 2706->2708 2709 307007-307009 2707->2709 2710 306e29-306e2b 2707->2710 2711 3071b3-3071f9 call 3727c3 2708->2711 2712 307224-307246 call 2f44b0 2708->2712 2717 307016-307036 call 2f44b0 2709->2717 2718 30700b-307010 call 2f34c0 2709->2718 2714 306e38-306e58 call 2f44b0 2710->2714 2715 306e2d-306e32 call 2f34c0 2710->2715 2725 307204-30721d call 372a71 2711->2725 2726 3071fb-307202 2711->2726 2729 3073b2-3073c7 2712->2729 2730 30724c-307289 call 2f2a70 2712->2730 2736 306fb8-306fcd 2714->2736 2739 306e5e-306e9b call 2f2a70 2714->2739 2715->2714 2717->2736 2737 307038-307071 call 2f2a70 2717->2737 2718->2717 2725->2712 2726->2712 2726->2725 2733 3073c9-3073d3 2729->2733 2734 3073ea-307404 2729->2734 2753 307290-30729d 2730->2753 2733->2734 2740 3073d5-3073e1 2733->2740 2745 307406-307408 2734->2745 2746 307418-30741e 2734->2746 2743 306ff0-306ffc CloseHandle 2736->2743 2744 306fcf-306fd9 2736->2744 2757 307075-307082 2737->2757 2755 306ea0-306ead 2739->2755 2740->2734 2764 3073e3-3073e5 2740->2764 2743->2734 2744->2743 2750 306fdb-306fe7 2744->2750 2751 307430-30745c call 2e9790 call 3727a4 2745->2751 2752 307421-30742a 2746->2752 2750->2743 2773 306fe9-306feb 2750->2773 2752->2752 2758 30742c-30742e 2752->2758 2759 3072a3-307345 call 2f2ab0 call 2f09d0 * 7 call 2f0dc0 call 2f09d0 * 2 2753->2759 2760 30739b-30739d 2753->2760 2762 306eb3-306f55 call 2f2ab0 call 2f09d0 * 7 call 2f0dc0 call 2f09d0 * 2 2755->2762 2763 306fab-306fad 2755->2763 2757->2763 2765 307088-307138 call 2f2ab0 call 2f09d0 * 7 call 2f0dc0 call 2f09d0 * 2 call 30ff70 2757->2765 2758->2751 2759->2753 2841 30734b-307366 call 37b870 2759->2841 2760->2729 2768 30739f-3073a8 call 37a5e0 2760->2768 2762->2755 2846 306f5b-306f76 call 37b870 2762->2846 2763->2736 2771 306faf-306fb5 call 37a5e0 2763->2771 2764->2734 2765->2757 2850 30713e-307159 call 37b870 2765->2850 2768->2729 2771->2736 2773->2743 2851 307368-307384 call 2f18f0 call 37ab20 2841->2851 2852 307389-307396 call 37cd70 2841->2852 2857 306f78-306f94 call 2f18f0 call 37ab20 2846->2857 2858 306f99-306fa6 call 37cd70 2846->2858 2865 30715b-307177 call 2f18f0 call 37ab20 2850->2865 2866 30717c-307189 call 37cd70 2850->2866 2851->2852 2852->2753 2857->2858 2858->2755 2865->2866 2866->2757
                                                                                                                                                                    APIs
                                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,?,06E5DBC0), ref: 00306DE7
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,06E5DBC0), ref: 00306FF6
                                                                                                                                                                    • K32GetModuleFileNameExW.KERNEL32(00000000,00000000,?,00000104,?,06E5DBC0), ref: 00306E0A
                                                                                                                                                                      • Part of subcall function 002F34C0: new.LIBCMT ref: 002F34D6
                                                                                                                                                                    • new.LIBCMT ref: 003071BA
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                    • String ID: Failed to get module filename.$Failed to open process.$GetProcessName$Module filename is: $]: $installer
                                                                                                                                                                    • API String ID: 3183270410-1702822681
                                                                                                                                                                    • Opcode ID: c62518981ac8b4a7b4de89e36f59b625141eebb3283a7a825b060ac61a7f941d
                                                                                                                                                                    • Instruction ID: 6b5e50a20c3b3ec6d1740d1200c58458f2a65e2da9e4d40a9141f53f4e1975d6
                                                                                                                                                                    • Opcode Fuzzy Hash: c62518981ac8b4a7b4de89e36f59b625141eebb3283a7a825b060ac61a7f941d
                                                                                                                                                                    • Instruction Fuzzy Hash: 9602C330A122589BDF21EB60DC997AEF7B4AF44700F1041EAE409672C2DBB86F54CF95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002E4030, Relevance: 16.2, APIs: 1, Strings: 8, Instructions: 431COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 3024 2e4030-2e4077 CoInitializeEx 3025 2e407d-2e4240 call 2ee0b0 call 2e6670 call 2e6280 call 2e5ba0 call 2e5550 call 2e4d40 call 2e4760 call 2ebc10 call 2ebc60 call 2ebdf0 call 2ebc60 call 2ebdf0 call 2ebc60 call 2ebdf0 call 2ebc60 call 2ebdf0 call 2ebc60 call 2ebdf0 call 2ebc60 call 2ebda0 3024->3025 3026 2e4731-2e474c call 3727a4 3024->3026 3069 2e4255-2e427b 3025->3069 3070 2e4242-2e4250 call 2ea700 3025->3070 3072 2e427d-2e428b call 2ea700 3069->3072 3073 2e4290-2e42b6 3069->3073 3070->3069 3072->3073 3074 2e42cb-2e42f1 3073->3074 3075 2e42b8-2e42c6 call 2ea700 3073->3075 3078 2e4306-2e432c 3074->3078 3079 2e42f3-2e4301 call 2ea700 3074->3079 3075->3074 3081 2e432e-2e433c call 2ea700 3078->3081 3082 2e4341-2e4367 3078->3082 3079->3078 3081->3082 3084 2e437c-2e43a2 3082->3084 3085 2e4369-2e4377 call 2ea700 3082->3085 3087 2e43b7-2e43dd 3084->3087 3088 2e43a4-2e43b2 call 2ea700 3084->3088 3085->3084 3089 2e43df-2e43ed call 2ea700 3087->3089 3090 2e43f2-2e4418 3087->3090 3088->3087 3089->3090 3093 2e442d-2e4453 3090->3093 3094 2e441a-2e4428 call 2ea700 3090->3094 3096 2e4468-2e448e 3093->3096 3097 2e4455-2e4463 call 2ea700 3093->3097 3094->3093 3099 2e44a3-2e44c9 3096->3099 3100 2e4490-2e449e call 2ea700 3096->3100 3097->3096 3102 2e44de-2e4504 3099->3102 3103 2e44cb-2e44d9 call 2ea700 3099->3103 3100->3099 3105 2e4519-2e453f 3102->3105 3106 2e4506-2e4514 call 2ea700 3102->3106 3103->3102 3108 2e4554-2e457a 3105->3108 3109 2e4541-2e454f call 2ea700 3105->3109 3106->3105 3111 2e458f-2e45b5 3108->3111 3112 2e457c-2e458a call 2ea700 3108->3112 3109->3108 3114 2e45ca-2e45f0 3111->3114 3115 2e45b7-2e45c5 call 2ea700 3111->3115 3112->3111 3117 2e4605-2e462f 3114->3117 3118 2e45f2-2e4600 call 2ea700 3114->3118 3115->3114 3120 2e4644-2e46a1 call 2e74c0 call 2e6cf0 call 2e6fe0 call 2e8280 3117->3120 3121 2e4631-2e463f call 2ea700 3117->3121 3118->3117 3131 2e46b6-2e46bc 3120->3131 3132 2e46a3-2e46b1 call 2ea700 3120->3132 3121->3120 3134 2e46be-2e46c0 3131->3134 3135 2e46c2 3131->3135 3132->3131 3136 2e46c4-2e46c8 3134->3136 3135->3136 3137 2e46ce 3136->3137 3138 2e46ca-2e46cc 3136->3138 3139 2e46d0-2e46da 3137->3139 3138->3139 3140 2e46de-2e4700 call 2eedc0 call 2e8240 3139->3140 3141 2e46dc 3139->3141 3146 2e470f-2e472c call 2e8240 call 2e34d0 3140->3146 3147 2e4702-2e470a call 2ea240 3140->3147 3141->3140 3146->3026 3147->3146
                                                                                                                                                                    APIs
                                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000000,06E5DBC0), ref: 002E406F
                                                                                                                                                                      • Part of subcall function 002E74C0: CryptAcquireContextW.ADVAPI32(?,00000000,Microsoft Strong Cryptographic Provider,00000001,F0000000,?,00000000,06E5DBC0,00000000,00000000), ref: 002E753A
                                                                                                                                                                      • Part of subcall function 002E74C0: ___std_exception_copy.LIBVCRUNTIME ref: 002E765B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AcquireContextCryptInitialize___std_exception_copy
                                                                                                                                                                    • String ID: BASE >> $BIOS >> $DISK >> $MAC >> $VIDEO >> $WCID >> $($WCID21
                                                                                                                                                                    • API String ID: 1273979586-1420144820
                                                                                                                                                                    • Opcode ID: 917f592eb29d6aacc501308edbe197ea20b783544d407c36939981465af74f8f
                                                                                                                                                                    • Instruction ID: adfbf979a2914a0c1243eef65c4c6447a78c2e446417d9b693df4e8d6ef353b6
                                                                                                                                                                    • Opcode Fuzzy Hash: 917f592eb29d6aacc501308edbe197ea20b783544d407c36939981465af74f8f
                                                                                                                                                                    • Instruction Fuzzy Hash: FD1257708602A8DEDB61DB61CC89BDEB7B9BF14308F6040D9E009A3251DB756F98CF61
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0030B9E0, Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 250memoryCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 3152 30b9e0-30ba2a 3153 30ba9a-30bab6 call 2f44b0 3152->3153 3154 30ba2c-30ba6f call 3727c3 3152->3154 3161 30babc-30bae3 call 2f2a70 3153->3161 3162 30bc1f-30bc2e 3153->3162 3159 30ba71-30ba78 3154->3159 3160 30ba7a-30ba93 call 372a71 3154->3160 3159->3153 3159->3160 3160->3153 3171 30bae7-30baf1 3161->3171 3165 30bc30-30bc37 3162->3165 3166 30bc4f-30bc8f call 3163a0 call 371770 3162->3166 3165->3166 3170 30bc39-30bc46 3165->3170 3182 30bc91-30bced call 372720 call 3d6a34 call 2eba40 3166->3182 3183 30bcf2-30bd03 call 370ca0 3166->3183 3170->3166 3178 30bc48-30bc4a 3170->3178 3173 30bc01-30bc03 3171->3173 3174 30baf7-30bbb4 call 2f2ab0 call 2f09d0 * 7 call 2f0dc0 call 2f09d0 * 2 call 3156f0 call 2f09d0 call 3156f0 3171->3174 3173->3162 3180 30bc05-30bc0e call 37a5e0 3173->3180 3174->3171 3230 30bbba-30bbcc call 37b870 3174->3230 3178->3166 3180->3162 3182->3183 3192 30bd05-30bd08 call 2e3e50 3183->3192 3193 30bd0d-30bd24 call 3702f0 3183->3193 3192->3193 3203 30bd46-30bd63 call 3727a4 3193->3203 3204 30bd26-30bd2c 3193->3204 3204->3203 3206 30bd2e-30bd40 GetProcessHeap HeapFree 3204->3206 3206->3203 3233 30bbec-30bbfc call 37cd70 3230->3233 3234 30bbce-30bbe4 call 2f18f0 call 37ab20 3230->3234 3233->3171 3240 30bbe9 3234->3240 3240->3233
                                                                                                                                                                    APIs
                                                                                                                                                                    • new.LIBCMT ref: 0030BA33
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 0030BCBA
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0030BD39
                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 0030BD40
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$FreeProcess___std_exception_copy
                                                                                                                                                                    • String ID: . cmd=$RunInstallerWithUAC$]: $installer$run installer with uac. path=
                                                                                                                                                                    • API String ID: 3936351446-4270199412
                                                                                                                                                                    • Opcode ID: 84d3b8cb46d9a04082e7f84426d63e7bb8394d5c6e7e5af94c05589d27d42663
                                                                                                                                                                    • Instruction ID: f5f56993316a2332e88a16703684737adb1323f62da3fd905891924b15327a2f
                                                                                                                                                                    • Opcode Fuzzy Hash: 84d3b8cb46d9a04082e7f84426d63e7bb8394d5c6e7e5af94c05589d27d42663
                                                                                                                                                                    • Instruction Fuzzy Hash: 7DA1C270E012489BDF11DFA4C8557EEFBB5AF45700F14816AE4157B382DBB86E04CB95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003082E0, Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 301COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 3241 3082e0-308367 call 2e9ab0 call 3117b0 3246 308376-308397 3241->3246 3247 308369-308371 call 2ea240 3241->3247 3249 308404-30841d call 2f44b0 3246->3249 3250 308399-3083d9 call 3727c3 3246->3250 3247->3246 3255 308423-30844e call 2f2a70 3249->3255 3256 30855a-30855f 3249->3256 3257 3083e4-3083fd call 372a71 3250->3257 3258 3083db-3083e2 3250->3258 3268 308450-30845a 3255->3268 3261 308561-30856b 3256->3261 3262 308582-3085a0 3256->3262 3257->3249 3258->3249 3258->3257 3261->3262 3267 30856d-308579 3261->3267 3264 3085a2-3085aa 3262->3264 3265 308609-30860c 3262->3265 3269 3085c1-3085c4 3264->3269 3270 3085ac 3264->3270 3271 30865a-30865d 3265->3271 3272 30860e 3265->3272 3267->3262 3282 30857b-30857d 3267->3282 3274 308460-308506 call 2f2ab0 call 2f09d0 * 7 call 2f0dc0 call 2f09d0 * 2 call 3156d0 3268->3274 3275 30854d-30854f 3268->3275 3278 308600 3269->3278 3279 3085c6-3085ca 3269->3279 3276 3085b0-3085b4 3270->3276 3280 3086a0 3271->3280 3281 30865f-308667 3271->3281 3272->3271 3277 308610-308613 3272->3277 3274->3268 3357 30850c-30851e call 37b870 3274->3357 3275->3256 3288 308551-308557 call 37a5e0 3275->3288 3276->3279 3285 3085b6-3085bf 3276->3285 3286 308615-30861d 3277->3286 3287 308656-308658 3277->3287 3283 308602-308604 3278->3283 3289 3085f3-3085f8 3279->3289 3290 3085cc-3085cf 3279->3290 3293 3086a2-3086bd call 3727a4 3280->3293 3291 308697-30869d call 37279f 3281->3291 3292 308669-30866c 3281->3292 3282->3262 3283->3271 3294 308606 3283->3294 3285->3269 3285->3276 3296 30864d-308653 call 37279f 3286->3296 3297 30861f-308622 3286->3297 3287->3293 3288->3256 3289->3283 3290->3278 3300 3085d1-3085d7 3290->3300 3291->3280 3301 308673-308678 3292->3301 3302 30866e call 3e0381 3292->3302 3294->3265 3296->3287 3308 308624 call 3e0381 3297->3308 3309 308629-30862e 3297->3309 3300->3289 3312 3085d9-3085dc 3300->3312 3304 30867a call 3e0381 3301->3304 3305 30867f-308684 3301->3305 3302->3301 3304->3305 3316 308686 call 3e0381 3305->3316 3317 30868b-30868e 3305->3317 3308->3309 3321 308630 call 3e0381 3309->3321 3322 308635-30863a 3309->3322 3312->3278 3323 3085de-3085e4 3312->3323 3316->3317 3327 308690 call 3e0381 3317->3327 3328 308695 3317->3328 3321->3322 3324 308641-308644 3322->3324 3325 30863c call 3e0381 3322->3325 3323->3289 3331 3085e6-3085e9 3323->3331 3334 308646 call 3e0381 3324->3334 3335 30864b 3324->3335 3325->3324 3327->3328 3328->3291 3331->3278 3332 3085eb-3085f1 3331->3332 3332->3278 3332->3289 3334->3335 3335->3296 3360 308520-308536 call 2f18f0 call 37ab20 3357->3360 3361 30853b-308548 call 37cd70 3357->3361 3360->3361 3361->3268
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: .$DisableStubEvents$DisableStubEvents=$ReadDisableStubEvents$]: $installer$true
                                                                                                                                                                    • API String ID: 0-1302772787
                                                                                                                                                                    • Opcode ID: 115eb0235851c0d72b7d95d5ab0986884f624ff502ef867c5391f802e16f5d2f
                                                                                                                                                                    • Instruction ID: b9a84517894722fa532fd00da9235ad014490140e182fc39e1a9de699522ae15
                                                                                                                                                                    • Opcode Fuzzy Hash: 115eb0235851c0d72b7d95d5ab0986884f624ff502ef867c5391f802e16f5d2f
                                                                                                                                                                    • Instruction Fuzzy Hash: 74B14930E0128C8BDF16DBA4C8617AEBBB5AF01300F15416AE5926B2C2DF75AD44CB95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003E484D, Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 3367 3e484d-3e485b 3368 3e485d-3e486e call 3e4d69 call 3e0371 3367->3368 3369 3e4870-3e4880 3367->3369 3388 3e48c3-3e48c7 3368->3388 3370 3e4895-3e489b 3369->3370 3371 3e4882-3e4893 call 3e4d69 call 3e0371 3369->3371 3374 3e489d 3370->3374 3375 3e48a3-3e48a9 3370->3375 3393 3e48c2 3371->3393 3378 3e489f-3e48a1 3374->3378 3379 3e48b5-3e48bf call 3e4d69 3374->3379 3380 3e48ab 3375->3380 3381 3e48c8-3e48e2 call 3f902d call 3f8862 3375->3381 3378->3375 3378->3379 3394 3e48c1 3379->3394 3380->3379 3385 3e48ad-3e48b3 3380->3385 3396 3e4acc-3e4ae6 call 3e039e call 3ec678 3381->3396 3397 3e48e8-3e48f4 call 3f888e 3381->3397 3385->3379 3385->3381 3393->3388 3394->3393 3408 3e4afb-3e4afd 3396->3408 3409 3e4ae8-3e4aec call 3e484d 3396->3409 3397->3396 3403 3e48fa-3e4906 call 3f88ba 3397->3403 3403->3396 3410 3e490c-3e4913 3403->3410 3414 3e4af1-3e4af9 3409->3414 3412 3e4994-3e499f call 3ec6dd 3410->3412 3413 3e4915 3410->3413 3412->3394 3420 3e49a5-3e49b0 3412->3420 3416 3e491f-3e4924 3413->3416 3417 3e4917-3e491d 3413->3417 3414->3408 3416->3412 3419 3e4926 3416->3419 3417->3412 3417->3416 3421 3e4928-3e492e 3419->3421 3422 3e4930-3e494c call 3ec6dd 3419->3422 3423 3e49cc 3420->3423 3424 3e49b2-3e49bb call 3f907e 3420->3424 3421->3412 3421->3422 3422->3394 3430 3e4952-3e4955 3422->3430 3428 3e49cf-3e49e3 call 373590 3423->3428 3424->3423 3432 3e49bd-3e49ca 3424->3432 3437 3e49e5-3e49ed 3428->3437 3438 3e49f0-3e4a17 call 372f20 call 373590 3428->3438 3433 3e495b-3e4964 call 3f907e 3430->3433 3434 3e4a85-3e4a87 3430->3434 3432->3428 3433->3434 3441 3e496a-3e4982 call 3ec6dd 3433->3441 3434->3394 3437->3438 3447 3e4a19-3e4a22 3438->3447 3448 3e4a25-3e4a4c call 372f20 call 373590 3438->3448 3441->3394 3449 3e4988-3e498f 3441->3449 3447->3448 3454 3e4a4e-3e4a57 3448->3454 3455 3e4a5a-3e4a69 call 372f20 3448->3455 3449->3434 3454->3455 3458 3e4a6b 3455->3458 3459 3e4a96-3e4aaf 3455->3459 3462 3e4a6d-3e4a6f 3458->3462 3463 3e4a71-3e4a7f 3458->3463 3460 3e4a82 3459->3460 3461 3e4ab1-3e4aca 3459->3461 3460->3434 3461->3434 3462->3463 3464 3e4a8c-3e4a8e 3462->3464 3463->3460 3464->3434 3465 3e4a90 3464->3465 3465->3459 3466 3e4a92-3e4a94 3465->3466 3466->3434 3466->3459
                                                                                                                                                                    APIs
                                                                                                                                                                    • __allrem.LIBCMT ref: 003E49DA
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003E49F6
                                                                                                                                                                    • __allrem.LIBCMT ref: 003E4A0D
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003E4A2B
                                                                                                                                                                    • __allrem.LIBCMT ref: 003E4A42
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003E4A60
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                    • String ID: 1M/$1M/
                                                                                                                                                                    • API String ID: 1992179935-2278583072
                                                                                                                                                                    • Opcode ID: 6c1e419b374d38d4c7f13ce81631858d78ac7a0fa1667c3b509eb87a79b3a2fd
                                                                                                                                                                    • Instruction ID: 9abf12b3ad27f15bb240a99501a1ca606d9fd9c0062bc0b7f45910fed0d0cd1b
                                                                                                                                                                    • Opcode Fuzzy Hash: 6c1e419b374d38d4c7f13ce81631858d78ac7a0fa1667c3b509eb87a79b3a2fd
                                                                                                                                                                    • Instruction Fuzzy Hash: 95812A726007A69BE726AE6ACC41B6B73E8EF49334F15873AF510DB6C1E770D9004754
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F8DF2, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 3467 3f8df2-3f8e1a call 3f885c call 3f88ba 3472 3f8f42-3f8f9e call 3e039e call 3ed761 3467->3472 3473 3f8e20-3f8e2c call 3f8862 3467->3473 3484 3f8fa8-3f8fab 3472->3484 3485 3f8fa0-3f8fa6 3472->3485 3473->3472 3479 3f8e32-3f8e3e call 3f888e 3473->3479 3479->3472 3486 3f8e44-3f8e65 call 3ee435 GetTimeZoneInformation 3479->3486 3487 3f8fee-3f9000 3484->3487 3488 3f8fad-3f8fbd call 3ee0d4 3484->3488 3485->3487 3498 3f8f1e-3f8f41 call 3f8856 call 3f884a call 3f8850 3486->3498 3499 3f8e6b-3f8e8c 3486->3499 3491 3f9002-3f9005 3487->3491 3492 3f9010 3487->3492 3505 3f8fbf 3488->3505 3506 3f8fc7-3f8fe0 call 3ed761 3488->3506 3491->3492 3497 3f9007-3f900e call 3f8c1d 3491->3497 3494 3f9015-3f902c call 3ee435 call 3727a4 3492->3494 3495 3f9010 call 3f8df2 3492->3495 3495->3494 3497->3494 3502 3f8e8e-3f8e93 3499->3502 3503 3f8e96-3f8e9d 3499->3503 3502->3503 3509 3f8e9f-3f8ea6 3503->3509 3510 3f8eb5-3f8eb8 3503->3510 3512 3f8fc0-3f8fc5 call 3ee435 3505->3512 3520 3f8fe5-3f8feb call 3ee435 3506->3520 3521 3f8fe2-3f8fe3 3506->3521 3509->3510 3516 3f8ea8-3f8eb3 3509->3516 3517 3f8ebb-3f8edc call 3edbe4 WideCharToMultiByte 3510->3517 3529 3f8fed 3512->3529 3516->3517 3532 3f8ede-3f8ee1 3517->3532 3533 3f8eea-3f8eec 3517->3533 3520->3529 3521->3512 3529->3487 3532->3533 3534 3f8ee3-3f8ee8 3532->3534 3535 3f8eee-3f8f0a WideCharToMultiByte 3533->3535 3534->3535 3536 3f8f0c-3f8f0f 3535->3536 3537 3f8f19-3f8f1c 3535->3537 3536->3537 3538 3f8f11-3f8f17 3536->3538 3537->3498 3538->3498
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0042B218), ref: 003F8E5C
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,Pacific Standard Time,000000FF,00000000,0000003F,00000000,?,?), ref: 003F8ED4
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,Pacific Daylight Time,000000FF,?,0000003F,00000000,?), ref: 003F8F01
                                                                                                                                                                    • _free.LIBCMT ref: 003F8E4A
                                                                                                                                                                      • Part of subcall function 003EE435: RtlFreeHeap.NTDLL(00000000,00000000,?,003FF18C,?,00000000,?,00000000,?,003FF430,?,00000007,?,?,003FF819,?), ref: 003EE44B
                                                                                                                                                                      • Part of subcall function 003EE435: GetLastError.KERNEL32(?,?,003FF18C,?,00000000,?,00000000,?,003FF430,?,00000007,?,?,003FF819,?,?), ref: 003EE45D
                                                                                                                                                                    • _free.LIBCMT ref: 003F9016
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                    • String ID: 1M/$Pacific Daylight Time$Pacific Standard Time
                                                                                                                                                                    • API String ID: 1286116820-919189503
                                                                                                                                                                    • Opcode ID: 0e0d65efc860373578b070bd332508d0a27078337cd58b10b3d980c3dc0c26e5
                                                                                                                                                                    • Instruction ID: 2887b2736e4b4c76e18f53e139d67b5928bfff127b1c10e04feffeb5f1fcb919
                                                                                                                                                                    • Opcode Fuzzy Hash: 0e0d65efc860373578b070bd332508d0a27078337cd58b10b3d980c3dc0c26e5
                                                                                                                                                                    • Instruction Fuzzy Hash: 51511A7290025DEFCB16DF69DC419BAB7BCEF40310B51427AF610AB291EF709E418B95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FA030, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 3539 2fa030-2fa083 call 35bb22 3542 2fa085-2fa094 call 35bb22 3539->3542 3543 2fa0b4-2fa0ba 3539->3543 3551 2fa0a6-2fa0ae call 35bb7a 3542->3551 3552 2fa096-2fa0a1 3542->3552 3544 2fa0cc 3543->3544 3545 2fa0bc-2fa0c4 3543->3545 3550 2fa0ce-2fa0d2 3544->3550 3548 2fa0ca 3545->3548 3549 2fa150-2fa175 call 35bb7a call 3727a4 3545->3549 3548->3550 3553 2fa0e4-2fa0e6 3550->3553 3554 2fa0d4-2fa0dc call 35bdcb 3550->3554 3551->3543 3552->3551 3553->3549 3558 2fa0e8-2fa0ea 3553->3558 3554->3558 3567 2fa0de-2fa0e1 3554->3567 3560 2fa0ec-2fa0ee 3558->3560 3561 2fa0f0-2fa0f7 call 2fc220 3558->3561 3560->3549 3568 2fa0fc-2fa102 3561->3568 3567->3553 3569 2fa128-2fa13b 3568->3569 3570 2fa104-2fa123 call 3d83e3 3568->3570 3572 2fa13d-2fa141 3569->3572 3573 2fa143 3569->3573 3570->3569 3574 2fa147-2fa14d call 35bd9d 3572->3574 3573->3574 3574->3549
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002FA066
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002FA089
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002FA0A9
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002FA123
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 002FA148
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002FA153
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
                                                                                                                                                                    • String ID: 1k/$bad cast
                                                                                                                                                                    • API String ID: 2536120697-951108287
                                                                                                                                                                    • Opcode ID: a48ae2a8d1a80b7cd53691e0789100d7897adb2a77fbdb1623b5ce6e3f5fccd0
                                                                                                                                                                    • Instruction ID: 5bcd6fb59898ee10ae68671390f9e9ce9410a26e3e6dc654615f56a965719fd2
                                                                                                                                                                    • Opcode Fuzzy Hash: a48ae2a8d1a80b7cd53691e0789100d7897adb2a77fbdb1623b5ce6e3f5fccd0
                                                                                                                                                                    • Instruction Fuzzy Hash: 5C41E1B1D1021A8FCB11CF98D881BBEF7B4EB08750F11412AE909A7251DBB1AD05CB96
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00307EC0, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 208COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00315AF0: std::locale::_Init.LIBCPMT ref: 00315B20
                                                                                                                                                                    • new.LIBCMT ref: 00307F8F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Initstd::locale::_
                                                                                                                                                                    • String ID: .$ReadSendStubUACEvents$SendStubUACEvents$SendStubUACEvents=$]: $installer
                                                                                                                                                                    • API String ID: 1620887387-4054443095
                                                                                                                                                                    • Opcode ID: 4b72fd9d600b91e1ba89177fdbb1090fa353424237ffeda58ccfbc1391c80eb3
                                                                                                                                                                    • Instruction ID: 39e2f920723448a89d903840d427f8ce4d30abf1e42ac1bbd0c6727173a07e6e
                                                                                                                                                                    • Opcode Fuzzy Hash: 4b72fd9d600b91e1ba89177fdbb1090fa353424237ffeda58ccfbc1391c80eb3
                                                                                                                                                                    • Instruction Fuzzy Hash: 0F81DD70E013989BDF16DBA4C855BAEBBB1AF05700F04406AE4417B3C2DBB96E04CB96
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0031B700, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 131COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Exception@8Throw
                                                                                                                                                                    • String ID: expected value$t2B$|DC$|DC
                                                                                                                                                                    • API String ID: 2005118841-3295443653
                                                                                                                                                                    • Opcode ID: a68e205cf2b91c14cb0383be5d82d9d1583424131abef0c7e16604613473b61d
                                                                                                                                                                    • Instruction ID: 060757d3247720e9c12e8e2007694f53afbd2b3b702a6451e979ff49a8828e67
                                                                                                                                                                    • Opcode Fuzzy Hash: a68e205cf2b91c14cb0383be5d82d9d1583424131abef0c7e16604613473b61d
                                                                                                                                                                    • Instruction Fuzzy Hash: 7341D6759106089BCF19DF98D801BEDB7E8EF08714F00866EF8159B3C1DB75A9058B95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F4290, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 118registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\NET Framework Setup\NDP\v3.5,00000000,00020019,?), ref: 002F42E5
                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,Version,00000000,?,?,00000104), ref: 002F4314
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F4324
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F432F
                                                                                                                                                                    Strings
                                                                                                                                                                    • Software\Microsoft\NET Framework Setup\NDP\v3.5, xrefs: 002F42C9
                                                                                                                                                                    • Version, xrefs: 002F4309
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$OpenQueryValue
                                                                                                                                                                    • String ID: Software\Microsoft\NET Framework Setup\NDP\v3.5$Version
                                                                                                                                                                    • API String ID: 1607946009-2487358979
                                                                                                                                                                    • Opcode ID: 40d0486f1241970cabedf41b6568a9d767683091bc0d37f4e674c53af57732e0
                                                                                                                                                                    • Instruction ID: ed56cf2317cb0059be0c781d6fca8eb23209d3904f0773d9649befdfc97ebd09
                                                                                                                                                                    • Opcode Fuzzy Hash: 40d0486f1241970cabedf41b6568a9d767683091bc0d37f4e674c53af57732e0
                                                                                                                                                                    • Instruction Fuzzy Hash: D341C571A5021DABCB24FFA5AC89BEFB3B9AB08350F2001F9E909D6141D6B49E558F50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00319570, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 98COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00319688
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Exception@8Throw
                                                                                                                                                                    • String ID: L>F$L>F$L>F$L>F$L>F
                                                                                                                                                                    • API String ID: 2005118841-1434387317
                                                                                                                                                                    • Opcode ID: 26d27d9b91741e440335b6883dce2dbf36e38e4a2c73547a607454abf678baa2
                                                                                                                                                                    • Instruction ID: 66afabc9865ac02f0bda0dc1d8bf92d762ae1c3d2a386d6218cda79c95b258ae
                                                                                                                                                                    • Opcode Fuzzy Hash: 26d27d9b91741e440335b6883dce2dbf36e38e4a2c73547a607454abf678baa2
                                                                                                                                                                    • Instruction Fuzzy Hash: 48418FB0A043049FDB2ECF64C0607EABBF5AF0E314F21469FD446AB681D775A985CB84
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F3C20, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\NET Framework Setup\NDP\v3.5,00000000,00020019,?), ref: 002F3C5A
                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,Install,00000000,00000000,00000000,00000004), ref: 002F3C7A
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F3C87
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F3C9D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$OpenQueryValue
                                                                                                                                                                    • String ID: Install$Software\Microsoft\NET Framework Setup\NDP\v3.5
                                                                                                                                                                    • API String ID: 1607946009-1679568285
                                                                                                                                                                    • Opcode ID: e47979092c4dd368ee24972fcf9a3c6902c4cbb2a95953037ae88e62926abfe2
                                                                                                                                                                    • Instruction ID: 9a747d7c539fc55c041b25af601c1e23fc5b258e5af7258c6142e49c4e0f3a26
                                                                                                                                                                    • Opcode Fuzzy Hash: e47979092c4dd368ee24972fcf9a3c6902c4cbb2a95953037ae88e62926abfe2
                                                                                                                                                                    • Instruction Fuzzy Hash: D7119470A4020CABDF10DF90CD0ABFEBB78AB08701F118069EA057A181DB755B18CB65
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F3CE0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Client,00000000,00020019,?), ref: 002F3D1A
                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,Install,00000000,00000000,00000000,00000004), ref: 002F3D3A
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F3D47
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F3D5D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$OpenQueryValue
                                                                                                                                                                    • String ID: Install$Software\Microsoft\NET Framework Setup\NDP\v4\Client
                                                                                                                                                                    • API String ID: 1607946009-4260260141
                                                                                                                                                                    • Opcode ID: c3d11bb394a7cb3ccbe094668968d7153c4dd71ae5a311ed8555b90e58ed2346
                                                                                                                                                                    • Instruction ID: 991a0948ec55ccd2be460c92a8b6c033ac2d1a8e24afa3c40d601470c1b4703d
                                                                                                                                                                    • Opcode Fuzzy Hash: c3d11bb394a7cb3ccbe094668968d7153c4dd71ae5a311ed8555b90e58ed2346
                                                                                                                                                                    • Instruction Fuzzy Hash: 6A11A371A4020CFBDF14DF90DD46BFEB7B8AF08701F108069EA05AA182DB765A14CB65
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F3DA0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00020019,?), ref: 002F3DDA
                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,Install,00000000,00000000,00000000,00000004), ref: 002F3DFA
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F3E07
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F3E1D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$OpenQueryValue
                                                                                                                                                                    • String ID: Install$Software\Microsoft\NET Framework Setup\NDP\v4\Full
                                                                                                                                                                    • API String ID: 1607946009-105569139
                                                                                                                                                                    • Opcode ID: dbcd8d1901af523e0ea9c8517f0219b74142e49f068c2ce836d0a0f806ba33f7
                                                                                                                                                                    • Instruction ID: 16b6ad5b7ef0b7383343fa2177228edfe67e770f9cb11454ca4d523e6f12f26f
                                                                                                                                                                    • Opcode Fuzzy Hash: dbcd8d1901af523e0ea9c8517f0219b74142e49f068c2ce836d0a0f806ba33f7
                                                                                                                                                                    • Instruction Fuzzy Hash: 45119471A0020CABDF10DF90DD06BFEBB78AF08701F108069EA05AA1C1DB755A14CB65
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F3E60, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00020019,?), ref: 002F3E9D
                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,Release,00000000,00000000,00000000,00000004), ref: 002F3EBD
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F3ECA
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F3EE1
                                                                                                                                                                    Strings
                                                                                                                                                                    • Release, xrefs: 002F3EB5
                                                                                                                                                                    • Software\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 002F3E83
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$OpenQueryValue
                                                                                                                                                                    • String ID: Release$Software\Microsoft\NET Framework Setup\NDP\v4\Full
                                                                                                                                                                    • API String ID: 1607946009-1522824743
                                                                                                                                                                    • Opcode ID: c1ca5afc18e02b84ef53e7d466ffd9768e55146f5ea3b32ee8b59de08f3a1fdc
                                                                                                                                                                    • Instruction ID: 3105ef52a846d77fe68395647d10e22b4f59aecc8af6ecc7f3fb57e3f45f29c9
                                                                                                                                                                    • Opcode Fuzzy Hash: c1ca5afc18e02b84ef53e7d466ffd9768e55146f5ea3b32ee8b59de08f3a1fdc
                                                                                                                                                                    • Instruction Fuzzy Hash: 6D11A571A4020CEFDB00DFA0DD45BFEB7B8EF08301F51806AE906A6181DF765A18CB64
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F3F10, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00020019,?), ref: 002F3F4D
                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,Release,00000000,00000000,00000000,00000004), ref: 002F3F6D
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F3F7A
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F3F91
                                                                                                                                                                    Strings
                                                                                                                                                                    • Release, xrefs: 002F3F65
                                                                                                                                                                    • Software\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 002F3F33
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$OpenQueryValue
                                                                                                                                                                    • String ID: Release$Software\Microsoft\NET Framework Setup\NDP\v4\Full
                                                                                                                                                                    • API String ID: 1607946009-1522824743
                                                                                                                                                                    • Opcode ID: ffa185b6bdd7bb2571770a3ff0383c6c9f720fdcae775dae43728d1e7b43529a
                                                                                                                                                                    • Instruction ID: b13ada329f83b87a4616efbcb79d7c2e622ef4875d17016bb9233b3607ccf75c
                                                                                                                                                                    • Opcode Fuzzy Hash: ffa185b6bdd7bb2571770a3ff0383c6c9f720fdcae775dae43728d1e7b43529a
                                                                                                                                                                    • Instruction Fuzzy Hash: C811E571A4020CEFDB10DFA0DD45BFEB7B8EF08301F60816EE905A6181DB755A08CB64
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003ED906, Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: __cftoe
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4189289331-0
                                                                                                                                                                    • Opcode ID: d1ba5c04b0ecb133982362ab4d7dcf00f96c412f300de41c679fe9394d6bb734
                                                                                                                                                                    • Instruction ID: d4b5ca5d4dcfd4bc91bfdf7e80c2b320715d90e70a4d3ee3d7eddbf03a3aa082
                                                                                                                                                                    • Opcode Fuzzy Hash: d1ba5c04b0ecb133982362ab4d7dcf00f96c412f300de41c679fe9394d6bb734
                                                                                                                                                                    • Instruction Fuzzy Hash: 6F510932904255ABDB279F6ACC41FBE77B8EF49320F114329F815EA2C2DB35DA00C664
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003C3FF0, Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 442COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 003C3C40: ___std_exception_copy.LIBVCRUNTIME ref: 003C3D74
                                                                                                                                                                      • Part of subcall function 003C5130: new.LIBCMT ref: 003C5132
                                                                                                                                                                      • Part of subcall function 003C5160: new.LIBCMT ref: 003C5162
                                                                                                                                                                      • Part of subcall function 003D5860: LoadLibraryA.KERNEL32(?), ref: 003D587C
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 003C416C
                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 003C41C1
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 003C447E
                                                                                                                                                                      • Part of subcall function 0035BA95: std::invalid_argument::invalid_argument.LIBCONCRT ref: 0035BAA1
                                                                                                                                                                      • Part of subcall function 0035BA95: __CxxThrowException@8.LIBVCRUNTIME ref: 0035BAAF
                                                                                                                                                                    Strings
                                                                                                                                                                    • Unable to open message catalog: , xrefs: 003C4121
                                                                                                                                                                    • string too long, xrefs: 003C4584
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy$Exception@8Init_thread_footerLibraryLoadThrow___std_exception_destroystd::invalid_argument::invalid_argument
                                                                                                                                                                    • String ID: Unable to open message catalog: $string too long
                                                                                                                                                                    • API String ID: 4214346812-52554103
                                                                                                                                                                    • Opcode ID: 28bb0aa6ff1982970a696bb3fc18a196e6b256182f178d775b762398c41172cf
                                                                                                                                                                    • Instruction ID: 0c1923ecb95d21b941a8ad058191cf280f79b5cda3b45d300b94a812cd8b7b46
                                                                                                                                                                    • Opcode Fuzzy Hash: 28bb0aa6ff1982970a696bb3fc18a196e6b256182f178d775b762398c41172cf
                                                                                                                                                                    • Instruction Fuzzy Hash: 5702AA71900248DFCF16CF54C990BDEBBB5AF09304F55815EE859AB281DB74EE48CBA1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F70C0, Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3160817290-0
                                                                                                                                                                    • Opcode ID: 38c71102c26d30b89be3a688e3142e183eace21b64e37ebc67775fd059197945
                                                                                                                                                                    • Instruction ID: 6085f32f50d018cf5ddcad4182dafcc07306307f2604f385bb3d4dbdbb423e8d
                                                                                                                                                                    • Opcode Fuzzy Hash: 38c71102c26d30b89be3a688e3142e183eace21b64e37ebc67775fd059197945
                                                                                                                                                                    • Instruction Fuzzy Hash: 94F04C36548A1627C22337357C4BF7B2619CFC4761F634239F614DA1D1EE64CC064961
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002E25B0, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002E25E7
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002E2653
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002E266B
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 002E2672
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$DispatcherExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_ThrowUser___std_exception_copy
                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                    • API String ID: 2355598456-1405518554
                                                                                                                                                                    • Opcode ID: 083edca9be54b9ce537a1f22995cc52351ac943a35989c28c0a7193d1418b852
                                                                                                                                                                    • Instruction ID: bde08e261099cb0a9494f1eff39600ecb01e3ce4a65f0f4313652eed1109e3b9
                                                                                                                                                                    • Opcode Fuzzy Hash: 083edca9be54b9ce537a1f22995cc52351ac943a35989c28c0a7193d1418b852
                                                                                                                                                                    • Instruction Fuzzy Hash: E2219E718007489ECB21CFA5D941B8FBBF8EF58710F10861EE445A7641D779A608CBA4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F2176, Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 003EE0D4: RtlAllocateHeap.NTDLL(00000000,00000003,00000000,?,00000003,003F7143), ref: 003EE106
                                                                                                                                                                    • _free.LIBCMT ref: 003F2281
                                                                                                                                                                    • _free.LIBCMT ref: 003F2298
                                                                                                                                                                    • _free.LIBCMT ref: 003F22B7
                                                                                                                                                                    • _free.LIBCMT ref: 003F22D2
                                                                                                                                                                    • _free.LIBCMT ref: 003F22E9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _free$AllocateHeap
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3033488037-0
                                                                                                                                                                    • Opcode ID: d6d67d5e3d0f1169d51be4ca38cf53c72b867971b1239cc5055a713153a15ec5
                                                                                                                                                                    • Instruction ID: afd12f50bd4e83c9f2c5449f5deca529edf72993651fd168baa93dc3fc6ef7a2
                                                                                                                                                                    • Opcode Fuzzy Hash: d6d67d5e3d0f1169d51be4ca38cf53c72b867971b1239cc5055a713153a15ec5
                                                                                                                                                                    • Instruction Fuzzy Hash: 1351F331A00709EFDB22DF2ACC41A7BB7F4EF59720B554669EA09DB290E735E901CB40
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00375220, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 246COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00372720: __Init_thread_footer.LIBCMT ref: 00372783
                                                                                                                                                                      • Part of subcall function 00374E60: FindNextFileW.KERNEL32(00000008,?,06E5DBC0,?,?,?), ref: 00374EB2
                                                                                                                                                                      • Part of subcall function 00374E60: GetLastError.KERNEL32 ref: 00374EBC
                                                                                                                                                                      • Part of subcall function 00374E60: FindClose.KERNEL32(00000000), ref: 00374ED1
                                                                                                                                                                    • GetLastError.KERNEL32(boost::filesystem::directory_iterator::operator++,00000031,?,?,06E5DBC0,00000008,?,?,?,?,?,?,?,?,0040C910,000000FF), ref: 003753D9
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 003753FA
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,06E5DBC0,00000008,?,?,?,?,?,?,?,?,0040C910,000000FF), ref: 003754CA
                                                                                                                                                                    Strings
                                                                                                                                                                    • boost::filesystem::directory_iterator::operator++, xrefs: 003753B3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$Find$CloseException@8FileInit_thread_footerNextThrow
                                                                                                                                                                    • String ID: boost::filesystem::directory_iterator::operator++
                                                                                                                                                                    • API String ID: 2573509225-1439492258
                                                                                                                                                                    • Opcode ID: 35eb69914e66dff07e624c975bac9bc03c6897f0a94f8a93ee19ffef29dc0fd3
                                                                                                                                                                    • Instruction ID: cc28198a1550eb5428f4d18bf4b6560245623523ae405b679d69f7dc3904deb7
                                                                                                                                                                    • Opcode Fuzzy Hash: 35eb69914e66dff07e624c975bac9bc03c6897f0a94f8a93ee19ffef29dc0fd3
                                                                                                                                                                    • Instruction Fuzzy Hash: B5A19F71900648DFDB26DF64C984B9EBBF5FF08310F158529E85AD7291DB78E908CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0031A6C0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0031BEB0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0031C028
                                                                                                                                                                    • ___std_type_info_name.LIBVCRUNTIME ref: 0031A7B8
                                                                                                                                                                    Strings
                                                                                                                                                                    • conversion of type ", xrefs: 0031A78E
                                                                                                                                                                    • void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_, xrefs: 0031A7FE
                                                                                                                                                                    • " to data failed, xrefs: 0031A7CE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Ios_base_dtor___std_type_info_namestd::ios_base::_
                                                                                                                                                                    • String ID: " to data failed$conversion of type "$void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_
                                                                                                                                                                    • API String ID: 2756934762-3578818472
                                                                                                                                                                    • Opcode ID: 816f0dc720af348cca90b50407c1f97ef1ae141c390b9d8440e5d2429ab78cd4
                                                                                                                                                                    • Instruction ID: ddbea0e156b9d9014f6cac91e34aa3cc66467dbb0fc2e778c0f6616fb16e2a35
                                                                                                                                                                    • Opcode Fuzzy Hash: 816f0dc720af348cca90b50407c1f97ef1ae141c390b9d8440e5d2429ab78cd4
                                                                                                                                                                    • Instruction Fuzzy Hash: 9941C371904248EFDB19DBA4C855FEEBBB8AF08704F104159F841AB2C2DB756A48CBA1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F8F4D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _free.LIBCMT ref: 003F8FC0
                                                                                                                                                                    • _free.LIBCMT ref: 003F9016
                                                                                                                                                                      • Part of subcall function 003F8DF2: _free.LIBCMT ref: 003F8E4A
                                                                                                                                                                      • Part of subcall function 003F8DF2: GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0042B218), ref: 003F8E5C
                                                                                                                                                                      • Part of subcall function 003F8DF2: WideCharToMultiByte.KERNEL32(00000000,00000000,Pacific Standard Time,000000FF,00000000,0000003F,00000000,?,?), ref: 003F8ED4
                                                                                                                                                                      • Part of subcall function 003F8DF2: WideCharToMultiByte.KERNEL32(00000000,00000000,Pacific Daylight Time,000000FF,?,0000003F,00000000,?), ref: 003F8F01
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                    • String ID: 1M/
                                                                                                                                                                    • API String ID: 314583886-888036004
                                                                                                                                                                    • Opcode ID: 2dca058a19e29de5d518a57455012c945d1c5360bbaeeb88e0369c06e97543de
                                                                                                                                                                    • Instruction ID: 323dcc5f94f01b36b0b44eb0b2be006cb461fe080fef090be33aed28dd4bd3fc
                                                                                                                                                                    • Opcode Fuzzy Hash: 2dca058a19e29de5d518a57455012c945d1c5360bbaeeb88e0369c06e97543de
                                                                                                                                                                    • Instruction Fuzzy Hash: D9216B3280426D9BCB37AB259C41FFA777D8F81320F510396EA94A71C1EF745E818A91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002EAFF0, Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 002EB074
                                                                                                                                                                      • Part of subcall function 0035BA78: __CxxThrowException@8.LIBVCRUNTIME ref: 0035BA8F
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 002EB089
                                                                                                                                                                    • new.LIBCMT ref: 002EB08F
                                                                                                                                                                    • new.LIBCMT ref: 002EB0A3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Concurrency::cancel_current_task$Exception@8Throw
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3339364867-0
                                                                                                                                                                    • Opcode ID: 5597f04bf217e27dfcb3235f272ed9cb9df3b05176b40dc0ac99b0587abbac59
                                                                                                                                                                    • Instruction ID: 2de8db05071d865cd3a84eb79858703b2d791af98c746c96d0188b442526656a
                                                                                                                                                                    • Opcode Fuzzy Hash: 5597f04bf217e27dfcb3235f272ed9cb9df3b05176b40dc0ac99b0587abbac59
                                                                                                                                                                    • Instruction Fuzzy Hash: D7410371A60741DBCB25DF2AD881A2BF7E9EB44750F90062EE426CB790E731F918C761
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0030AAB0, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 201COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00328EC0: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,06E5DBC0), ref: 00328F22
                                                                                                                                                                      • Part of subcall function 00328EC0: GetLastError.KERNEL32(?,00000000,?,?,?,?,06E5DBC0), ref: 00328FEE
                                                                                                                                                                      • Part of subcall function 00328EC0: ___std_exception_copy.LIBVCRUNTIME ref: 0032905A
                                                                                                                                                                    • std::locale::_Init.LIBCPMT ref: 0030ABCF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileInitLastModuleName___std_exception_copystd::locale::_
                                                                                                                                                                    • String ID: .$BundleConfig.BundleId
                                                                                                                                                                    • API String ID: 395332877-3021630788
                                                                                                                                                                    • Opcode ID: 72c4fc048544d80d5778c00ed24651621634cda924c60baa550776a29ed3efb8
                                                                                                                                                                    • Instruction ID: 2cd56b7be0f7b214b4c4ac5c8fa4d3ad18e48f3a5a82062df82ecaa36170d08c
                                                                                                                                                                    • Opcode Fuzzy Hash: 72c4fc048544d80d5778c00ed24651621634cda924c60baa550776a29ed3efb8
                                                                                                                                                                    • Instruction Fuzzy Hash: AE818B70D10258DFEF16DBA4C895BEEBBB5FF05304F104199E409AB282DB756A88CF52
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003D59E0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LCMapStringW.KERNEL32(00000000,00000400,00000000,?,00000000,00000000,06E5DBC0), ref: 003D5A35
                                                                                                                                                                    • LCMapStringW.KERNEL32(00000000,00000400,00000000,?,00000000,?,00000001,00000000), ref: 003D5AA4
                                                                                                                                                                    Strings
                                                                                                                                                                    • invalid string position, xrefs: 003D5B76
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: String
                                                                                                                                                                    • String ID: invalid string position
                                                                                                                                                                    • API String ID: 2568140703-1799206989
                                                                                                                                                                    • Opcode ID: ee7b21d101f5d27a6e4f1b199da3e6ef256fa8172750ba17678052dc6ea70eff
                                                                                                                                                                    • Instruction ID: 086caa0bbfcc6aa4c131d362f26e364fcb34d5ef93c184caf9100dfbc9600670
                                                                                                                                                                    • Opcode Fuzzy Hash: ee7b21d101f5d27a6e4f1b199da3e6ef256fa8172750ba17678052dc6ea70eff
                                                                                                                                                                    • Instruction Fuzzy Hash: 77719B71A10648DFDB21CF98D884BAEBBF9FF08304F24451EE406A7380D774AA45CBA4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FC220, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: 1k/$L6C
                                                                                                                                                                    • API String ID: 0-2193881926
                                                                                                                                                                    • Opcode ID: 2c7f8c12c47523a8a50aa024e24eb11b52e123e4fdfee3d56de1226edc54e14c
                                                                                                                                                                    • Instruction ID: faf390f4053dfcaf20ee59f24a8e2ea9c3f30c49281fb7618ec7134ce7e92356
                                                                                                                                                                    • Opcode Fuzzy Hash: 2c7f8c12c47523a8a50aa024e24eb11b52e123e4fdfee3d56de1226edc54e14c
                                                                                                                                                                    • Instruction Fuzzy Hash: 1311A0B1A14209EBDB14CF94C951BA9F7A8FB54750F20812EED069B3C0EB79A914CB80
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F4291, Relevance: 4.7, APIs: 3, Instructions: 186COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 51d71fea2dfe2b8e27c051d6a856e58768ca4bcee6c052cafa8aab8abec9e795
                                                                                                                                                                    • Instruction ID: 000a319dac0c06e7750e46cb142cb1006d698c85feb24d3d543be123720ad181
                                                                                                                                                                    • Opcode Fuzzy Hash: 51d71fea2dfe2b8e27c051d6a856e58768ca4bcee6c052cafa8aab8abec9e795
                                                                                                                                                                    • Instruction Fuzzy Hash: 5A51D275A0015EABCF13DFA6C945BBF7BB8AF49314F15025AF600BB292D7748901CB61
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F9E00, Relevance: 4.7, APIs: 3, Instructions: 159threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00370770: TlsGetValue.KERNEL32(0000001C,?,0037C704,00000000,06E5DBC0,?,?), ref: 00370784
                                                                                                                                                                    • new.LIBCMT ref: 002F9E69
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 002F9F11
                                                                                                                                                                    • SetEvent.KERNEL32(00000000,?,00000004), ref: 002F9F81
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentEventThreadValue
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2548496174-0
                                                                                                                                                                    • Opcode ID: 2a69697d09cc2a4d5284abd127db5e7810623c1762ed3bd81ae605fed1955d05
                                                                                                                                                                    • Instruction ID: 57b1aeab11e4fd3ed71727430615c547731f8c29fee9ff187466802c0b0a921a
                                                                                                                                                                    • Opcode Fuzzy Hash: 2a69697d09cc2a4d5284abd127db5e7810623c1762ed3bd81ae605fed1955d05
                                                                                                                                                                    • Instruction Fuzzy Hash: F251E1B1900609DFCB05DF68C840BAAFBF8EF44350F14826EE50A9B291DB35AA55CB91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00374E60, Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindNextFileW.KERNEL32(00000008,?,06E5DBC0,?,?,?), ref: 00374EB2
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00374EBC
                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00374ED1
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Find$CloseErrorFileLastNext
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 256431386-0
                                                                                                                                                                    • Opcode ID: 44a7242a93db41aed9907350125e3a118be451c113a67046bbd07d1c0117af1a
                                                                                                                                                                    • Instruction ID: 6f6d54d4718156bc9b7f1c025fb7cdf24638c05d9dc2a7d99ef56b52a85243c3
                                                                                                                                                                    • Opcode Fuzzy Hash: 44a7242a93db41aed9907350125e3a118be451c113a67046bbd07d1c0117af1a
                                                                                                                                                                    • Instruction Fuzzy Hash: 134193B5904219DFDF65DF64C885BAABBF8FF08310F1085AAE80D97681DB786940CF50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0030A840, Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • UuidCreate.RPCRT4(00000000), ref: 0030A8CC
                                                                                                                                                                    • UuidToStringA.RPCRT4(00000000,?), ref: 0030A8E1
                                                                                                                                                                    • RpcStringFreeA.RPCRT4(00000000), ref: 0030A916
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: StringUuid$CreateFree
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3044360575-0
                                                                                                                                                                    • Opcode ID: 0f3ce012d42e672b9ab58da66346593185353b2c30cba19613322e46a0aa4920
                                                                                                                                                                    • Instruction ID: 60eff0fde79365fde137e859bc006979bb9a43250567bc88ba7791f89e8efd9a
                                                                                                                                                                    • Opcode Fuzzy Hash: 0f3ce012d42e672b9ab58da66346593185353b2c30cba19613322e46a0aa4920
                                                                                                                                                                    • Instruction Fuzzy Hash: 1C318170911748CFDB25CF98D954BEEBBF8EF48704F10425ED402A7681DBB55904CBA5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F45C6, Relevance: 4.6, APIs: 3, Instructions: 61COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindCloseChangeNotification.KERNEL32(00000000,00000000,0035C828,?,003F44E4,0035C828,00457450,0000000C), ref: 003F461C
                                                                                                                                                                    • GetLastError.KERNEL32(?,003F44E4,0035C828,00457450,0000000C), ref: 003F4626
                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 003F4651
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 490808831-0
                                                                                                                                                                    • Opcode ID: 2e081b1acfd691ac81360ea9c174a27abf40a118908f868be008834534ce50fb
                                                                                                                                                                    • Instruction ID: 1c3a7792c87af95f6cf2788c8108a6fdf342002fae59153aef236a9d92643b93
                                                                                                                                                                    • Opcode Fuzzy Hash: 2e081b1acfd691ac81360ea9c174a27abf40a118908f868be008834534ce50fb
                                                                                                                                                                    • Instruction Fuzzy Hash: 1A01667260416C1BC6273734E84677FAB498B83B30F2B022DFB68CB1C2DF648C858191
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003EC8F3, Relevance: 4.6, APIs: 3, Instructions: 54threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateThread.KERNEL32 ref: 003EC93C
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000008,00000008,?,0037178B,00000000,00000000,003719A0,?,00000004,00000000), ref: 003EC948
                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 003EC94F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2744730728-0
                                                                                                                                                                    • Opcode ID: 9d9cdb074cb346b92c64ce5d10226fe9b5cebbfc2abd5f638abe328ebb4e728d
                                                                                                                                                                    • Instruction ID: 59c916f3b0444fe7ab6d069be40beceb6fd83c8b524565d9c2142703e924d7cf
                                                                                                                                                                    • Opcode Fuzzy Hash: 9d9cdb074cb346b92c64ce5d10226fe9b5cebbfc2abd5f638abe328ebb4e728d
                                                                                                                                                                    • Instruction Fuzzy Hash: C501B9365102A9AFCF179FA3DC059EF3B69EF85760F050264FC0457192DB318912CBA0
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003ECA8B, Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,003ECA38,?,?,?,?), ref: 003ECAC4
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,003ECA38,?,?,?,?,?,?,?,?,?,00457288,0000001C), ref: 003ECACE
                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 003ECAD5
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2336955059-0
                                                                                                                                                                    • Opcode ID: 615305fa84b24415496535e3142ec61d235026f794ce73ec3ace31357326724b
                                                                                                                                                                    • Instruction ID: 93eeb34ebec3936956a36c99570c17f1905e2412d603aad32efc9643a7aa90d6
                                                                                                                                                                    • Opcode Fuzzy Hash: 615305fa84b24415496535e3142ec61d235026f794ce73ec3ace31357326724b
                                                                                                                                                                    • Instruction Fuzzy Hash: 6D012D32620568ABCB16DF66DC058AE7B29DB85320B250359F9119B2D0EA719D418790
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003EC853, Relevance: 4.5, APIs: 3, Instructions: 31threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 003F7144: GetLastError.KERNEL32(?,?,?,003E4D6E,003EDB52,?,003F70EE,00000001,00000364,?,003EC7C4,00457268,00000010), ref: 003F7149
                                                                                                                                                                      • Part of subcall function 003F7144: _free.LIBCMT ref: 003F717E
                                                                                                                                                                      • Part of subcall function 003F7144: SetLastError.KERNEL32(00000000), ref: 003F71B2
                                                                                                                                                                    • ExitThread.KERNEL32 ref: 003EC865
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,003EC985,?,?,003EC7FC,00000000), ref: 003EC88D
                                                                                                                                                                    • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,003EC985,?,?,003EC7FC,00000000), ref: 003EC8A3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorExitLastThread$CloseFreeHandleLibrary_free
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1198197534-0
                                                                                                                                                                    • Opcode ID: bc26b8cfd5f8abaf49521b9c5a64c2ad7c4e80cb82df92c408bae94019b9aedd
                                                                                                                                                                    • Instruction ID: 4f7f8ba35398d44a03fd2aee20319c1ea88da6ca1f7c46c8c7591041e3f065ef
                                                                                                                                                                    • Opcode Fuzzy Hash: bc26b8cfd5f8abaf49521b9c5a64c2ad7c4e80cb82df92c408bae94019b9aedd
                                                                                                                                                                    • Instruction Fuzzy Hash: 2BF0BE314006AC6BCB265B77CD08A6E7A98AF01720F0A97B4FC29C62E0DB30DC428650
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0036BA52, Relevance: 4.5, APIs: 3, Instructions: 17COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 0036BA59
                                                                                                                                                                    • _Getvals.LIBCPMT ref: 0036BA75
                                                                                                                                                                      • Part of subcall function 0036A443: __Getcvt.LIBCPMT ref: 0036A455
                                                                                                                                                                      • Part of subcall function 0036A443: std::_Locinfo::_Getdays.LIBCPMT ref: 0036A46E
                                                                                                                                                                      • Part of subcall function 0036A443: std::_Locinfo::_Getmonths.LIBCPMT ref: 0036A487
                                                                                                                                                                    • __Getdateorder.LIBCPMT ref: 0036BA7A
                                                                                                                                                                      • Part of subcall function 0036D6A6: ___crtGetLocaleInfoEx.LIBCPMT ref: 0036D6C2
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Locinfo::_std::_$GetcvtGetdateorderGetdaysGetmonthsGetvalsH_prolog3_catchInfoLocale___crt
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4028787925-0
                                                                                                                                                                    • Opcode ID: 17f24581fc160d8ed2c532f4e596fe5c331969a01cc73e62ad2530c696cc6d11
                                                                                                                                                                    • Instruction ID: 4dd903bfb483bd1f134448c1c90a271671108bb1f27699432cfb30e186ff03d5
                                                                                                                                                                    • Opcode Fuzzy Hash: 17f24581fc160d8ed2c532f4e596fe5c331969a01cc73e62ad2530c696cc6d11
                                                                                                                                                                    • Instruction Fuzzy Hash: 56E0B6F0D007049FD762EFB98505A1ABAF0EF08710B40C92EA08DEB601EB7596009BA5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00305600, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 156COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00372720: __Init_thread_footer.LIBCMT ref: 00372783
                                                                                                                                                                      • Part of subcall function 00304EF0: ___std_exception_copy.LIBVCRUNTIME ref: 00304F4D
                                                                                                                                                                      • Part of subcall function 00304EF0: new.LIBCMT ref: 00304FA4
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 003057B0
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    Strings
                                                                                                                                                                    • filesystem::recursive_directory_iterator directory error, xrefs: 00305781
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8Init_thread_footerThrowUser___std_exception_copy
                                                                                                                                                                    • String ID: filesystem::recursive_directory_iterator directory error
                                                                                                                                                                    • API String ID: 1712276224-1223082086
                                                                                                                                                                    • Opcode ID: 8ed1d0de2e0454436bc81b5547ddb8cc0fc8d9fe992526ae22e1e893f6082733
                                                                                                                                                                    • Instruction ID: 8c898641641e92575d47cd1f126fc129c8d7bcf4b3d9fd62209e7075dcc8a7a2
                                                                                                                                                                    • Opcode Fuzzy Hash: 8ed1d0de2e0454436bc81b5547ddb8cc0fc8d9fe992526ae22e1e893f6082733
                                                                                                                                                                    • Instruction Fuzzy Hash: 3A51AB30E01A09CFCB12CFA8C594AAEF7B4EF45720F65825AE425AB2D1D7359E01CF90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00309290, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 003117F0: new.LIBCMT ref: 00311829
                                                                                                                                                                    • new.LIBCMT ref: 00309328
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: 2
                                                                                                                                                                    • API String ID: 0-450215437
                                                                                                                                                                    • Opcode ID: 58a720195f9ad5b5e0b78cbd11c172b54661cf9b4e6346737caaceeccadef8b9
                                                                                                                                                                    • Instruction ID: 169b5e7e7bb7f60489b7488996e9d72a72bbf1e84e193f47a4a87fdd2f484a49
                                                                                                                                                                    • Opcode Fuzzy Hash: 58a720195f9ad5b5e0b78cbd11c172b54661cf9b4e6346737caaceeccadef8b9
                                                                                                                                                                    • Instruction Fuzzy Hash: C5519D74A017448FCB22CF58C85479EBBF4EB49710F05816AE856AB392DB789D05CF91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003074A0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0030FDF0: ___std_exception_copy.LIBVCRUNTIME ref: 0030FE4C
                                                                                                                                                                      • Part of subcall function 0030FDF0: ___std_exception_copy.LIBVCRUNTIME ref: 0030FEB7
                                                                                                                                                                      • Part of subcall function 0030FDF0: GetCurrentThreadId.KERNEL32 ref: 0030FEF2
                                                                                                                                                                    • SetEvent.KERNEL32(00000000,00463F04,00000000,000000FF,06E5DBC0), ref: 0030761C
                                                                                                                                                                      • Part of subcall function 002E3F20: GetProcessHeap.KERNEL32(00000000,00000008), ref: 002E3FFF
                                                                                                                                                                      • Part of subcall function 002E3F20: HeapFree.KERNEL32(00000000), ref: 002E4006
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap___std_exception_copy$CurrentEventFreeProcessThread
                                                                                                                                                                    • String ID: 4?F
                                                                                                                                                                    • API String ID: 3090538075-457333447
                                                                                                                                                                    • Opcode ID: 0cb4896da18fb60274c55a9216d7873597e0219d0d22248abb23a1a69cedf4e0
                                                                                                                                                                    • Instruction ID: 17694348b511326d495a823fdde3a25d36b0415caea0fc9247c40a850f45c950
                                                                                                                                                                    • Opcode Fuzzy Hash: 0cb4896da18fb60274c55a9216d7873597e0219d0d22248abb23a1a69cedf4e0
                                                                                                                                                                    • Instruction Fuzzy Hash: 7C410370D192889FDB16CF58DC64BAEBBB4FB05314F104129E012AB2D1DB796A44CF96
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F9D10, Relevance: 3.1, APIs: 2, Instructions: 81threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 002F9D50
                                                                                                                                                                    • SetEvent.KERNEL32(00000000,?,00000000,?), ref: 002F9DCC
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentEventThread
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2592414440-0
                                                                                                                                                                    • Opcode ID: 1c2f5d6a8b6d3aef3010720b04c1a8d68b2fda82e71c2c4191facf8a8eb056ca
                                                                                                                                                                    • Instruction ID: e5917b2d0791c5bdd20eb0a19de03b66756402dde87548d334cf9ee767812dbe
                                                                                                                                                                    • Opcode Fuzzy Hash: 1c2f5d6a8b6d3aef3010720b04c1a8d68b2fda82e71c2c4191facf8a8eb056ca
                                                                                                                                                                    • Instruction Fuzzy Hash: F031C171A0060ADFCB11DF58D840BAAFBF4FF45364F20453EEA1693290DB359924CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F3EAC, Relevance: 3.1, APIs: 2, Instructions: 77fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WriteFile.KERNEL32(7408458B,?,?,?,00000000,?,003E8E48,E0830C40,?,003F43E8,0035C84E,003E8E48,?,003E8E48,003E8E48,0035C84E), ref: 003F3F47
                                                                                                                                                                    • GetLastError.KERNEL32(?,003F43E8,0035C84E,003E8E48,?,003E8E48,003E8E48,0035C84E,003E8E48,?,00457430,00000014,003E885C,00000000,8304488B,0035C84E), ref: 003F3F70
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 442123175-0
                                                                                                                                                                    • Opcode ID: 87ac19994a9725c8a78bb3fc8e41076c3b8e2215e8e2445697d3713e5fad7d4d
                                                                                                                                                                    • Instruction ID: e405a72150d1b0d0f634733a531e8d9ca57fef6b3cded25c770671fc72931963
                                                                                                                                                                    • Opcode Fuzzy Hash: 87ac19994a9725c8a78bb3fc8e41076c3b8e2215e8e2445697d3713e5fad7d4d
                                                                                                                                                                    • Instruction Fuzzy Hash: 1721B175A10319DFCB26CF19D880AE9B7F8EB48301F1144AAEA4AD7251D730AE85CF60
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002E26A0, Relevance: 3.1, APIs: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 002E26C6
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002E275A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Locinfo::_Locinfo_dtorLockitLockit::~_
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3286764726-0
                                                                                                                                                                    • Opcode ID: 4b6ac5da7b619e3f383ebd46594e0c437d8631e8aaef42d7f69b7d65f5824a7e
                                                                                                                                                                    • Instruction ID: 3c000310dbad0196a0cdcb01ee3e6b35a73ec16cd279066070b401ee2f98c3e4
                                                                                                                                                                    • Opcode Fuzzy Hash: 4b6ac5da7b619e3f383ebd46594e0c437d8631e8aaef42d7f69b7d65f5824a7e
                                                                                                                                                                    • Instruction Fuzzy Hash: AE1166F1A00B81DBEB21DF27D845B17B3DCAB04710F444629E816D7781E7B5F5188B91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00371770, Relevance: 3.0, APIs: 2, Instructions: 41threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,002E3FB0,06E5DBC0), ref: 003717B1
                                                                                                                                                                    • ResumeThread.KERNEL32(?,?,?,?,002E3FB0,06E5DBC0), ref: 003717BF
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseHandleResumeThread
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3265327148-0
                                                                                                                                                                    • Opcode ID: 0ffb728b344de82f73829d0ed944d4d5c8aa68798f6288f96f398acd69dacbc8
                                                                                                                                                                    • Instruction ID: b24b5712d6ec41222a4f0050a3e8c0f5532cdd5f35c61e870ebc3bba371839cf
                                                                                                                                                                    • Opcode Fuzzy Hash: 0ffb728b344de82f73829d0ed944d4d5c8aa68798f6288f96f398acd69dacbc8
                                                                                                                                                                    • Instruction Fuzzy Hash: 9BF0F6726002019FD7218F9DDCC0F96B3A8FF49321F18816AF918D72A0D770E8929A50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003EC79F, Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(00457268,00000010), ref: 003EC7B2
                                                                                                                                                                    • ExitThread.KERNEL32 ref: 003EC7B9
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorExitLastThread
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1611280651-0
                                                                                                                                                                    • Opcode ID: 397391a964e1e6b5942e4827c54f24977aa5fcb86243b4a228ea7bd6d4b4ccd4
                                                                                                                                                                    • Instruction ID: be261172d927ad6d0e3d60701a50543716c3be029405a25b9c129a7f1773fe2b
                                                                                                                                                                    • Opcode Fuzzy Hash: 397391a964e1e6b5942e4827c54f24977aa5fcb86243b4a228ea7bd6d4b4ccd4
                                                                                                                                                                    • Instruction Fuzzy Hash: 5BF02271500608AFDB02AF70D84AAAD3B70FF45700F10425DF9056B2A2CF356901CBA5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00329940, Relevance: 3.0, APIs: 2, Instructions: 33networkCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CleanupStartup
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 915672949-0
                                                                                                                                                                    • Opcode ID: d7e96cd26abc257b243b1a152ebed2932d89b9b98260a832111abcd5c080158d
                                                                                                                                                                    • Instruction ID: bb3fcbfd69483b291f293ca444eecac90fc497126bb311abb34a1ac8d10def5d
                                                                                                                                                                    • Opcode Fuzzy Hash: d7e96cd26abc257b243b1a152ebed2932d89b9b98260a832111abcd5c080158d
                                                                                                                                                                    • Instruction Fuzzy Hash: B5F0893060010C9BDF25DF65A956BAAB3B9EB45310F4141EEE80EC7281DE355D46CA45
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002EF440, Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: GetctypeGetcvt
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 492523193-0
                                                                                                                                                                    • Opcode ID: 71066630eae5bdfc7e6e038a6866676dd5e8fb14c31a0574554e9c6cad8b2bb6
                                                                                                                                                                    • Instruction ID: 49e9571bd0801ef436bb717241c6ad046635ffe2d7d2a6ae9e53b023aed24a7b
                                                                                                                                                                    • Opcode Fuzzy Hash: 71066630eae5bdfc7e6e038a6866676dd5e8fb14c31a0574554e9c6cad8b2bb6
                                                                                                                                                                    • Instruction Fuzzy Hash: 01F0BBA1C04B988FD311DF6885418A6B3B4BE6D214B00A755DD8957132FB20F6D4C741
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00336760, Relevance: 3.0, APIs: 2, Instructions: 16sleepnetworkCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • WSASetLastError.WS2_32(00002726,?,00336018,0032A975,00000000), ref: 00336771
                                                                                                                                                                    • Sleep.KERNEL32(0032A975,?,00336018,0032A975,00000000), ref: 0033677D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastSleep
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1458359878-0
                                                                                                                                                                    • Opcode ID: bd8e61e9bac2c06e49aa2823d60fd003f8193e1e40bc1554c0719d38d22c7cfe
                                                                                                                                                                    • Instruction ID: 3dbb8725f03e8ff9041b301070004b16c43881afde580ff1d596fa2e3c4fe87a
                                                                                                                                                                    • Opcode Fuzzy Hash: bd8e61e9bac2c06e49aa2823d60fd003f8193e1e40bc1554c0719d38d22c7cfe
                                                                                                                                                                    • Instruction Fuzzy Hash: 54D012313542086FAB015BFDEC8B96637DC6B08BB6B44C625F92CC52D1DF21E4008565
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FEF10, Relevance: 1.6, APIs: 1, Instructions: 127COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00370770: TlsGetValue.KERNEL32(0000001C,?,0037C704,00000000,06E5DBC0,?,?), ref: 00370784
                                                                                                                                                                    • new.LIBCMT ref: 002FEF79
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Value
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                    • Opcode ID: 7ea9164372b0948ae9c2df4f2f99640437d799d092d4086da2201ca63944627f
                                                                                                                                                                    • Instruction ID: 5b4dcf9fcd612b715f19aa58efe703cbf706e8f5107f0f78c4691d501a2c4517
                                                                                                                                                                    • Opcode Fuzzy Hash: 7ea9164372b0948ae9c2df4f2f99640437d799d092d4086da2201ca63944627f
                                                                                                                                                                    • Instruction Fuzzy Hash: 6841D2B1900649EFCB05DF68C841BAAF7F8FF44700F148269E5099B391D775AA15CBE1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003135C0, Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 3e46b6075b3f23337987876aadd6f3b7b6657b27328ed00421737d63096d2fab
                                                                                                                                                                    • Instruction ID: 1449bcb5d69407e29d60034ca8ea28920e2686ce445e87f6cbdb2913c3ffb199
                                                                                                                                                                    • Opcode Fuzzy Hash: 3e46b6075b3f23337987876aadd6f3b7b6657b27328ed00421737d63096d2fab
                                                                                                                                                                    • Instruction Fuzzy Hash: 6E413C71E006599FDB19CF68D94179EF7F4AF48710F15862EE81AE7640E770AE44CB80
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0031BEB0, Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0031C028
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 323602529-0
                                                                                                                                                                    • Opcode ID: f59f12dc32b603dd9a65115af9983bde0d6486af51428d02babcd5a0be38e053
                                                                                                                                                                    • Instruction ID: 78bf433193dae4ac2bbdca26de25d3785e179717520de05d8c1b9a3d0550782b
                                                                                                                                                                    • Opcode Fuzzy Hash: f59f12dc32b603dd9a65115af9983bde0d6486af51428d02babcd5a0be38e053
                                                                                                                                                                    • Instruction Fuzzy Hash: 11416034A05258DFDB15DF58C855FDDBBB4AF05304F1080D9E84DAB282DB749A88CF52
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00305820, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • new.LIBCMT ref: 00305855
                                                                                                                                                                      • Part of subcall function 00305390: new.LIBCMT ref: 003053BD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 03d193b438f8c7bf8cadf01532e518e1377eb0ae68ecdc95386923fceff5c176
                                                                                                                                                                    • Instruction ID: e3197cf25ba14e88fa1fc1d1205141127ad1d057358f01541ba0963c028787ce
                                                                                                                                                                    • Opcode Fuzzy Hash: 03d193b438f8c7bf8cadf01532e518e1377eb0ae68ecdc95386923fceff5c176
                                                                                                                                                                    • Instruction Fuzzy Hash: 27319A71A01609DFCB01CF58C8A4BAAFBE8FF04324F148659E4159B391D7B59944CFD0
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003B6D90, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: acb5c2536692adbd008a30524e87d59a017fe73b0f90a5d73da48c9c34f528d0
                                                                                                                                                                    • Instruction ID: 2e96c84dc370006eb224960637d2aa68c2dbf9687bc6d4c6c1a1ba4cb9a14736
                                                                                                                                                                    • Opcode Fuzzy Hash: acb5c2536692adbd008a30524e87d59a017fe73b0f90a5d73da48c9c34f528d0
                                                                                                                                                                    • Instruction Fuzzy Hash: FA21CD75604245DBDB29CF19D401BA6FBF8FF04710F144A2EE9468BB81EB79E844CBA1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0038B570, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 35ce9f7400b3593ed6f1636fab2bd3eed024b218addc1186767bbb2c9df7a1f0
                                                                                                                                                                    • Instruction ID: d945aece76ad86b9f0d9ea634b7e2ad8a1de2a266a5b93f07e93809eb634e3ca
                                                                                                                                                                    • Opcode Fuzzy Hash: 35ce9f7400b3593ed6f1636fab2bd3eed024b218addc1186767bbb2c9df7a1f0
                                                                                                                                                                    • Instruction Fuzzy Hash: 64216AB1600206AFDB15DF68DC01AAABBE9EF49320F148669E816D7390EB75E910CB50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003253C0, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: bf47c52963cb3b5d0dd02056c698da1f4cd38f532522ca0e4586bde58ad15142
                                                                                                                                                                    • Instruction ID: 1d8cf2c260263ee7a2145687e8ba166a348f68509b9af051f802e3dd3b4e432b
                                                                                                                                                                    • Opcode Fuzzy Hash: bf47c52963cb3b5d0dd02056c698da1f4cd38f532522ca0e4586bde58ad15142
                                                                                                                                                                    • Instruction Fuzzy Hash: F21123B1904754EFD721DF59E841B8AFBF8EB04B20F10466AE811973C1C3B4AA44CBE1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003117F0, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • new.LIBCMT ref: 00311829
                                                                                                                                                                      • Part of subcall function 002F59C0: GetCurrentProcessId.KERNEL32(06E5DBC0), ref: 002F5A14
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2050909247-0
                                                                                                                                                                    • Opcode ID: ed4b6729f51fe19fa2a6c64afd71d73a0ecc0bb9a8ad259ac96d6f437f2047ee
                                                                                                                                                                    • Instruction ID: fcef19e275355e803e5fbe3e9bc51754df8aef92bf213c2473abc7055fcc3c92
                                                                                                                                                                    • Opcode Fuzzy Hash: ed4b6729f51fe19fa2a6c64afd71d73a0ecc0bb9a8ad259ac96d6f437f2047ee
                                                                                                                                                                    • Instruction Fuzzy Hash: 3711907190474AEFDB00CF99C840B9AFBF8FF49710F10812AE51597390D3B5A914CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00305390, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 6bd1dbc2753b39616dfc6b9e01f9f526335ea785ef66c50de3dbb4a19cc9328a
                                                                                                                                                                    • Instruction ID: 86f0a9874b0dab22b58ed6dd34d692ede950666c11e56f1c13ed589a87a79eac
                                                                                                                                                                    • Opcode Fuzzy Hash: 6bd1dbc2753b39616dfc6b9e01f9f526335ea785ef66c50de3dbb4a19cc9328a
                                                                                                                                                                    • Instruction Fuzzy Hash: 25117CB0D04205DBD719DF18D801B5ABBF8FF09710F10426EE4089B781D3B5AA84CBD5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00311280, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9660b990ea2250f36b43abb94c842988f877a465e9bcda6258dbcc272fcee5e4
                                                                                                                                                                    • Instruction ID: 9ba5a775003276d710c8ae5770fc5ceddfdc7369c38cb7eef1e110e714eb2084
                                                                                                                                                                    • Opcode Fuzzy Hash: 9660b990ea2250f36b43abb94c842988f877a465e9bcda6258dbcc272fcee5e4
                                                                                                                                                                    • Instruction Fuzzy Hash: 1211CEB1608644EFDB04CF59D800B96FBF8FB15720F10462AE4148B7D1D7B5AA90CBE1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00312570, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::locale::_Init.LIBCPMT ref: 003125A0
                                                                                                                                                                      • Part of subcall function 0035BDD1: __EH_prolog3.LIBCMT ref: 0035BDD8
                                                                                                                                                                      • Part of subcall function 0035BDD1: std::_Lockit::_Lockit.LIBCPMT ref: 0035BDE3
                                                                                                                                                                      • Part of subcall function 0035BDD1: std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 0035BDF6
                                                                                                                                                                      • Part of subcall function 0035BDD1: std::locale::_Setgloballocale.LIBCPMT ref: 0035BDFE
                                                                                                                                                                      • Part of subcall function 0035BDD1: _Yarn.LIBCPMT ref: 0035BE14
                                                                                                                                                                      • Part of subcall function 0035BDD1: std::_Lockit::~_Lockit.LIBCPMT ref: 0035BE52
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::locale::_$Lockitstd::_$H_prolog3InitLocimpLocimp::_Lockit::_Lockit::~_New_SetgloballocaleYarn
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2548088810-0
                                                                                                                                                                    • Opcode ID: 5cf3c867cfdd8d9c97b4831602ddf2a5f0ee2cf1bf282de613bda70e48686e62
                                                                                                                                                                    • Instruction ID: 4db490399d3b327a8da75fed9579fab044f87f5a613834a86aa19135aefb2d5f
                                                                                                                                                                    • Opcode Fuzzy Hash: 5cf3c867cfdd8d9c97b4831602ddf2a5f0ee2cf1bf282de613bda70e48686e62
                                                                                                                                                                    • Instruction Fuzzy Hash: E2116D71604204EFDB04CF58C845B99FBF9EB49B20F10826EE8159B3D1DBB29D008B90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002E7F30, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002E7F80
                                                                                                                                                                      • Part of subcall function 002EC1A0: __CxxThrowException@8.LIBVCRUNTIME ref: 002EC1EE
                                                                                                                                                                      • Part of subcall function 002EC1A0: ___std_exception_copy.LIBVCRUNTIME ref: 002EC21E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy$Exception@8Throw
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3804135023-0
                                                                                                                                                                    • Opcode ID: 64b00621917ae27df49a008741d6828b69f4e826227a13e58487a8fd479513d7
                                                                                                                                                                    • Instruction ID: 14c565f6550c29bb3731b6a6b97f320c321785b359af139d29fd704a83d57135
                                                                                                                                                                    • Opcode Fuzzy Hash: 64b00621917ae27df49a008741d6828b69f4e826227a13e58487a8fd479513d7
                                                                                                                                                                    • Instruction Fuzzy Hash: 471170B1D1064D9BCB00DFA4C941BDEF7F8FB48310F60826AE815B7281E7799A448BA4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003E9368, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 549b4eff0d4bf0d3574c730135c03545126a6ba11f6f9fa7e82d72ee018804ee
                                                                                                                                                                    • Instruction ID: fbed79a8dee909fb08bdd3dd67176aa168f9d14474963f0cb5f67b6e932dbce0
                                                                                                                                                                    • Opcode Fuzzy Hash: 549b4eff0d4bf0d3574c730135c03545126a6ba11f6f9fa7e82d72ee018804ee
                                                                                                                                                                    • Instruction Fuzzy Hash: 53F0C83A600A74A7DA373A6BDC01B6B33988F82334F150717F524DB5D2DAB5D8028B91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00315A50, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00315ABF
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8ThrowUser
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2513928553-0
                                                                                                                                                                    • Opcode ID: 09c373081efa9b0aaa746461b4fbc95e30047b10979ef617da037c9c2b32be03
                                                                                                                                                                    • Instruction ID: 1349d921b5210bc3f67692e0662dff2549f09d874bf52cc934dc7bd8c03320d0
                                                                                                                                                                    • Opcode Fuzzy Hash: 09c373081efa9b0aaa746461b4fbc95e30047b10979ef617da037c9c2b32be03
                                                                                                                                                                    • Instruction Fuzzy Hash: C7011275A10118AFC709DF54C951BCAB7B4AB48B10F10856AA8169B391DB349A48CB95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00305440, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d5dd7d33c6f3dde97b8c9ce7123138ace18da28c650339704d28e1a7d638b32c
                                                                                                                                                                    • Instruction ID: 380b3e4b5e82a75a3f8b24951ae59398a6832b5a6b00cdbfeaa1984f67d048b4
                                                                                                                                                                    • Opcode Fuzzy Hash: d5dd7d33c6f3dde97b8c9ce7123138ace18da28c650339704d28e1a7d638b32c
                                                                                                                                                                    • Instruction Fuzzy Hash: 700140B5904645EFD315DF58C801B56BBE8FF09710F10866AE408CB681E775E584CBD4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F4D00, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002F4D5A
                                                                                                                                                                      • Part of subcall function 002F9400: __CxxThrowException@8.LIBVCRUNTIME ref: 002F944E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Exception@8Throw___std_exception_copy
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 284963293-0
                                                                                                                                                                    • Opcode ID: dd6e20c9e84934f8b4c5912f5d72066731273c610580a832cbe4c5f182bed9c7
                                                                                                                                                                    • Instruction ID: 70f07c0b8639b7c1f17eb49769b2d181dabb9fb696cf30d3a0c0d6cf6a23d3fa
                                                                                                                                                                    • Opcode Fuzzy Hash: dd6e20c9e84934f8b4c5912f5d72066731273c610580a832cbe4c5f182bed9c7
                                                                                                                                                                    • Instruction Fuzzy Hash: AE0184B5D1024D9BCB00DFA4C941BEEBBF8EB48714F50426AE801B7341E7799618CBA4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00312CD0, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00312D41
                                                                                                                                                                      • Part of subcall function 0035C306: std::ios_base::_Tidy.LIBCPMT ref: 0035C326
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::ios_base::_$Ios_base_dtorTidy
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3167631304-0
                                                                                                                                                                    • Opcode ID: 3b15c1de726c680ac18730a305e7344ef847ab004ccb7fc332c1488cff6a9d00
                                                                                                                                                                    • Instruction ID: cc4bdff3d9998d6398cd95e9bcbb49e1e3f7d8ddce992df9ff4f61fae2ee9aa5
                                                                                                                                                                    • Opcode Fuzzy Hash: 3b15c1de726c680ac18730a305e7344ef847ab004ccb7fc332c1488cff6a9d00
                                                                                                                                                                    • Instruction Fuzzy Hash: 6F11C475610644CFD711CF64C444E49F7F8FB08704F1186AEE8458B351E735E902CB40
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00312DB0, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00312E21
                                                                                                                                                                      • Part of subcall function 0035C306: std::ios_base::_Tidy.LIBCPMT ref: 0035C326
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::ios_base::_$Ios_base_dtorTidy
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3167631304-0
                                                                                                                                                                    • Opcode ID: 9d7f7d1cbd45b3dc7b51ea2cd39ff0558b65237ae776d1bd801ad9bc86d5d9e8
                                                                                                                                                                    • Instruction ID: 0bc0a12d72415f06737abaaed2277bfa9ba4f3b7277fc3e19db1250b889e00e4
                                                                                                                                                                    • Opcode Fuzzy Hash: 9d7f7d1cbd45b3dc7b51ea2cd39ff0558b65237ae776d1bd801ad9bc86d5d9e8
                                                                                                                                                                    • Instruction Fuzzy Hash: C4115BB9A40248CFDB11CF45C480E49B7F8FB09318F1089AEE8869B351D736E945CF44
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F18F1, Relevance: 1.5, APIs: 1, Instructions: 39COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 003EDB00: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,003F70EE,00000001,00000364,?,003EC7C4,00457268,00000010), ref: 003EDB41
                                                                                                                                                                    • _free.LIBCMT ref: 003F1911
                                                                                                                                                                      • Part of subcall function 003EE435: RtlFreeHeap.NTDLL(00000000,00000000,?,003FF18C,?,00000000,?,00000000,?,003FF430,?,00000007,?,?,003FF819,?), ref: 003EE44B
                                                                                                                                                                      • Part of subcall function 003EE435: GetLastError.KERNEL32(?,?,003FF18C,?,00000000,?,00000000,?,003FF430,?,00000007,?,?,003FF819,?,?), ref: 003EE45D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocateErrorFreeLast_free
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 314386986-0
                                                                                                                                                                    • Opcode ID: 3c832ea6ed4c87e25ba23a790822ca8cd87735264078bc89e6056052f0dee265
                                                                                                                                                                    • Instruction ID: 7077fa97a3a725d1f23c14ee1cb9c686237e56c47084c0968b0e55b9fb4a6045
                                                                                                                                                                    • Opcode Fuzzy Hash: 3c832ea6ed4c87e25ba23a790822ca8cd87735264078bc89e6056052f0dee265
                                                                                                                                                                    • Instruction Fuzzy Hash: A8F03C71E00619AFC711DF69D442B5AB7F4EB48710F114266E918DB381E771A910CBD1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003EDB00, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,003F70EE,00000001,00000364,?,003EC7C4,00457268,00000010), ref: 003EDB41
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                    • Opcode ID: d8efaeff520d99f73f0900dc060eb0ba754a7d30e236549ca09b39d371f67bcf
                                                                                                                                                                    • Instruction ID: 1f915614fb065fb8d8cc810e4967913f0c6ee7a8c174ffa95c10ee0f16bb59f3
                                                                                                                                                                    • Opcode Fuzzy Hash: d8efaeff520d99f73f0900dc060eb0ba754a7d30e236549ca09b39d371f67bcf
                                                                                                                                                                    • Instruction Fuzzy Hash: 78F0E9316101BAE79F236B279C01F5B7748AF81760F178221E9149F4C0FB60EC0086E1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003EE0D4, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,00000003,00000000,?,00000003,003F7143), ref: 003EE106
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                    • Opcode ID: 513e619ee5e4f390589808390b1485cc2b9e070e8854f8a76d7e78f97e5ea530
                                                                                                                                                                    • Instruction ID: e5330abd79d7f03c0eec2e95ee9ffbe7b5c80568270e236033ea860d9c653fe6
                                                                                                                                                                    • Opcode Fuzzy Hash: 513e619ee5e4f390589808390b1485cc2b9e070e8854f8a76d7e78f97e5ea530
                                                                                                                                                                    • Instruction Fuzzy Hash: 92E0ED352002F8A7DA232667DC02B6B3A49AF813A0F024321EE04AA1D1DBB0CC40E1E2
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00307460, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00307473
                                                                                                                                                                      • Part of subcall function 00306CE0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00306D25
                                                                                                                                                                      • Part of subcall function 00306CE0: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00306D35
                                                                                                                                                                      • Part of subcall function 00306CE0: Process32NextW.KERNEL32(00000000,0000022C), ref: 00306D56
                                                                                                                                                                      • Part of subcall function 00306CE0: CloseHandle.KERNEL32(00000000), ref: 00306D6C
                                                                                                                                                                      • Part of subcall function 00306D90: OpenProcess.KERNEL32(00000410,00000000,?,06E5DBC0), ref: 00306DE7
                                                                                                                                                                      • Part of subcall function 00306D90: K32GetModuleFileNameExW.KERNEL32(00000000,00000000,?,00000104,?,06E5DBC0), ref: 00306E0A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ProcessProcess32$CloseCreateCurrentFileFirstHandleModuleNameNextOpenSnapshotToolhelp32
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1907774632-0
                                                                                                                                                                    • Opcode ID: a2e5b5952c861ab916811652fda3271b80e7c1b22ffee44c7e9187f1b36702cb
                                                                                                                                                                    • Instruction ID: 4e4b72d896aee9550d927209c72595fc04ef34862d1c13cfda8d0c7b13b2be00
                                                                                                                                                                    • Opcode Fuzzy Hash: a2e5b5952c861ab916811652fda3271b80e7c1b22ffee44c7e9187f1b36702cb
                                                                                                                                                                    • Instruction Fuzzy Hash: 9AD01271F0511857CA05A768781625D76E89B48611F004179F809D7345EE755A2542DA
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 00340F70, Relevance: 13.9, APIs: 4, Strings: 5, Instructions: 399COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000000), ref: 0034112C
                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00341136
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 0034114E
                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0034115C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                    • String ID: %02d:%02d%n$%02d:%02d:%02d%n$%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]$+$<
                                                                                                                                                                    • API String ID: 1452528299-2356964677
                                                                                                                                                                    • Opcode ID: 4474b05677dc37da3ab70e9085d288ff9e445ccd27fdb87ed378a5d44d5bb22e
                                                                                                                                                                    • Instruction ID: 6bef9b87f8eb577d7493fe4de5021cb87f463212ccdc979ec3a53d8db7d568b0
                                                                                                                                                                    • Opcode Fuzzy Hash: 4474b05677dc37da3ab70e9085d288ff9e445ccd27fdb87ed378a5d44d5bb22e
                                                                                                                                                                    • Instruction Fuzzy Hash: D2E1E571D006188BCF25DFA9D8816EDBBF5AF49320F25432AE925EF2C1D771AD818B50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004007F7, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,00400B16,?,00000000), ref: 00400890
                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,00400B16,?,00000000), ref: 004008B9
                                                                                                                                                                    • GetACP.KERNEL32(?,?,00400B16,?,00000000), ref: 004008CE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                                    • Opcode ID: 839c41e879a4200e2de8bd4df8a75a7b54833b48c6cd12e2fbc75fb7c7227f3c
                                                                                                                                                                    • Instruction ID: 69a3b784ec7aff3ef1a08d1378011ee5850e826ac17991d00b924ae6264c77cc
                                                                                                                                                                    • Opcode Fuzzy Hash: 839c41e879a4200e2de8bd4df8a75a7b54833b48c6cd12e2fbc75fb7c7227f3c
                                                                                                                                                                    • Instruction Fuzzy Hash: 16219023A00101AADB34AF55C800B9773A6FF54B54F9AC576E909F7284EB3ADD41C3D8
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004009CB, Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 003F70C0: GetLastError.KERNEL32(?,?,003EC7C4,00457268,00000010), ref: 003F70C4
                                                                                                                                                                      • Part of subcall function 003F70C0: _free.LIBCMT ref: 003F70F7
                                                                                                                                                                      • Part of subcall function 003F70C0: SetLastError.KERNEL32(00000000), ref: 003F7138
                                                                                                                                                                      • Part of subcall function 003F70C0: _abort.LIBCMT ref: 003F713E
                                                                                                                                                                      • Part of subcall function 003F70C0: _free.LIBCMT ref: 003F711F
                                                                                                                                                                      • Part of subcall function 003F70C0: SetLastError.KERNEL32(00000000), ref: 003F712C
                                                                                                                                                                    • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 00400AD7
                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000), ref: 00400B32
                                                                                                                                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 00400B41
                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001001,003F1EE7,00000040,?,003F2007,00000055,00000000,?,?,00000055,00000000), ref: 00400B89
                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001002,003F1F67,00000040), ref: 00400BA8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 745075371-0
                                                                                                                                                                    • Opcode ID: af62c1b94648f48455fd7424549606bc12e55e4edd9e2a3f972ce9881304a18d
                                                                                                                                                                    • Instruction ID: 93063bd3814afd263109f97316b9e9d71f020ef7f2a029c0aa4e0b4afc88094f
                                                                                                                                                                    • Opcode Fuzzy Hash: af62c1b94648f48455fd7424549606bc12e55e4edd9e2a3f972ce9881304a18d
                                                                                                                                                                    • Instruction Fuzzy Hash: B3516D72A00305ABDF10DFA5DC85BBF73B8AF14700F04447AA915BB291EB789A44CB69
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00400093, Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 003F70C0: GetLastError.KERNEL32(?,?,003EC7C4,00457268,00000010), ref: 003F70C4
                                                                                                                                                                      • Part of subcall function 003F70C0: _free.LIBCMT ref: 003F70F7
                                                                                                                                                                      • Part of subcall function 003F70C0: SetLastError.KERNEL32(00000000), ref: 003F7138
                                                                                                                                                                      • Part of subcall function 003F70C0: _abort.LIBCMT ref: 003F713E
                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,003F1EEE,?,?,?,?,003F1945,?,00000006), ref: 00400175
                                                                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 00400205
                                                                                                                                                                    • _wcschr.LIBVCRUNTIME ref: 00400213
                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,003F1EEE,00000000,003F200E), ref: 004002B6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4212172061-0
                                                                                                                                                                    • Opcode ID: e7c9c8fb2ab953669a86e9fd3fd594d5da1e7442395acb643c830787768baed9
                                                                                                                                                                    • Instruction ID: 2843f65e15beb43dc713cfa79a2f6bd9f83d39f5a1bc0e69ff224cd77442d041
                                                                                                                                                                    • Opcode Fuzzy Hash: e7c9c8fb2ab953669a86e9fd3fd594d5da1e7442395acb643c830787768baed9
                                                                                                                                                                    • Instruction Fuzzy Hash: E261F971600206AADB25AB25DC46BB773A8EF04710F14447FFA05EB2C1EB79ED40C7A9
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00375BF0, Relevance: 4.6, APIs: 3, Instructions: 80fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CreateFileW.KERNEL32(?,00000008,00000007,00000000,00000003,02200000,00000000,06E5DBC0,?,?,00000000), ref: 00375C33
                                                                                                                                                                    • DeviceIoControl.KERNEL32 ref: 00375C7A
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00375CB4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 33631002-0
                                                                                                                                                                    • Opcode ID: 4e9d03357cf6bc03e0bf7d60973ef1265a9e725a5f80ff7e8b2d9abb5ddf07ca
                                                                                                                                                                    • Instruction ID: 5a906560b019da9a77467e209b268dbbfef8200908ae96913dcfb6998e4aa8a7
                                                                                                                                                                    • Opcode Fuzzy Hash: 4e9d03357cf6bc03e0bf7d60973ef1265a9e725a5f80ff7e8b2d9abb5ddf07ca
                                                                                                                                                                    • Instruction Fuzzy Hash: 6A21FC71A84705ABEB37CB14DC46F9A77ACEB01B11F248225F919A72C0D7BC5A04CA65
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003E01A7, Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 003E029F
                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 003E02A9
                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 003E02B6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3906539128-0
                                                                                                                                                                    • Opcode ID: df88c2a6b3223ddc225e47b17c95ef55d8d6bf185f845d5c34b87e0d4a71aed8
                                                                                                                                                                    • Instruction ID: d49a400eeccba8a10e4fdd18b7c6da70cab0fc6ab4dd8b0b238c67ae2a03210c
                                                                                                                                                                    • Opcode Fuzzy Hash: df88c2a6b3223ddc225e47b17c95ef55d8d6bf185f845d5c34b87e0d4a71aed8
                                                                                                                                                                    • Instruction Fuzzy Hash: B731F7749012289BCB22DF24D98978DB7B4BF08310F5082EAE81CA7250E7749F818F44
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F0822, Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000003,?,003F07F8,00000003,00457348,0000000C,003F090B,00000003,00000002,00000000,?,003EE0D3,00000003), ref: 003F0843
                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,003F07F8,00000003,00457348,0000000C,003F090B,00000003,00000002,00000000,?,003EE0D3,00000003), ref: 003F084A
                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 003F085C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                    • Opcode ID: 10ba8f3d16142e3d71a04803a7a92ce63521ed02d436929bb272c18aa182dd5d
                                                                                                                                                                    • Instruction ID: 9bf5c1d476bb32c36e7a166c43be65cceb7246c09bf0bccac907138168f38984
                                                                                                                                                                    • Opcode Fuzzy Hash: 10ba8f3d16142e3d71a04803a7a92ce63521ed02d436929bb272c18aa182dd5d
                                                                                                                                                                    • Instruction Fuzzy Hash: B2E0BF3100054CABCF166F54DD49AA93B69EB44791F014468FA055A172CF35ED46DA84
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F9C71, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,003F1945,?,00000006), ref: 003F9CC4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                    • String ID: GetLocaleInfoEx
                                                                                                                                                                    • API String ID: 2299586839-2904428671
                                                                                                                                                                    • Opcode ID: 266e5b00a7bef875bd581d95ab1778a32ccf848357dc01c57b6060e31b499793
                                                                                                                                                                    • Instruction ID: fa744c75a313108dde73f06e611cb30f0ed2aa3999409c592c92d99dc3fcd96d
                                                                                                                                                                    • Opcode Fuzzy Hash: 266e5b00a7bef875bd581d95ab1778a32ccf848357dc01c57b6060e31b499793
                                                                                                                                                                    • Instruction Fuzzy Hash: 2FF0F03164031CBBCB02AF61AC06FBE7B74EF44B21F10402AFD056A291CA32892097D8
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002EEF70, Relevance: 3.0, APIs: 2, Instructions: 14encryptionCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 002EEF7D
                                                                                                                                                                    • CryptDestroyHash.ADVAPI32(?,?,00000000), ref: 002EEF88
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Crypt$ContextDestroyHashRelease
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3989222877-0
                                                                                                                                                                    • Opcode ID: ee133a873b1e5dd35f1c587b2e8f54039cfdb855f65bc6899d5be56cdf4d8d94
                                                                                                                                                                    • Instruction ID: 09cb358949f684ecfa0fa5bd5f191657441814055a483d534f64fe5eea395035
                                                                                                                                                                    • Opcode Fuzzy Hash: ee133a873b1e5dd35f1c587b2e8f54039cfdb855f65bc6899d5be56cdf4d8d94
                                                                                                                                                                    • Instruction Fuzzy Hash: 2AD0C936140218EFCB009F88E844AC57FE8EF0D761F014465FA498B231CB72A858CF85
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00400356, Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 003F70C0: GetLastError.KERNEL32(?,?,003EC7C4,00457268,00000010), ref: 003F70C4
                                                                                                                                                                      • Part of subcall function 003F70C0: _free.LIBCMT ref: 003F70F7
                                                                                                                                                                      • Part of subcall function 003F70C0: SetLastError.KERNEL32(00000000), ref: 003F7138
                                                                                                                                                                      • Part of subcall function 003F70C0: _abort.LIBCMT ref: 003F713E
                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(0040047E,00000001,00000000,?,003F1EE7,?,00400AAB,00000000,?,?,?), ref: 004003C8
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1084509184-0
                                                                                                                                                                    • Opcode ID: d7c38c66986d9f81b3f8b9c18c0306108a422d835ecd4ffdb61f78cab2f8d973
                                                                                                                                                                    • Instruction ID: 3ac71d948443745f7a7b6fa936a97ec9858c6f7e6e1aa7e31e998d97ea5afde4
                                                                                                                                                                    • Opcode Fuzzy Hash: d7c38c66986d9f81b3f8b9c18c0306108a422d835ecd4ffdb61f78cab2f8d973
                                                                                                                                                                    • Instruction Fuzzy Hash: C11125362007059FDB289F39C8917BABB92FF84358F15843EEA8697B80D775A842C744
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 004003F1, Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 003F70C0: GetLastError.KERNEL32(?,?,003EC7C4,00457268,00000010), ref: 003F70C4
                                                                                                                                                                      • Part of subcall function 003F70C0: _free.LIBCMT ref: 003F70F7
                                                                                                                                                                      • Part of subcall function 003F70C0: SetLastError.KERNEL32(00000000), ref: 003F7138
                                                                                                                                                                      • Part of subcall function 003F70C0: _abort.LIBCMT ref: 003F713E
                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(004006CE,00000001,00000006,?,003F1EE7,?,00400A6F,003F1EE7,?,?,?,?,?,003F1EE7,?,?), ref: 0040043D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1084509184-0
                                                                                                                                                                    • Opcode ID: c330f9d97c4cbe20543b398e503c69e8ac4b02ea8d3fd6ef64782a571fe4b8e2
                                                                                                                                                                    • Instruction ID: 55d027d4b933624a7d90ba4813d3ace57ea74a5451e18901f7aefd72d91945b2
                                                                                                                                                                    • Opcode Fuzzy Hash: c330f9d97c4cbe20543b398e503c69e8ac4b02ea8d3fd6ef64782a571fe4b8e2
                                                                                                                                                                    • Instruction Fuzzy Hash: 5AF022323003045FDB245F399C91B7B7B91EF81328F05883EFA059B680D6B69C02C648
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F9725, Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 003ED895: EnterCriticalSection.KERNEL32(?,?,003F6E60,?,00457510,00000008,003F6F2E,?,?,?), ref: 003ED8A4
                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(003F96DF,00000001,00457630,0000000C), ref: 003F975D
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1272433827-0
                                                                                                                                                                    • Opcode ID: 39033bb47a9470a076b8ca76b2e9df698d762e6c320c979f2478ba2454b1c882
                                                                                                                                                                    • Instruction ID: 7f3197eb6c29cfad4d63a6d8edaf363f3e2a1241a58b2f4668df0d0c54f56977
                                                                                                                                                                    • Opcode Fuzzy Hash: 39033bb47a9470a076b8ca76b2e9df698d762e6c320c979f2478ba2454b1c882
                                                                                                                                                                    • Instruction Fuzzy Hash: 7EF03C32620204EFD711EF68D846B9937A1AB04B21F108166F514DF2E2DA758A489B45
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0040030B, Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 003F70C0: GetLastError.KERNEL32(?,?,003EC7C4,00457268,00000010), ref: 003F70C4
                                                                                                                                                                      • Part of subcall function 003F70C0: _free.LIBCMT ref: 003F70F7
                                                                                                                                                                      • Part of subcall function 003F70C0: SetLastError.KERNEL32(00000000), ref: 003F7138
                                                                                                                                                                      • Part of subcall function 003F70C0: _abort.LIBCMT ref: 003F713E
                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(00400262,00000001,00000006,?,?,00400ACD,003F1EE7,?,?,?,?,?,003F1EE7,?,?,?), ref: 00400342
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1084509184-0
                                                                                                                                                                    • Opcode ID: 67f51f258692dc56c1ea160d1c80b5e20a6c40d75cf8e55a2bed206aa71462f6
                                                                                                                                                                    • Instruction ID: be42cd071f3dd0d93557232c7f70986ab1533265288c0762a975937b66b44357
                                                                                                                                                                    • Opcode Fuzzy Hash: 67f51f258692dc56c1ea160d1c80b5e20a6c40d75cf8e55a2bed206aa71462f6
                                                                                                                                                                    • Instruction Fuzzy Hash: EFF0E53630020997CB05AF75DC55BAB7F94FFC2710F0B406DEE098B291C6799846C794
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00340000, Relevance: 47.5, APIs: 19, Strings: 8, Instructions: 204COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 0034002A
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00340053
                                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 00340065
                                                                                                                                                                    • __allrem.LIBCMT ref: 0034008A
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00340098
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003400A8
                                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 003400BA
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003400E0
                                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 003400F2
                                                                                                                                                                    • __allrem.LIBCMT ref: 00340114
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00340122
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00340132
                                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 00340144
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00340169
                                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 0034017B
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003401A0
                                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 003401B2
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003401C9
                                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 003401DB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$___swprintf_l$__allrem
                                                                                                                                                                    • String ID: %2I64d.%0I64dG$%2I64d.%0I64dM$%4I64dG$%4I64dM$%4I64dP$%4I64dT$%4I64dk$%5I64d
                                                                                                                                                                    • API String ID: 2797256748-2102732564
                                                                                                                                                                    • Opcode ID: f2ec5a736abd3bbb41d47f20e7cf7fef19786156f3e9061c3cc911567d4aef66
                                                                                                                                                                    • Instruction ID: b2b3d19c9c5795c81a1eb5cdd048b3de44c4d431c18a7725d76adef93f61111d
                                                                                                                                                                    • Opcode Fuzzy Hash: f2ec5a736abd3bbb41d47f20e7cf7fef19786156f3e9061c3cc911567d4aef66
                                                                                                                                                                    • Instruction Fuzzy Hash: 4C41A07BB8166036E93765492C03FAF22ADDBD2F65F150029FB08BF181D168795142FD
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003803C0, Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 133libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,06E5DBC0,009C2AC0,0037C6FC,?,?,0037C6FC,06E5DBC0), ref: 003803ED
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 00380409
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 0038041B
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0038042E
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00380441
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00380450
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0038045F
                                                                                                                                                                    • new.LIBCMT ref: 00380469
                                                                                                                                                                    • new.LIBCMT ref: 003804C3
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                                                    • String ID: AcquireSRWLockExclusive$InitializeConditionVariable$InitializeSRWLock$ReleaseSRWLockExclusive$SleepConditionVariableSRW$WakeAllConditionVariable$kernel32.dll
                                                                                                                                                                    • API String ID: 667068680-3190095727
                                                                                                                                                                    • Opcode ID: 921d19cec4ec1d3a00f8d95ab04adc6b964ea2471f640bda71d1be5cd67f57f6
                                                                                                                                                                    • Instruction ID: d174589f2025d2331791dcbaf30edd6340d7381df159560bce8b2c3146dbb42c
                                                                                                                                                                    • Opcode Fuzzy Hash: 921d19cec4ec1d3a00f8d95ab04adc6b964ea2471f640bda71d1be5cd67f57f6
                                                                                                                                                                    • Instruction Fuzzy Hash: F7410271A40B259BD721AF59D840B9BF7F8EF44B10F01452EE90AA3780D7B9D5088FD4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00370850, Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 215libraryloadertimeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • TlsGetValue.KERNEL32(0000001C,06E5DBC0,74B05520,0040C324), ref: 003708BD
                                                                                                                                                                    • TlsGetValue.KERNEL32(0000001C), ref: 003708D2
                                                                                                                                                                    • TlsGetValue.KERNEL32(0000001C), ref: 003708EE
                                                                                                                                                                    • CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 0037091E
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32.DLL,SetWaitableTimerEx), ref: 00370968
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 0037096F
                                                                                                                                                                    • WaitForMultipleObjectsEx.KERNEL32(00000000,?,00000000,00000000,00000000,06E5DBC0,74B05520,0040C324), ref: 003709F9
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00370A57
                                                                                                                                                                    • TlsGetValue.KERNEL32(0000001C), ref: 00370A8A
                                                                                                                                                                    • ResetEvent.KERNEL32(?), ref: 00370A93
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00370AA2
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00370AB8
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Value$Handle$Close$AddressCreateEventException@8ModuleMultipleObjectsProcResetThrowTimerWaitWaitable
                                                                                                                                                                    • String ID: KERNEL32.DLL$SetWaitableTimerEx
                                                                                                                                                                    • API String ID: 888221587-2877992516
                                                                                                                                                                    • Opcode ID: c1a24b33a8b8d46b76f4173d21d83b0774c7a243dea98d43900a30a3914b8fc3
                                                                                                                                                                    • Instruction ID: a1b7490cffb6ceb35d1bb357da64f986ac82f4755da6903e7ca8a79b8df93f94
                                                                                                                                                                    • Opcode Fuzzy Hash: c1a24b33a8b8d46b76f4173d21d83b0774c7a243dea98d43900a30a3914b8fc3
                                                                                                                                                                    • Instruction Fuzzy Hash: 7B719171A00704EFDB6ACF68DC84BAD77B9AF49320F148329F42AE72D0D73499458B55
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003060E0, Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 291COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_type_info_name.LIBVCRUNTIME ref: 003062E5
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_type_info_name
                                                                                                                                                                    • String ID: (unknown)$): $Dynamic exception type: $Throw in function $Throw location unknown (consider using BOOST_THROW_EXCEPTION)$Unknown exception.$`9B$`9B$std::exception::what:
                                                                                                                                                                    • API String ID: 1734802720-2864768508
                                                                                                                                                                    • Opcode ID: 9c7b339c37c8bb92645e474d7735608e8eb8dcf138e0633c6cc98e8b62966298
                                                                                                                                                                    • Instruction ID: 1cdf7f4b9326dd8d567437f1e91a781d562396cf1f511a2d96b8a449128c591e
                                                                                                                                                                    • Opcode Fuzzy Hash: 9c7b339c37c8bb92645e474d7735608e8eb8dcf138e0633c6cc98e8b62966298
                                                                                                                                                                    • Instruction Fuzzy Hash: 07B11771D00359ABEF26DB60CC56FDEB379AF04304F4045A9F409A72C2EB745A988F62
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00380D00, Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 176COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                    • String ID: Channel$LineID$Message$ProcessID$Severity$ThreadID$TimeStamp$X2F$d2F
                                                                                                                                                                    • API String ID: 1385522511-4146967494
                                                                                                                                                                    • Opcode ID: ad87477b9513b4a7fb850b2e8d7046f989ba9803d4f18bbc2e5078581545138a
                                                                                                                                                                    • Instruction ID: fb04dae6efe522c9d7dff85a612b1e444f6cd0d426046b468ac7c1e26252a6a3
                                                                                                                                                                    • Opcode Fuzzy Hash: ad87477b9513b4a7fb850b2e8d7046f989ba9803d4f18bbc2e5078581545138a
                                                                                                                                                                    • Instruction Fuzzy Hash: 4C711770E00354CFCB16EF68C851B5EB7B0FF06725F1085A9E415AB391E778AA08CB95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00328EC0, Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 129COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,06E5DBC0), ref: 00328F22
                                                                                                                                                                      • Part of subcall function 002EAC10: new.LIBCMT ref: 002EAC3E
                                                                                                                                                                      • Part of subcall function 002EAC10: std::locale::_Init.LIBCPMT ref: 002EAC55
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,?,?,06E5DBC0), ref: 00328FEE
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 0032905A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorFileInitLastModuleName___std_exception_copystd::locale::_
                                                                                                                                                                    • String ID: $2C$,2C$3Z/$HEB$L2C$T2C$class boost::filesystem::path __cdecl ProcessHelper::GetCurrentProcessPath(void)$couldn't get module file name. error=$src\process_helper.cpp
                                                                                                                                                                    • API String ID: 395332877-3281168915
                                                                                                                                                                    • Opcode ID: d7057ad7222f1092e6e255607e354e26870f29e8fe96971d053f162db02284a1
                                                                                                                                                                    • Instruction ID: 231cb8bd7e66f8b0d6aaa2521c28e217057b64ce597908d5fd33aa4aa2eeff6c
                                                                                                                                                                    • Opcode Fuzzy Hash: d7057ad7222f1092e6e255607e354e26870f29e8fe96971d053f162db02284a1
                                                                                                                                                                    • Instruction Fuzzy Hash: E7516E709402699BDB61DF64DC4DBDEB7B8EB04304F1086EAE409A7291EB745B88CF94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00381370, Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,00000004,00000004,00380FFB,06E5DBC0,00000004,00000004,00000004,0040DFB8,000000FF,?,0037DC41,06E5DBC0,00000000), ref: 00381377
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 0038138F
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 003813A0
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 003813B1
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,AcquireSRWLockShared), ref: 003813C2
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockShared), ref: 003813D3
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                                                    • String ID: AcquireSRWLockExclusive$AcquireSRWLockShared$InitializeSRWLock$ReleaseSRWLockExclusive$ReleaseSRWLockShared$kernel32.dll
                                                                                                                                                                    • API String ID: 667068680-2154951675
                                                                                                                                                                    • Opcode ID: edb257d1216d0de2eb9822a8e6d230a4ff3823af99b4218cbe1614752d0c9087
                                                                                                                                                                    • Instruction ID: bb0668b9ac9e589c143f94f2bed400a7c258bde256a3df01fdf79c01898bcd25
                                                                                                                                                                    • Opcode Fuzzy Hash: edb257d1216d0de2eb9822a8e6d230a4ff3823af99b4218cbe1614752d0c9087
                                                                                                                                                                    • Instruction Fuzzy Hash: 20018E74646B66678B237F6A7C64547BABCAE51B8231240BAD000D2530EBF4C646CF9E
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003FEA1F, Relevance: 19.6, APIs: 13, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _free.LIBCMT ref: 003FEA3C
                                                                                                                                                                      • Part of subcall function 003EE435: RtlFreeHeap.NTDLL(00000000,00000000,?,003FF18C,?,00000000,?,00000000,?,003FF430,?,00000007,?,?,003FF819,?), ref: 003EE44B
                                                                                                                                                                      • Part of subcall function 003EE435: GetLastError.KERNEL32(?,?,003FF18C,?,00000000,?,00000000,?,003FF430,?,00000007,?,?,003FF819,?,?), ref: 003EE45D
                                                                                                                                                                    • _free.LIBCMT ref: 003FEA4E
                                                                                                                                                                    • _free.LIBCMT ref: 003FEA60
                                                                                                                                                                    • _free.LIBCMT ref: 003FEA72
                                                                                                                                                                    • _free.LIBCMT ref: 003FEA84
                                                                                                                                                                    • _free.LIBCMT ref: 003FEA96
                                                                                                                                                                    • _free.LIBCMT ref: 003FEAA8
                                                                                                                                                                    • _free.LIBCMT ref: 003FEABA
                                                                                                                                                                    • _free.LIBCMT ref: 003FEACC
                                                                                                                                                                    • _free.LIBCMT ref: 003FEADE
                                                                                                                                                                    • _free.LIBCMT ref: 003FEAF0
                                                                                                                                                                    • _free.LIBCMT ref: 003FEB02
                                                                                                                                                                    • _free.LIBCMT ref: 003FEB14
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                    • Opcode ID: 10ed7cd4d9829fcc6cb8785e4355485d4174f7ea8c8164ce719562df9a95e396
                                                                                                                                                                    • Instruction ID: 75e3801b1f0798480e55f3ed03357e4eaf7f52a4edf8b1e1e1f2c3452c2d23b3
                                                                                                                                                                    • Opcode Fuzzy Hash: 10ed7cd4d9829fcc6cb8785e4355485d4174f7ea8c8164ce719562df9a95e396
                                                                                                                                                                    • Instruction Fuzzy Hash: BB217672504755ABC622EF6AF8C1C2677F9FA443113E54A05F105CB5E2C738FC818E29
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00370410, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 185libraryloadertimeCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32.DLL,GetTickCount64), ref: 0037044D
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00370454
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0037054D
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00370574
                                                                                                                                                                    • __allrem.LIBCMT ref: 0037057F
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003705A6
                                                                                                                                                                    • __allrem.LIBCMT ref: 003705B1
                                                                                                                                                                    • SystemTimeToFileTime.KERNEL32(0000003C,?,00000000,?,0000003C,00000000,?,?,000F4240,00000000,03938700,00000000,D693A400,00000000), ref: 003705C5
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0037061B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Time__allrem$AddressFileHandleModuleProcSystem
                                                                                                                                                                    • String ID: GetTickCount64$KERNEL32.DLL
                                                                                                                                                                    • API String ID: 2537731104-3320051239
                                                                                                                                                                    • Opcode ID: 42a3393b5b6b9d4aaa609b20535cfa32ba94bf005d3966623e5fd20fa74d62bf
                                                                                                                                                                    • Instruction ID: 1d8aa70483691efc30fcf9c220f5c514370f35bf571f714674eb433b66cc271b
                                                                                                                                                                    • Opcode Fuzzy Hash: 42a3393b5b6b9d4aaa609b20535cfa32ba94bf005d3966623e5fd20fa74d62bf
                                                                                                                                                                    • Instruction Fuzzy Hash: 8B51AEB2608311ABC715DF64CC46B6FB7E8EFC8710F008D2DF589A7151EA38E5188B96
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003FF681, Relevance: 18.1, APIs: 12, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _free.LIBCMT ref: 003FF6BA
                                                                                                                                                                      • Part of subcall function 003EE435: RtlFreeHeap.NTDLL(00000000,00000000,?,003FF18C,?,00000000,?,00000000,?,003FF430,?,00000007,?,?,003FF819,?), ref: 003EE44B
                                                                                                                                                                      • Part of subcall function 003EE435: GetLastError.KERNEL32(?,?,003FF18C,?,00000000,?,00000000,?,003FF430,?,00000007,?,?,003FF819,?,?), ref: 003EE45D
                                                                                                                                                                      • Part of subcall function 003FEA1F: _free.LIBCMT ref: 003FEA3C
                                                                                                                                                                      • Part of subcall function 003FEA1F: _free.LIBCMT ref: 003FEA4E
                                                                                                                                                                      • Part of subcall function 003FEA1F: _free.LIBCMT ref: 003FEA60
                                                                                                                                                                      • Part of subcall function 003FEA1F: _free.LIBCMT ref: 003FEA72
                                                                                                                                                                      • Part of subcall function 003FEA1F: _free.LIBCMT ref: 003FEA84
                                                                                                                                                                      • Part of subcall function 003FEA1F: _free.LIBCMT ref: 003FEA96
                                                                                                                                                                      • Part of subcall function 003FEA1F: _free.LIBCMT ref: 003FEAA8
                                                                                                                                                                      • Part of subcall function 003FEA1F: _free.LIBCMT ref: 003FEABA
                                                                                                                                                                      • Part of subcall function 003FEA1F: _free.LIBCMT ref: 003FEACC
                                                                                                                                                                      • Part of subcall function 003FEA1F: _free.LIBCMT ref: 003FEADE
                                                                                                                                                                      • Part of subcall function 003FEA1F: _free.LIBCMT ref: 003FEAF0
                                                                                                                                                                      • Part of subcall function 003FEA1F: _free.LIBCMT ref: 003FEB02
                                                                                                                                                                      • Part of subcall function 003FEA1F: _free.LIBCMT ref: 003FEB14
                                                                                                                                                                    • _free.LIBCMT ref: 003FF6DC
                                                                                                                                                                    • _free.LIBCMT ref: 003FF6F1
                                                                                                                                                                    • _free.LIBCMT ref: 003FF6FC
                                                                                                                                                                    • _free.LIBCMT ref: 003FF71E
                                                                                                                                                                    • _free.LIBCMT ref: 003FF731
                                                                                                                                                                    • _free.LIBCMT ref: 003FF73F
                                                                                                                                                                    • _free.LIBCMT ref: 003FF74A
                                                                                                                                                                    • _free.LIBCMT ref: 003FF782
                                                                                                                                                                    • _free.LIBCMT ref: 003FF789
                                                                                                                                                                    • _free.LIBCMT ref: 003FF7A6
                                                                                                                                                                    • _free.LIBCMT ref: 003FF7BE
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                    • Opcode ID: eb0984ba14bfb05d6ebc7e7351c393aa239ce556cae97af51e09bf244efea0ab
                                                                                                                                                                    • Instruction ID: efd10f23f61bbc4f7d484bc4ff1c518025a7a10503d7b2832e6b33a59df8e07b
                                                                                                                                                                    • Opcode Fuzzy Hash: eb0984ba14bfb05d6ebc7e7351c393aa239ce556cae97af51e09bf244efea0ab
                                                                                                                                                                    • Instruction Fuzzy Hash: CA315C316006499FDB22AF3AD845B66B7E8AF00350F95853AE958DB1A1DF79FC448B10
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0036FE00, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?), ref: 0036FEE0
                                                                                                                                                                    • OpenEventA.KERNEL32(00100002,00000000,00000000), ref: 0036FEFA
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0036FF0F
                                                                                                                                                                    • ResetEvent.KERNEL32(00000000), ref: 0036FF19
                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,06E5DBC0,74B06580,00000000), ref: 0036FF5A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseEventHandle$CurrentOpenProcessReset
                                                                                                                                                                    • String ID: e-flag
                                                                                                                                                                    • API String ID: 485013868-538632313
                                                                                                                                                                    • Opcode ID: 9c8564fad0da0cbb66214712588e656d94ca28228fba332c2cd4406f9ed33c39
                                                                                                                                                                    • Instruction ID: e95764f969c1db26e80429660df82c3d2c418ae04aee4b9f8b49246ce8b8d70c
                                                                                                                                                                    • Opcode Fuzzy Hash: 9c8564fad0da0cbb66214712588e656d94ca28228fba332c2cd4406f9ed33c39
                                                                                                                                                                    • Instruction Fuzzy Hash: 62719174D043489EDF22CFA8DD447EDBBB4BF19710F158229E818AB252EB345A85CB64
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003401F0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 144COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0034022F
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0034026D
                                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 003402C5
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003402DD
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00340312
                                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 00340327
                                                                                                                                                                    • ___swprintf_l.LIBCMT ref: 00340342
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$___swprintf_l
                                                                                                                                                                    • String ID: %2I64d:%02I64d:%02I64d$%3I64dd %02I64dh$%7I64dd
                                                                                                                                                                    • API String ID: 2070094197-564197712
                                                                                                                                                                    • Opcode ID: 3b706b706834b16f1305b15ecb17a253b55415c20e4728802557664bfa8c7632
                                                                                                                                                                    • Instruction ID: 7389a5b330824c4f9655a6e721252604f0cdf8a62d4b819789602a31461cf15d
                                                                                                                                                                    • Opcode Fuzzy Hash: 3b706b706834b16f1305b15ecb17a253b55415c20e4728802557664bfa8c7632
                                                                                                                                                                    • Instruction Fuzzy Hash: D8411473B002187BEB265D6C9C46FAF7AA9DB84B51F054179FE0CEF281E5B1AD5082D0
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FDBB0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __Getcvt.LIBCPMT ref: 002FDBEE
                                                                                                                                                                    • __Getcvt.LIBCPMT ref: 002FDC26
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 002FDC4E
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 002FDC8C
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 002FDCCC
                                                                                                                                                                    • numpunct.LIBCPMT ref: 002FDCD4
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002FDCDD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Concurrency::cancel_current_task$Getcvt$Exception@8Thrownumpunct
                                                                                                                                                                    • String ID: L6C$false$true
                                                                                                                                                                    • API String ID: 3191441162-288796306
                                                                                                                                                                    • Opcode ID: 15051d150b294934d54b77d04c947deef1a763cfd7ae7c205665d9cd9b00988b
                                                                                                                                                                    • Instruction ID: 1dd5d00a243a9886c16744cdc9df281a165a670327e34a3830a2e8ba0c16905f
                                                                                                                                                                    • Opcode Fuzzy Hash: 15051d150b294934d54b77d04c947deef1a763cfd7ae7c205665d9cd9b00988b
                                                                                                                                                                    • Instruction Fuzzy Hash: 27414332A042459FCB209F24C44076AFBA2EF85310F1881BED9485B382C7B6A905CBA1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003E471E, Relevance: 16.6, APIs: 11, Instructions: 116COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,06E5DBC0,000000FF,00000000,00000000,?,00000010,?,00000010,00000000,06E5DBC0), ref: 003E4776
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000010,00000000,06E5DBC0), ref: 003E4783
                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 003E478A
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,06E5DBC0,000000FF,00000000,?,?,?,00000010,00000000,06E5DBC0), ref: 003E47B6
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000010,00000000,06E5DBC0), ref: 003E47C0
                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 003E47C7
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,?,00000000,00000000,?,?,?,?,?,?,00000010,00000000), ref: 003E480A
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,00000010,00000000,06E5DBC0), ref: 003E4814
                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 003E481B
                                                                                                                                                                    • _free.LIBCMT ref: 003E4827
                                                                                                                                                                    • _free.LIBCMT ref: 003E482E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharErrorLastMultiWide__dosmaperr$_free
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2441525078-0
                                                                                                                                                                    • Opcode ID: 600acd080d5595970d3020e992ee292914723a0eb4fb07da641edc10b29dc129
                                                                                                                                                                    • Instruction ID: fa5d43fe90096a4a8f0349e039182442843c5b5e8c4c1260b3e6ba5bc55b71aa
                                                                                                                                                                    • Opcode Fuzzy Hash: 600acd080d5595970d3020e992ee292914723a0eb4fb07da641edc10b29dc129
                                                                                                                                                                    • Instruction Fuzzy Hash: 5531B5318001AABFDF129FA6DC459AF3B6CEF49360F124329F5205A1D1EB318D10CBA1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003D76BF, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • FindCompleteObject.LIBCMT ref: 003D76E0
                                                                                                                                                                    • FindSITargetTypeInstance.LIBVCRUNTIME ref: 003D7704
                                                                                                                                                                    • FindMITargetTypeInstance.LIBVCRUNTIME ref: 003D7719
                                                                                                                                                                      • Part of subcall function 003D7280: PMDtoOffset.LIBCMT ref: 003D734A
                                                                                                                                                                    • FindVITargetTypeInstance.LIBVCRUNTIME ref: 003D7720
                                                                                                                                                                    • PMDtoOffset.LIBCMT ref: 003D7731
                                                                                                                                                                    • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 003D775B
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 003D776B
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Find$InstanceTargetType$Offset$CompleteException@8ObjectThrowstd::__non_rtti_object::__construct_from_string_literal
                                                                                                                                                                    • String ID: Bad dynamic_cast!$YYhLzE
                                                                                                                                                                    • API String ID: 528452320-1685974862
                                                                                                                                                                    • Opcode ID: b8d8b14709ddf8a7558aa1917a472d0e44b18ed74c200942db214a90b0028302
                                                                                                                                                                    • Instruction ID: 9d434f795f1b6015cd51008b9fa9446116ad1ddc1155aa2d059abcff816a8262
                                                                                                                                                                    • Opcode Fuzzy Hash: b8d8b14709ddf8a7558aa1917a472d0e44b18ed74c200942db214a90b0028302
                                                                                                                                                                    • Instruction Fuzzy Hash: 5B21D877A082049FCB12DFA4EC42AAE7779AF48710F21440BF8149B381FB75DA00DB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FB010, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 108COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 002FACD0: ___std_exception_copy.LIBVCRUNTIME ref: 002FAD13
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002FB09E
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    • new.LIBCMT ref: 002FB0E2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8ThrowUser___std_exception_copy
                                                                                                                                                                    • String ID: $5B$05B$85B$h6C$t2B$t2B
                                                                                                                                                                    • API String ID: 2739578831-866769872
                                                                                                                                                                    • Opcode ID: 09a07d3a24bd17106d0c35f1fd46db9db05e349470bc092f2e35b52a068808c9
                                                                                                                                                                    • Instruction ID: f79cecb80ae64355767fc4798f6a7f24e7705ac5870d828bfcb915dc5c271796
                                                                                                                                                                    • Opcode Fuzzy Hash: 09a07d3a24bd17106d0c35f1fd46db9db05e349470bc092f2e35b52a068808c9
                                                                                                                                                                    • Instruction Fuzzy Hash: E8417FB1A00659EFCB00CF58D844B9EFBF4FB05715F50826AE819A7781D7B8A604CF95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002ECEC0, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 108COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002ECF4E
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    • new.LIBCMT ref: 002ECF92
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8ThrowUser
                                                                                                                                                                    • String ID: D4B$P4B$X4B$X4B$t2B$t2B
                                                                                                                                                                    • API String ID: 2513928553-1134931346
                                                                                                                                                                    • Opcode ID: 431f62dd635a0bd41bbda23a7c613dad69dcaf668f9e478705b2319e82b7c85c
                                                                                                                                                                    • Instruction ID: cb3e477e01783c4deceaf85aa7acc4a4395691616d3f30b8d3d323ccc6ddb590
                                                                                                                                                                    • Opcode Fuzzy Hash: 431f62dd635a0bd41bbda23a7c613dad69dcaf668f9e478705b2319e82b7c85c
                                                                                                                                                                    • Instruction Fuzzy Hash: 394180B1A00659EFCB00CF98D844B8AFBF4FB05718F50825AE8149B781D7B9A604CFD4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F25F4, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 003F70C0: GetLastError.KERNEL32(?,?,003EC7C4,00457268,00000010), ref: 003F70C4
                                                                                                                                                                      • Part of subcall function 003F70C0: _free.LIBCMT ref: 003F70F7
                                                                                                                                                                      • Part of subcall function 003F70C0: SetLastError.KERNEL32(00000000), ref: 003F7138
                                                                                                                                                                      • Part of subcall function 003F70C0: _abort.LIBCMT ref: 003F713E
                                                                                                                                                                    • _memcmp.LIBVCRUNTIME ref: 003F289E
                                                                                                                                                                    • _free.LIBCMT ref: 003F290F
                                                                                                                                                                    • _free.LIBCMT ref: 003F2928
                                                                                                                                                                    • _free.LIBCMT ref: 003F295A
                                                                                                                                                                    • _free.LIBCMT ref: 003F2963
                                                                                                                                                                    • _free.LIBCMT ref: 003F296F
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _free$ErrorLast$_abort_memcmp
                                                                                                                                                                    • String ID: C
                                                                                                                                                                    • API String ID: 1679612858-1037565863
                                                                                                                                                                    • Opcode ID: b5a129977d95f2f4cbbd9f8b61e78c50606d4bdda166f16f310708d32e421247
                                                                                                                                                                    • Instruction ID: 2fe0593043f1223480280ea1df79811685b40f7933d315341d67f3dfdc5f9bf2
                                                                                                                                                                    • Opcode Fuzzy Hash: b5a129977d95f2f4cbbd9f8b61e78c50606d4bdda166f16f310708d32e421247
                                                                                                                                                                    • Instruction Fuzzy Hash: 9BB14B75A0122ADFDB25DF18C884AAEB7B4FF08304F5145AAE949A7390D771AE90CF40
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00313110, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00312F20: ___std_exception_copy.LIBVCRUNTIME ref: 00312F63
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0031319E
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    • new.LIBCMT ref: 003131E2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8ThrowUser___std_exception_copy
                                                                                                                                                                    • String ID: h6C$t2B$t2B$iB$iB
                                                                                                                                                                    • API String ID: 2739578831-2889102755
                                                                                                                                                                    • Opcode ID: c6f7fb8cced42928c206955cf079ed737cf37d131dac7feefda2761a982923cd
                                                                                                                                                                    • Instruction ID: 9b07000f8f3fb4e2b15fb7d8f7f5d091b4c166c0748f0333d2a2e864d057c16e
                                                                                                                                                                    • Opcode Fuzzy Hash: c6f7fb8cced42928c206955cf079ed737cf37d131dac7feefda2761a982923cd
                                                                                                                                                                    • Instruction Fuzzy Hash: A04171B1A00619EFCB00CF58D845B9EFBF4FB09714F11825AE814AB781D7B8AA04CB94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FB220, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 002FAAF0: ___std_exception_copy.LIBVCRUNTIME ref: 002FAB33
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002FB2AE
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    • new.LIBCMT ref: 002FB2F2
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8ThrowUser___std_exception_copy
                                                                                                                                                                    • String ID: h6C$h6C$t2B$t2B$4B
                                                                                                                                                                    • API String ID: 2739578831-2540502438
                                                                                                                                                                    • Opcode ID: 581d4eea5cff4beb35933a30888c18b9e7be994005a65aeaa19ae634d8f82767
                                                                                                                                                                    • Instruction ID: 779b9290e92bcb28ce944effc5ce1cb2b8f00e6c63b09c0a129f06c74f0a077c
                                                                                                                                                                    • Opcode Fuzzy Hash: 581d4eea5cff4beb35933a30888c18b9e7be994005a65aeaa19ae634d8f82767
                                                                                                                                                                    • Instruction Fuzzy Hash: 424160B1A00619EFC710DF58D945B9EFBF8FB04715F10825AE8149B781D7B9AA04CF94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FB790, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 002FA770: ___std_exception_copy.LIBVCRUNTIME ref: 002FA7B3
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002FB81E
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    • new.LIBCMT ref: 002FB862
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8ThrowUser___std_exception_copy
                                                                                                                                                                    • String ID: h6C$t2B$t2B$3B$3B
                                                                                                                                                                    • API String ID: 2739578831-679898995
                                                                                                                                                                    • Opcode ID: 57f5a8c583801861881c8311775b6b4984238c676e89b91ae522acd140ebb503
                                                                                                                                                                    • Instruction ID: 113c313be4fdb37fc1f963efd9cf1ad19cbad275d4b482a379dff401a25a618d
                                                                                                                                                                    • Opcode Fuzzy Hash: 57f5a8c583801861881c8311775b6b4984238c676e89b91ae522acd140ebb503
                                                                                                                                                                    • Instruction Fuzzy Hash: BC415CB5A00619AFCB00CF58D845B9EFBF4FB05715F50826AE814AB781D7B9AA04CF94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002ECAA0, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 002EC7F0: ___std_exception_copy.LIBVCRUNTIME ref: 002EC833
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002ECB2E
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    • new.LIBCMT ref: 002ECB72
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8ThrowUser___std_exception_copy
                                                                                                                                                                    • String ID: h6C$h6C$t2B$t2B$WB
                                                                                                                                                                    • API String ID: 2739578831-3653027266
                                                                                                                                                                    • Opcode ID: e521cb3ff85016a8966aef8a9cc583707e691f2454ced1c73cdee22ead2ca36d
                                                                                                                                                                    • Instruction ID: edc82522f7febca174787c7c181a5d3797766829c6ee765037756e209977f895
                                                                                                                                                                    • Opcode Fuzzy Hash: e521cb3ff85016a8966aef8a9cc583707e691f2454ced1c73cdee22ead2ca36d
                                                                                                                                                                    • Instruction Fuzzy Hash: A0415EB5A00659EFC700CF59D845B9EFBF8FB44714F50825AE814A7781D7B8A604CF94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002ECCB0, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 002EC610: ___std_exception_copy.LIBVCRUNTIME ref: 002EC653
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002ECD3E
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    • new.LIBCMT ref: 002ECD82
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8ThrowUser___std_exception_copy
                                                                                                                                                                    • String ID: h6C$h6C$t2B$t2B$|4B
                                                                                                                                                                    • API String ID: 2739578831-1090360205
                                                                                                                                                                    • Opcode ID: 800b6a726fcd0f9f9424f9a816449c39636e47e70b2ad5b24548336d45d7fc43
                                                                                                                                                                    • Instruction ID: 081393f1aef8c25e94cca68956440ef4fa1cf338ae7b07977ed9f47080538cf5
                                                                                                                                                                    • Opcode Fuzzy Hash: 800b6a726fcd0f9f9424f9a816449c39636e47e70b2ad5b24548336d45d7fc43
                                                                                                                                                                    • Instruction Fuzzy Hash: 1F416DB1A00619EFCB00DF58D844B9EFBF8FB04715F50865AE814A7781D7B8AA04CF94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003170F0, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00317126
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00317149
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00317169
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 003171E3
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00317208
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00317213
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                    • API String ID: 2536120697-3145022300
                                                                                                                                                                    • Opcode ID: 9a1e1912455c4db7fb1e6997a6cc6bad7b7a83b1b0cbbe8ba35ae223d7621e38
                                                                                                                                                                    • Instruction ID: 0c4b80720815bece1a0c146ddaf6246bafb4ebfcc9402604a2a5039c273c55e6
                                                                                                                                                                    • Opcode Fuzzy Hash: 9a1e1912455c4db7fb1e6997a6cc6bad7b7a83b1b0cbbe8ba35ae223d7621e38
                                                                                                                                                                    • Instruction Fuzzy Hash: 82412271D042149FCB2BCF94C881AEEF3B4EF08720F19416AE801AB251DB71AD46CBD5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FA1F0, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002FA226
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002FA249
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002FA269
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002FA2E3
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 002FA308
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002FA313
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                    • API String ID: 2536120697-3145022300
                                                                                                                                                                    • Opcode ID: 15fc5a11a46808f505cd40b7cfe7fbde8cb22c9d52b94b20100954e135ad9c11
                                                                                                                                                                    • Instruction ID: e84c67ef3f96199d11d34ccd51d2744a4c180897aa52edd4638eb6e668c7127c
                                                                                                                                                                    • Opcode Fuzzy Hash: 15fc5a11a46808f505cd40b7cfe7fbde8cb22c9d52b94b20100954e135ad9c11
                                                                                                                                                                    • Instruction Fuzzy Hash: 2941F2B1E102199FCB16CF94D881ABEF7B4EF09760F10413AE909A7291D7B1AD05CB96
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FA540, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002FA576
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002FA599
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002FA5B9
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002FA633
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 002FA658
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002FA663
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                    • API String ID: 2536120697-3145022300
                                                                                                                                                                    • Opcode ID: 4e73c9023c1f584871d87554d17813e9580bfe5eb0b3fe23f8ecdc2a219fac65
                                                                                                                                                                    • Instruction ID: 82d53e0c9a5f2f97380d10898ef266cfe5cb59a74b4cdaf90e9af9e9b41ffd87
                                                                                                                                                                    • Opcode Fuzzy Hash: 4e73c9023c1f584871d87554d17813e9580bfe5eb0b3fe23f8ecdc2a219fac65
                                                                                                                                                                    • Instruction Fuzzy Hash: 8541E1B1D102199FCB21CF94D881ABEF7B4EF04750F15813AE909AB391DBB1AD05CB96
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00324720, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00324756
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00324779
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00324799
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00324813
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00324838
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00324843
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                    • API String ID: 2536120697-3145022300
                                                                                                                                                                    • Opcode ID: 6511f8cefc61832e0e5de9b123bafe21c462d6c065d54b888cc2d1189a393071
                                                                                                                                                                    • Instruction ID: 69cf9abf77781ad04c11093fb3362bdc4be4fed31735896efb9772b083052703
                                                                                                                                                                    • Opcode Fuzzy Hash: 6511f8cefc61832e0e5de9b123bafe21c462d6c065d54b888cc2d1189a393071
                                                                                                                                                                    • Instruction Fuzzy Hash: 49410671D00264DFCF16DF98E881AAEB7B4EF48720F11812AE825AB351D771AD05CBD5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002EB750, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002EB786
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002EB7A9
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002EB7C9
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002EB843
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 002EB868
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002EB873
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                    • API String ID: 2536120697-3145022300
                                                                                                                                                                    • Opcode ID: 41b662b62c58aec49b78e64522c699da3ac333478a2a1596201b263a811d748e
                                                                                                                                                                    • Instruction ID: 5d22ad6c53122c574d1a9aa0ed9b0d2b9852645403b59467efbebf4f198b97da
                                                                                                                                                                    • Opcode Fuzzy Hash: 41b662b62c58aec49b78e64522c699da3ac333478a2a1596201b263a811d748e
                                                                                                                                                                    • Instruction Fuzzy Hash: 4A412432D5065ADFCB22CF95D880AAEB7B8EF08720F504129E805AB761D7B0AD44CBD5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F2CF0, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002F2D26
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002F2D49
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002F2D69
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002F2DE3
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 002F2E08
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002F2E13
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                    • API String ID: 2536120697-3145022300
                                                                                                                                                                    • Opcode ID: 50362c184e53aad58c814384f2d4792fe9952312c55ebe0faf31caca05368812
                                                                                                                                                                    • Instruction ID: 40292f99028779579dbdb1242cd3ed67ddda838e34aeeb7bee785d9307b043f9
                                                                                                                                                                    • Opcode Fuzzy Hash: 50362c184e53aad58c814384f2d4792fe9952312c55ebe0faf31caca05368812
                                                                                                                                                                    • Instruction Fuzzy Hash: 5841DD31D10219CFCB26DF94D881ABEF7B4EF09760F10413AE905A72A1DB71AD19CB95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00300D70, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00300DA6
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00300DC9
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00300DE9
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00300E63
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00300E88
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00300E93
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                    • API String ID: 2536120697-3145022300
                                                                                                                                                                    • Opcode ID: 5a80d03cd9ef80d8bfdf4fbe45b849cc0ae4b903ec906b15c031b7670faeaf28
                                                                                                                                                                    • Instruction ID: 07d1c76d916dc4a5cb5c3cf3b7fb4350069adc38e59d0eac25e1c202178adb94
                                                                                                                                                                    • Opcode Fuzzy Hash: 5a80d03cd9ef80d8bfdf4fbe45b849cc0ae4b903ec906b15c031b7670faeaf28
                                                                                                                                                                    • Instruction Fuzzy Hash: 10411571D00619CFCB1ACF94D891BAEB7B4EF04720F11462AE805B7291DB71AD05CBD5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F2E40, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002F2E76
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002F2E99
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002F2EB9
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002F2F33
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 002F2F58
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002F2F63
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                    • API String ID: 2536120697-3145022300
                                                                                                                                                                    • Opcode ID: dc07a71204f7fb08b94f6637b7d2178da9718a2e189147916bf1208ffc322e62
                                                                                                                                                                    • Instruction ID: b622cae1684e43a9a5ed2f92c91af5c465ce814ea4c483db98f798ceb429f3f8
                                                                                                                                                                    • Opcode Fuzzy Hash: dc07a71204f7fb08b94f6637b7d2178da9718a2e189147916bf1208ffc322e62
                                                                                                                                                                    • Instruction Fuzzy Hash: 3941F231D20219DFCB16CF94D881ABEF7B4EF09750F20423AE905A7251D771AD09CB95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F2FA0, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002F2FD6
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 002F2FF9
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002F3019
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002F3093
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 002F30B8
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 002F30C3
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
                                                                                                                                                                    • String ID: bad cast
                                                                                                                                                                    • API String ID: 2536120697-3145022300
                                                                                                                                                                    • Opcode ID: af004ce524387e9d1f0e99a7ae0bb155dbdce420f40aa354fa820d638eb64a3f
                                                                                                                                                                    • Instruction ID: 7eb8bb0c55d15bc0ddf05eabf3f72e2dffac871ebbfd5863a8987a21907eaa21
                                                                                                                                                                    • Opcode Fuzzy Hash: af004ce524387e9d1f0e99a7ae0bb155dbdce420f40aa354fa820d638eb64a3f
                                                                                                                                                                    • Instruction Fuzzy Hash: 4841CE72D106199FCB25DF94D980AAEF3B4EB08750F10412EE905A7351EBB1AE05CB95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002E3000, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002E3035
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002E3062
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002E308F
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002E30BC
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Exception@8Throw
                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                    • API String ID: 2005118841-1866435925
                                                                                                                                                                    • Opcode ID: 0b83aac2e9631bc2590c9471a04989c49f2934f30476db66ab08fc16ee347d44
                                                                                                                                                                    • Instruction ID: ca5f7f960183d22a137ac0b6de75ab7b5fb61c75a30f7acdba9f74470e260928
                                                                                                                                                                    • Opcode Fuzzy Hash: 0b83aac2e9631bc2590c9471a04989c49f2934f30476db66ab08fc16ee347d44
                                                                                                                                                                    • Instruction Fuzzy Hash: A8110470194386BED704EB51C847B6E3788AF50B40F94881AF884A61D3DBB5B5688B1E
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F4080, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00020019,?), ref: 002F40BD
                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Release,00000000,00000000,00000000,00000004), ref: 002F40DD
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F40EA
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F4101
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$OpenQueryValue
                                                                                                                                                                    • String ID: O$Release$Software\Microsoft\NET Framework Setup\NDP\v4\Full
                                                                                                                                                                    • API String ID: 1607946009-934053027
                                                                                                                                                                    • Opcode ID: f21434a9ff60ccd269ae9c9bb159b42a5a58a8481a28054e101ff75507756e33
                                                                                                                                                                    • Instruction ID: 77f3e07c139369c95a551a97409337b0b638f8157aafcf9f49c3120fe862b093
                                                                                                                                                                    • Opcode Fuzzy Hash: f21434a9ff60ccd269ae9c9bb159b42a5a58a8481a28054e101ff75507756e33
                                                                                                                                                                    • Instruction Fuzzy Hash: F2118271A4010CEFDB04DFA4DD45BFEB7B8EB08701F50816AE905A6181DB765A18CB68
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0036A724, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 0036A72B
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0036A735
                                                                                                                                                                      • Part of subcall function 002E27E0: std::_Lockit::_Lockit.LIBCPMT ref: 002E27FD
                                                                                                                                                                      • Part of subcall function 002E27E0: std::_Lockit::~_Lockit.LIBCPMT ref: 002E2819
                                                                                                                                                                    • moneypunct.LIBCPMT ref: 0036A76F
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0036A78C
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0036A7AB
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0036A7B4
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
                                                                                                                                                                    • String ID: T-F
                                                                                                                                                                    • API String ID: 113178234-727834932
                                                                                                                                                                    • Opcode ID: 1cc52d29eaa5ac1913567f3e8d38f1d460145ba776d3bd16cbcf33e869fbbea2
                                                                                                                                                                    • Instruction ID: b114cdc5c934976aa836968ccbeec1b779185608034772ddbbd5c460d81faaad
                                                                                                                                                                    • Opcode Fuzzy Hash: 1cc52d29eaa5ac1913567f3e8d38f1d460145ba776d3bd16cbcf33e869fbbea2
                                                                                                                                                                    • Instruction Fuzzy Hash: 7601A176900A149BCF07EBA0CC52ABDB375AF40750F604019F4157F2A1DFB89E059F92
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0036A7C1, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 0036A7C8
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0036A7D2
                                                                                                                                                                      • Part of subcall function 002E27E0: std::_Lockit::_Lockit.LIBCPMT ref: 002E27FD
                                                                                                                                                                      • Part of subcall function 002E27E0: std::_Lockit::~_Lockit.LIBCPMT ref: 002E2819
                                                                                                                                                                    • moneypunct.LIBCPMT ref: 0036A80C
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0036A829
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0036A848
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0036A851
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmoneypunct
                                                                                                                                                                    • String ID: P-F
                                                                                                                                                                    • API String ID: 113178234-745032168
                                                                                                                                                                    • Opcode ID: fc35d8267a427ba87cae95d589af9cd2b8b4918fd4c8af6f67b6fb6219037a0f
                                                                                                                                                                    • Instruction ID: f162d7252d6e4ddf41ceb3a1c634679676cf73b3271f52e2055000d6483bb72f
                                                                                                                                                                    • Opcode Fuzzy Hash: fc35d8267a427ba87cae95d589af9cd2b8b4918fd4c8af6f67b6fb6219037a0f
                                                                                                                                                                    • Instruction Fuzzy Hash: 0301CB769406189BCF0BEB60C842ABDB735AF40720F10801AF4117F2A1DFB89E059FA2
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002E2470, Relevance: 12.1, APIs: 8, Instructions: 97COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9fd536dc088a8f090e69c377b79c46901fcdd414169ee104d20a40ca289f7e2d
                                                                                                                                                                    • Instruction ID: 92413c89efb063610830ffbcbd7b8d331d8d77fd9f11e9be68b60864ceb6f1ad
                                                                                                                                                                    • Opcode Fuzzy Hash: 9fd536dc088a8f090e69c377b79c46901fcdd414169ee104d20a40ca289f7e2d
                                                                                                                                                                    • Instruction Fuzzy Hash: 2A21F2769102087BCB0AEBB8EC46D9D736D9B00701F504276FD29C61A1EBB4EA2C86D5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F3C16, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetConsoleCP.KERNEL32(?,003E8E48,E0830C40,?,?,?,?,?,?,003F438B,0035C84E,003E8E48,?,003E8E48,003E8E48,0035C84E), ref: 003F3C58
                                                                                                                                                                    • __fassign.LIBCMT ref: 003F3CD3
                                                                                                                                                                    • __fassign.LIBCMT ref: 003F3CEE
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,003E8E48,00000001,?,00000005,00000000,00000000), ref: 003F3D14
                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,003F438B,00000000,?,?,?,?,?,?,?,?,?,003F438B,0035C84E), ref: 003F3D33
                                                                                                                                                                    • WriteFile.KERNEL32(?,0035C84E,00000001,003F438B,00000000,?,?,?,?,?,?,?,?,?,003F438B,0035C84E), ref: 003F3D6C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1324828854-0
                                                                                                                                                                    • Opcode ID: 62a481b2d3bddeb6ed113c65e1382e9b3618de8960a8fdf191b8488dd1d87fc6
                                                                                                                                                                    • Instruction ID: 9feeefcaad771e863c9baa948bf009441f19f8dc0dfc893d1931ec513f4108bf
                                                                                                                                                                    • Opcode Fuzzy Hash: 62a481b2d3bddeb6ed113c65e1382e9b3618de8960a8fdf191b8488dd1d87fc6
                                                                                                                                                                    • Instruction Fuzzy Hash: C851C7B1A042499FCB11CFA8D885AEEBBF8EF09300F15412EF655E7391E7709A45CB64
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F32F0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 143COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Getcvt$Concurrency::cancel_current_task
                                                                                                                                                                    • String ID: L6C$false$true
                                                                                                                                                                    • API String ID: 1267538876-288796306
                                                                                                                                                                    • Opcode ID: d07c7b5108443e54ac70bc739bf02c51afc2fac0fef6412d43b45364473c7102
                                                                                                                                                                    • Instruction ID: 44c414e167afc5c38056964545c14970e475914d3fdf3cdb6dad46f76b335591
                                                                                                                                                                    • Opcode Fuzzy Hash: d07c7b5108443e54ac70bc739bf02c51afc2fac0fef6412d43b45364473c7102
                                                                                                                                                                    • Instruction Fuzzy Hash: 8E51B4B1D103599EDB01CFA4C841BFEF7B8FF49704F14826AE905AB241E7759A48CBA1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FB580, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 108COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 002FA910: ___std_exception_copy.LIBVCRUNTIME ref: 002FA953
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002FB60E
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    • new.LIBCMT ref: 002FB652
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8ThrowUser___std_exception_copy
                                                                                                                                                                    • String ID: 4B$h6C$t2B$t2B
                                                                                                                                                                    • API String ID: 2739578831-1157574978
                                                                                                                                                                    • Opcode ID: a40c7b11c0ba4e08ab829a937e481b8a3ccebb002ba8c943e08abcbfa8936c14
                                                                                                                                                                    • Instruction ID: 471eb4be8ca6a7b74f7231e2b16d5efa918f0bbd04b83a3de73f5b26c3d7dd29
                                                                                                                                                                    • Opcode Fuzzy Hash: a40c7b11c0ba4e08ab829a937e481b8a3ccebb002ba8c943e08abcbfa8936c14
                                                                                                                                                                    • Instruction Fuzzy Hash: C6416DB1A00619EFDB00DF58D844B9AFBF4FB04715F10826AE814AB781D7B8AA04CBD4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003D4E20, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 89COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 002F9400: __CxxThrowException@8.LIBVCRUNTIME ref: 002F944E
                                                                                                                                                                      • Part of subcall function 003D4870: ___std_exception_copy.LIBVCRUNTIME ref: 003D48B3
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 003D4EBE
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 003D4F25
                                                                                                                                                                      • Part of subcall function 003129A0: __CxxThrowException@8.LIBVCRUNTIME ref: 003129EE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Exception@8Throw$___std_exception_copy$DispatcherExceptionUser
                                                                                                                                                                    • String ID: @wB$LwB$`wB$t2B
                                                                                                                                                                    • API String ID: 2581116207-2807759105
                                                                                                                                                                    • Opcode ID: d33aa935f233dabcd093215513f69fc290f3b319ad21f25586bb2c0f4b6b55cf
                                                                                                                                                                    • Instruction ID: b983a8a69e8787bf1e964962b40f356cd0c493671a89d2631e59fffd5e1394ae
                                                                                                                                                                    • Opcode Fuzzy Hash: d33aa935f233dabcd093215513f69fc290f3b319ad21f25586bb2c0f4b6b55cf
                                                                                                                                                                    • Instruction Fuzzy Hash: FA317EB5D0425CDBCB01DFA4D944BDEBBF8FB04714F50825AE821A7781D778A6088BA4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0037FAF0, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 78COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0037FB8C
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0037FBFD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                    • String ID: I2F$L2F$L2F$L2F
                                                                                                                                                                    • API String ID: 1385522511-2129159754
                                                                                                                                                                    • Opcode ID: fdf8fc8a29764db443291f02d58a499a0c150aa1a68c7101bc4331b38ab8dc03
                                                                                                                                                                    • Instruction ID: 72bdbc3362e87743c8736b1834d80861bc7c7963b4bff735af0692821a9e13be
                                                                                                                                                                    • Opcode Fuzzy Hash: fdf8fc8a29764db443291f02d58a499a0c150aa1a68c7101bc4331b38ab8dc03
                                                                                                                                                                    • Instruction Fuzzy Hash: E231F470904284DFCB22EF98CC62B997360FB41725F1082B9E41A5B2C2E7796F05CB56
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0037CFB0, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 78COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0037D04A
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0037D0BB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                    • String ID: 02F$42F$42F$42F
                                                                                                                                                                    • API String ID: 1385522511-3477258139
                                                                                                                                                                    • Opcode ID: 26c045293d28b689cfdccff203b89fde1b8dfeefe4c38e71f0d31c051da07edb
                                                                                                                                                                    • Instruction ID: 87a1039257b20a79b023d92f87ea961c4a6744dcdf53313b505e78fb49b9695b
                                                                                                                                                                    • Opcode Fuzzy Hash: 26c045293d28b689cfdccff203b89fde1b8dfeefe4c38e71f0d31c051da07edb
                                                                                                                                                                    • Instruction Fuzzy Hash: 5931C8709041C0EBDB26DF68CC52BA973B0EF01311F5082A9E45A9F2D1E7796E05CB57
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003FF417, Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 003FF15E: _free.LIBCMT ref: 003FF187
                                                                                                                                                                    • _free.LIBCMT ref: 003FF465
                                                                                                                                                                      • Part of subcall function 003EE435: RtlFreeHeap.NTDLL(00000000,00000000,?,003FF18C,?,00000000,?,00000000,?,003FF430,?,00000007,?,?,003FF819,?), ref: 003EE44B
                                                                                                                                                                      • Part of subcall function 003EE435: GetLastError.KERNEL32(?,?,003FF18C,?,00000000,?,00000000,?,003FF430,?,00000007,?,?,003FF819,?,?), ref: 003EE45D
                                                                                                                                                                    • _free.LIBCMT ref: 003FF470
                                                                                                                                                                    • _free.LIBCMT ref: 003FF47B
                                                                                                                                                                    • _free.LIBCMT ref: 003FF4CF
                                                                                                                                                                    • _free.LIBCMT ref: 003FF4DA
                                                                                                                                                                    • _free.LIBCMT ref: 003FF4E5
                                                                                                                                                                    • _free.LIBCMT ref: 003FF4F0
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                    • Opcode ID: 18e63ff74ba8e3cf8912fd200de5ddbb246ea4d78671d3e3230ff2286cabcedb
                                                                                                                                                                    • Instruction ID: b2b52699e05150a2866df790deed0ceb12b515d7ba93c0551d032788c47570e6
                                                                                                                                                                    • Opcode Fuzzy Hash: 18e63ff74ba8e3cf8912fd200de5ddbb246ea4d78671d3e3230ff2286cabcedb
                                                                                                                                                                    • Instruction Fuzzy Hash: CC115171940B58EED622BFB1CD07FEB779C5F00700F844925B7996E2D2DB6AB5044B50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F4130, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00020019,?), ref: 002F416D
                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Release,00000000,00000000,00000000,00000004), ref: 002F418D
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F419A
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F41B1
                                                                                                                                                                    Strings
                                                                                                                                                                    • Release, xrefs: 002F4185
                                                                                                                                                                    • Software\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 002F4153
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$OpenQueryValue
                                                                                                                                                                    • String ID: Release$Software\Microsoft\NET Framework Setup\NDP\v4\Full
                                                                                                                                                                    • API String ID: 1607946009-1522824743
                                                                                                                                                                    • Opcode ID: bafa9aae0d2ac6835a8dd47c6c8b017e3f773bb4f7b7fec5d594a299ef229432
                                                                                                                                                                    • Instruction ID: 10e9864b7f59ff4c592de1ce11b64c2772dbca4d95467fab068ab8712e86bddb
                                                                                                                                                                    • Opcode Fuzzy Hash: bafa9aae0d2ac6835a8dd47c6c8b017e3f773bb4f7b7fec5d594a299ef229432
                                                                                                                                                                    • Instruction Fuzzy Hash: A411A571A4010CEFDB10DFA4DD45BFFBBB8EB08301F51806AE906A6181DF759A18CB64
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F41E0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00020019,?), ref: 002F421D
                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Release,00000000,00000000,00000000,00000004), ref: 002F423D
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F424A
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F4261
                                                                                                                                                                    Strings
                                                                                                                                                                    • Release, xrefs: 002F4235
                                                                                                                                                                    • Software\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 002F4203
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$OpenQueryValue
                                                                                                                                                                    • String ID: Release$Software\Microsoft\NET Framework Setup\NDP\v4\Full
                                                                                                                                                                    • API String ID: 1607946009-1522824743
                                                                                                                                                                    • Opcode ID: e4b647a9b0d09e9a5374f4deb594013d588d089b2cc58b364836111d0dd9222c
                                                                                                                                                                    • Instruction ID: 3ee4af643a6eb276f4a4e9ad65c161b88d1e740f19a567613638f1f8482d3eef
                                                                                                                                                                    • Opcode Fuzzy Hash: e4b647a9b0d09e9a5374f4deb594013d588d089b2cc58b364836111d0dd9222c
                                                                                                                                                                    • Instruction Fuzzy Hash: EB11A571A4010CEFDB04DFA0DD55BFEB7B8EB08301F50806AF905A6181DF755A18CB64
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F3FD0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54registryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\NET Framework Setup\NDP\v4\Full,00000000,00020019,?), ref: 002F400D
                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Release,00000000,00000000,00000000,00000004), ref: 002F402D
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F403A
                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002F4051
                                                                                                                                                                    Strings
                                                                                                                                                                    • Release, xrefs: 002F4025
                                                                                                                                                                    • Software\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 002F3FF3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Close$OpenQueryValue
                                                                                                                                                                    • String ID: Release$Software\Microsoft\NET Framework Setup\NDP\v4\Full
                                                                                                                                                                    • API String ID: 1607946009-1522824743
                                                                                                                                                                    • Opcode ID: 111b3cfda0888c7b1f13b4e41c2e2de1d454917b3cd095e1f79e4cf0e8e36bb7
                                                                                                                                                                    • Instruction ID: 2580509e9a2c28670e54176e974864c316fa406cf128ab86b93dbf8458582dda
                                                                                                                                                                    • Opcode Fuzzy Hash: 111b3cfda0888c7b1f13b4e41c2e2de1d454917b3cd095e1f79e4cf0e8e36bb7
                                                                                                                                                                    • Instruction Fuzzy Hash: EB118271A4020CEFDB04DFA4DD46BFEB7B8EB08301F51806EE905A6181DF759A18CB64
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0036A5EA, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 0036A5F1
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0036A5FB
                                                                                                                                                                      • Part of subcall function 002E27E0: std::_Lockit::_Lockit.LIBCPMT ref: 002E27FD
                                                                                                                                                                      • Part of subcall function 002E27E0: std::_Lockit::~_Lockit.LIBCPMT ref: 002E2819
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0036A652
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0036A671
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0036A67A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
                                                                                                                                                                    • String ID: H-F
                                                                                                                                                                    • API String ID: 651022567-1046330144
                                                                                                                                                                    • Opcode ID: 5570b49df52cc138284391646eed2ba2ff1644881e0b47adc17852c3cb1b9c96
                                                                                                                                                                    • Instruction ID: 28a9c455919ad5fa88193b09c5f1487b7bef9d5ca13eac28103a41897c7cb222
                                                                                                                                                                    • Opcode Fuzzy Hash: 5570b49df52cc138284391646eed2ba2ff1644881e0b47adc17852c3cb1b9c96
                                                                                                                                                                    • Instruction Fuzzy Hash: 7B01ED769006149BCB1BEBA0C852ABEB335AF40310F148019F4117F2A1DFB89A04DB92
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0036A687, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 0036A68E
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0036A698
                                                                                                                                                                      • Part of subcall function 002E27E0: std::_Lockit::_Lockit.LIBCPMT ref: 002E27FD
                                                                                                                                                                      • Part of subcall function 002E27E0: std::_Lockit::~_Lockit.LIBCPMT ref: 002E2819
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0036A6EF
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0036A70E
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0036A717
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
                                                                                                                                                                    • String ID: L-F
                                                                                                                                                                    • API String ID: 651022567-961811452
                                                                                                                                                                    • Opcode ID: eb9c86050763c5e6adbaa0ded526a344e9130804091858401bdb2895dabc21a8
                                                                                                                                                                    • Instruction ID: abec9385f38452d50a80ac3ccd1b260840e22a254e68a31b12552aebc52bc4dd
                                                                                                                                                                    • Opcode Fuzzy Hash: eb9c86050763c5e6adbaa0ded526a344e9130804091858401bdb2895dabc21a8
                                                                                                                                                                    • Instruction Fuzzy Hash: 9A01047290061497CF07EB60C842ABDB375AF80710F144019F4117F2A1DFB89E08DF91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0036A85E, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 0036A865
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0036A86F
                                                                                                                                                                      • Part of subcall function 002E27E0: std::_Lockit::_Lockit.LIBCPMT ref: 002E27FD
                                                                                                                                                                      • Part of subcall function 002E27E0: std::_Lockit::~_Lockit.LIBCPMT ref: 002E2819
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0036A8C6
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0036A8E5
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0036A8EE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrow
                                                                                                                                                                    • String ID: X-F
                                                                                                                                                                    • API String ID: 651022567-578492496
                                                                                                                                                                    • Opcode ID: 2d1684ecd0bf15bc607a52f66aaf1dc226f4a7bcdd95ce32b318a8e8f5f68f1d
                                                                                                                                                                    • Instruction ID: f0463d89fe61587146276f0a5a2c27b3f3f337110f331958b823bde96c1551d9
                                                                                                                                                                    • Opcode Fuzzy Hash: 2d1684ecd0bf15bc607a52f66aaf1dc226f4a7bcdd95ce32b318a8e8f5f68f1d
                                                                                                                                                                    • Instruction Fuzzy Hash: 27010072900A149BCF0BEB60C952ABEB775BF80710F108019F4117F2A2DFB89E059F92
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F72E1, Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,003E2A1C,003E2A1C,?,?,?,003F7532,00000001,00000001,05E85006), ref: 003F733B
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,003F7532,00000001,00000001,05E85006,?,?,?), ref: 003F73C1
                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,05E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 003F74BB
                                                                                                                                                                    • __freea.LIBCMT ref: 003F74C8
                                                                                                                                                                      • Part of subcall function 003EE0D4: RtlAllocateHeap.NTDLL(00000000,00000003,00000000,?,00000003,003F7143), ref: 003EE106
                                                                                                                                                                    • __freea.LIBCMT ref: 003F74D1
                                                                                                                                                                    • __freea.LIBCMT ref: 003F74F6
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1414292761-0
                                                                                                                                                                    • Opcode ID: 6c30ed8e280d2361ed29cf76de7b4809ff93547d21116622684bdbbab58e9541
                                                                                                                                                                    • Instruction ID: b38a3e3d8e0888e24677c5119116dc8b1b47efbb63db85c43de5a705cce95461
                                                                                                                                                                    • Opcode Fuzzy Hash: 6c30ed8e280d2361ed29cf76de7b4809ff93547d21116622684bdbbab58e9541
                                                                                                                                                                    • Instruction Fuzzy Hash: 5E51E77261421AABEB268F65CC41EBF7BA9EB44710F164629FE08DB150EB34DC44D690
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F7B12, Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 305COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                                                                                    • String ID: h>
                                                                                                                                                                    • API String ID: 1036877536-2181805739
                                                                                                                                                                    • Opcode ID: bacb49af849d453d89457771667fe0873e521666b74159adbfda90990a9e16e3
                                                                                                                                                                    • Instruction ID: 931e1300e8bf560079840aaa490c6a0b48b614d979ceeed2c12eb07a46f965ed
                                                                                                                                                                    • Opcode Fuzzy Hash: bacb49af849d453d89457771667fe0873e521666b74159adbfda90990a9e16e3
                                                                                                                                                                    • Instruction Fuzzy Hash: AAA16A72A0838A9FE727CF18C8817BEBBF5EF51354F15416EE6459B281C2788D41C750
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00301B40, Relevance: 9.1, APIs: 6, Instructions: 52COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00301B5A
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00301B6E
                                                                                                                                                                    • __allrem.LIBCMT ref: 00301B79
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00301B8D
                                                                                                                                                                    • __allrem.LIBCMT ref: 00301B98
                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00301BAD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 632788072-0
                                                                                                                                                                    • Opcode ID: 32b8263a8a51ee52edc108f6ebf6f374599506375fb4cd60c3b17584820dfdd4
                                                                                                                                                                    • Instruction ID: 7663aa7d327cd4f3834a98f7ada9d71e50858ea9502e0a1c7e3330e6266915de
                                                                                                                                                                    • Opcode Fuzzy Hash: 32b8263a8a51ee52edc108f6ebf6f374599506375fb4cd60c3b17584820dfdd4
                                                                                                                                                                    • Instruction Fuzzy Hash: 1501DD716403007EEB225F548C07F27BB69EF45710F108125FA086E1D6D765B92097D8
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0036A4B0, Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 0036A4B7
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0036A4C1
                                                                                                                                                                      • Part of subcall function 002E27E0: std::_Lockit::_Lockit.LIBCPMT ref: 002E27FD
                                                                                                                                                                      • Part of subcall function 002E27E0: std::_Lockit::~_Lockit.LIBCPMT ref: 002E2819
                                                                                                                                                                    • collate.LIBCPMT ref: 0036A4FB
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0036A518
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0036A537
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0036A540
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowcollate
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2363045490-0
                                                                                                                                                                    • Opcode ID: 1b217749077881e0a47179b98012a229946a1350d3d6089f7a1ff09df1ad1b85
                                                                                                                                                                    • Instruction ID: 6f02a181ab00c303db0c63b329c05bc1846e21f05a1639df5fae6ce3d3d3aeae
                                                                                                                                                                    • Opcode Fuzzy Hash: 1b217749077881e0a47179b98012a229946a1350d3d6089f7a1ff09df1ad1b85
                                                                                                                                                                    • Instruction Fuzzy Hash: 2201E1729005559BCF07EB60D842ABDB375AF80320F50801AF5127F2A2DFB8AE04DF91
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0036A54D, Relevance: 9.1, APIs: 6, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 0036A554
                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0036A55E
                                                                                                                                                                      • Part of subcall function 002E27E0: std::_Lockit::_Lockit.LIBCPMT ref: 002E27FD
                                                                                                                                                                      • Part of subcall function 002E27E0: std::_Lockit::~_Lockit.LIBCPMT ref: 002E2819
                                                                                                                                                                    • messages.LIBCPMT ref: 0036A598
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0036A5B5
                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0036A5D4
                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0036A5DD
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_H_prolog3RegisterThrowmessages
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 438560357-0
                                                                                                                                                                    • Opcode ID: a45cc5f4c38dbb4129860063a5a9081e45557d8a4e0d288c74a00a78abe57bad
                                                                                                                                                                    • Instruction ID: 2a5fe10875975f12e060970dc5df5081eafa1450ee8d1a8f20c0d54959557953
                                                                                                                                                                    • Opcode Fuzzy Hash: a45cc5f4c38dbb4129860063a5a9081e45557d8a4e0d288c74a00a78abe57bad
                                                                                                                                                                    • Instruction Fuzzy Hash: 6C018E769006189BCB07EB60C852ABEB375BF44751F104019F6127F291DFB89A049B95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00325F10, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 003260E9
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 003260C2
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00326110
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Exception@8Throw$DispatcherExceptionUser
                                                                                                                                                                    • String ID: L>F$L>F
                                                                                                                                                                    • API String ID: 4200477539-2142156882
                                                                                                                                                                    • Opcode ID: bfea67d35f071ee53568f4eb79d494dcdd3b6381370124e1630dcd39f6752681
                                                                                                                                                                    • Instruction ID: ec68c1675d034f1b295f4e4d243b53704b33157fb7afa3bca5422f28abaa9b1c
                                                                                                                                                                    • Opcode Fuzzy Hash: bfea67d35f071ee53568f4eb79d494dcdd3b6381370124e1630dcd39f6752681
                                                                                                                                                                    • Instruction Fuzzy Hash: E6610770E08755EFD316CF28E0417BABBF4AF59300F71859EE08A8B642D3749941CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0037A630, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                    • String ID: 2F
                                                                                                                                                                    • API String ID: 1385522511-3049467686
                                                                                                                                                                    • Opcode ID: 4a00e9926363b02fa48d247cfa75647b0f128e8c38b38919cb1283d3f0968f26
                                                                                                                                                                    • Instruction ID: c5f8fd4c4b775ebaad058d63437f706e6f7d08d804f6da5495bba983997746c5
                                                                                                                                                                    • Opcode Fuzzy Hash: 4a00e9926363b02fa48d247cfa75647b0f128e8c38b38919cb1283d3f0968f26
                                                                                                                                                                    • Instruction Fuzzy Hash: 1B61F170900694CFCB26CFA8C951B9DB7F0BB45315F1082A9E519AB3D0E7789E05CBA6
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003068B0, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 002EAC10: new.LIBCMT ref: 002EAC3E
                                                                                                                                                                      • Part of subcall function 002EAC10: std::locale::_Init.LIBCPMT ref: 002EAC55
                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00306A4E
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InitIos_base_dtorstd::ios_base::_std::locale::_
                                                                                                                                                                    • String ID: <unspecified file>$HEB$L2C$T2C
                                                                                                                                                                    • API String ID: 3469404174-2741267636
                                                                                                                                                                    • Opcode ID: ef6ee8a8b1617aec5aaeb80720174becd7a1c000c2709ac1233e8a833a45a3dc
                                                                                                                                                                    • Instruction ID: 2dfee5781b17b663bfe318f3af5a8546b1b2858425e79819c02872bf7250e168
                                                                                                                                                                    • Opcode Fuzzy Hash: ef6ee8a8b1617aec5aaeb80720174becd7a1c000c2709ac1233e8a833a45a3dc
                                                                                                                                                                    • Instruction Fuzzy Hash: C3416DB5D01358DBEF24DF94DC45F9AB7B8FB04314F4041AAE809AB281E7746A88CF51
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00318360, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_type_info_name.LIBVCRUNTIME ref: 0031846A
                                                                                                                                                                    Strings
                                                                                                                                                                    • class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __thiscall boost::property_tree::string_path<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct boost::property_tree::id_transla, xrefs: 00318381
                                                                                                                                                                    • conversion of data to type ", xrefs: 0031843A
                                                                                                                                                                    • class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std, xrefs: 003184AD
                                                                                                                                                                    • " failed, xrefs: 00318480
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_type_info_name
                                                                                                                                                                    • String ID: " failed$class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std$class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > __thiscall boost::property_tree::string_path<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct boost::property_tree::id_transla$conversion of data to type "
                                                                                                                                                                    • API String ID: 1734802720-1946069150
                                                                                                                                                                    • Opcode ID: cabe2043fa2db5e932fb9c26c2b556d2ea0d9f9bc48cb257216d6969ac99cf90
                                                                                                                                                                    • Instruction ID: 74a19079120714052e70d0b96033c75302f5610377b3b23c9bba5fefc00d612d
                                                                                                                                                                    • Opcode Fuzzy Hash: cabe2043fa2db5e932fb9c26c2b556d2ea0d9f9bc48cb257216d6969ac99cf90
                                                                                                                                                                    • Instruction Fuzzy Hash: 49412375C0424CABDB29DBA4C805BDFBBB8EF09310F10461AE851BB2C2DB756944CBA5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003711D0, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102libraryloaderCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32.DLL,GetTickCount64,00000000,06E5DBC0,74B05520,0040C324), ref: 00371210
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00371217
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                    • String ID: GetTickCount64$KERNEL32.DLL
                                                                                                                                                                    • API String ID: 1646373207-3320051239
                                                                                                                                                                    • Opcode ID: e8535e37e765efa64440a40bf8ac406ff905c38fa486289aaecfb11cb510fcb2
                                                                                                                                                                    • Instruction ID: 2425a8e227eef9cf634b1d75cd58c24e44a53d9585d6d4d7775ba4a29930e290
                                                                                                                                                                    • Opcode Fuzzy Hash: e8535e37e765efa64440a40bf8ac406ff905c38fa486289aaecfb11cb510fcb2
                                                                                                                                                                    • Instruction Fuzzy Hash: CE310573A042009BD736DB2CD884B5A7BE5EBD5360F15CA2DF05AC72E2D778D8448745
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0030FDF0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94threadCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 0030FE4C
                                                                                                                                                                      • Part of subcall function 003111B0: __CxxThrowException@8.LIBVCRUNTIME ref: 00311204
                                                                                                                                                                      • Part of subcall function 002F54E0: CloseHandle.KERNEL32(00000000,06E5DBC0), ref: 002F5535
                                                                                                                                                                      • Part of subcall function 002F54E0: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,06E5DBC0,?,?,?,06E5DBC0,?,00370E1D,06E5DBC0), ref: 002F5547
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 0030FEB7
                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0030FEF2
                                                                                                                                                                      • Part of subcall function 00372720: __Init_thread_footer.LIBCMT ref: 00372783
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy$CloseCurrentException@8HandleInit_thread_footerObjectSingleThreadThrowWait
                                                                                                                                                                    • String ID: PC$$
                                                                                                                                                                    • API String ID: 169746467-1943658837
                                                                                                                                                                    • Opcode ID: bdaf0b8cbb7d16dc5a782686dcc518f8d68db925afaefafdba903a94f2956c11
                                                                                                                                                                    • Instruction ID: 7e63a905f9c63537b2f8983d0da302212d30f0a07d9ca0746f86ba1e5a1d4847
                                                                                                                                                                    • Opcode Fuzzy Hash: bdaf0b8cbb7d16dc5a782686dcc518f8d68db925afaefafdba903a94f2956c11
                                                                                                                                                                    • Instruction Fuzzy Hash: 23416DB1D002589FCB21DFA4D5457DEFBF8EF08314F60822AE814A7682D7B95548CFA4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003369A0, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___swprintf_l
                                                                                                                                                                    • String ID: Data$Header$[%s %s %s]$from
                                                                                                                                                                    • API String ID: 48624451-3178933089
                                                                                                                                                                    • Opcode ID: 981a8bde1e4bf8ac301ae56ac2914436b1dbd9811ee2de579cb5d6c3ddfaf0aa
                                                                                                                                                                    • Instruction ID: 86ec1b8430969c0ce723bf0d694c22dc9d53e22914f314a794c4b8a816709aad
                                                                                                                                                                    • Opcode Fuzzy Hash: 981a8bde1e4bf8ac301ae56ac2914436b1dbd9811ee2de579cb5d6c3ddfaf0aa
                                                                                                                                                                    • Instruction Fuzzy Hash: F41105B5A10208AFDB16DE28DC92BFA73ACEF85310F04C1ADF9455B241E731AE5087A5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F0863, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,003F0858,00000003,?,003F07F8,00000003,00457348,0000000C,003F090B,00000003,00000002), ref: 003F0883
                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 003F0896
                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,003F0858,00000003,?,003F07F8,00000003,00457348,0000000C,003F090B,00000003,00000002,00000000), ref: 003F08B9
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                    • Opcode ID: e19dfaa7c8b1a64cabb04fc57341cb07944018b503269fc70bb6ec885073c0a3
                                                                                                                                                                    • Instruction ID: 78b5f283cb56019da2e6d14eb9fc45f89e0fbc09c20ba9110d42cf67f9652048
                                                                                                                                                                    • Opcode Fuzzy Hash: e19dfaa7c8b1a64cabb04fc57341cb07944018b503269fc70bb6ec885073c0a3
                                                                                                                                                                    • Instruction Fuzzy Hash: 7CF0AF31A0021CBFDB169F94DC09BEEBFB8EF04751F118179F809A2251CF359A41CA99
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003D77A1, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 003D77BD
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 003D77CD
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    • std::__non_rtti_object::__construct_from_string_literal.LIBVCRUNTIME ref: 003D77F8
                                                                                                                                                                    Strings
                                                                                                                                                                    • Bad read pointer - no RTTI data!, xrefs: 003D77EF
                                                                                                                                                                    • Attempted a typeid of nullptr pointer!, xrefs: 003D77B4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::__non_rtti_object::__construct_from_string_literal$DispatcherExceptionException@8ThrowUser
                                                                                                                                                                    • String ID: Attempted a typeid of nullptr pointer!$Bad read pointer - no RTTI data!
                                                                                                                                                                    • API String ID: 2590406442-4195314292
                                                                                                                                                                    • Opcode ID: 6e912b3f3f0079c78841cda1d920ec2b2586f6b166b63c658bcc6761e04d1824
                                                                                                                                                                    • Instruction ID: 12f24ab488ff41ced797aee26f44754dc6fd3bb93332e18999447c4c0f50e28d
                                                                                                                                                                    • Opcode Fuzzy Hash: 6e912b3f3f0079c78841cda1d920ec2b2586f6b166b63c658bcc6761e04d1824
                                                                                                                                                                    • Instruction Fuzzy Hash: 2EF09033708304AEDB11DAA4E846E9D73E8AB04F11BB08447F500AB2C1FB78EE089618
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003FB940, Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a0d33ed94d6262f603277789262fcc7d312d02a44e5786710ae469f6d86179b0
                                                                                                                                                                    • Instruction ID: 4ec62cdd002524f807282aa84316a94d35f7bff8dc51c442f130051ff0f1f833
                                                                                                                                                                    • Opcode Fuzzy Hash: a0d33ed94d6262f603277789262fcc7d312d02a44e5786710ae469f6d86179b0
                                                                                                                                                                    • Instruction Fuzzy Hash: 9571B1B590025EDBCF328F55C885ABFFB79EF45310F264269EA1067295DB708D41CBA0
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00385CB0, Relevance: 7.7, APIs: 5, Instructions: 195COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00385CFE
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                      • Part of subcall function 00383BA0: ___std_exception_copy.LIBVCRUNTIME ref: 00383BC7
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00385D5E
                                                                                                                                                                      • Part of subcall function 00383C10: ___std_exception_copy.LIBVCRUNTIME ref: 00383C37
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00385DBE
                                                                                                                                                                      • Part of subcall function 00383C80: ___std_exception_copy.LIBVCRUNTIME ref: 00383CA7
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00385E1E
                                                                                                                                                                      • Part of subcall function 00383D10: ___std_exception_copy.LIBVCRUNTIME ref: 00383D37
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00385E7E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Exception@8Throw$___std_exception_copy$DispatcherExceptionUser
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2581116207-0
                                                                                                                                                                    • Opcode ID: d2fd3b3155342f9552e56644dbb7e0ea55989dbda8e859817fbf095c85813a02
                                                                                                                                                                    • Instruction ID: 0a4b2ce562c6f28f4cc76adaee194bb53f94920ff0d5f3476d891fd32db31929
                                                                                                                                                                    • Opcode Fuzzy Hash: d2fd3b3155342f9552e56644dbb7e0ea55989dbda8e859817fbf095c85813a02
                                                                                                                                                                    • Instruction Fuzzy Hash: 36412FB590024CFBDB02EBE4CC45FCEBBBCEB04B14F504A62F511A7691D639A6188765
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F1281, Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _free
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                    • Opcode ID: 06bb80169376af59f7ea823fc9606d1448ce981717396e912750418e3b2f2fff
                                                                                                                                                                    • Instruction ID: 03d19bd29eecc2384700fda71a8f7dd7227a006a500f976e7c6d232745be0c4a
                                                                                                                                                                    • Opcode Fuzzy Hash: 06bb80169376af59f7ea823fc9606d1448ce981717396e912750418e3b2f2fff
                                                                                                                                                                    • Instruction Fuzzy Hash: B841E436A00204DFCB25DF78C881A6EB7B5EF89714B168569E615EB391E731AD01CB80
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00380240, Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 49521ef72017298f93786ca71b3f31af9576f6755d8c7048f07c4739a8bf98d4
                                                                                                                                                                    • Instruction ID: 25fbcc1fd86539327c25fb59b88c13ae8d56675206503581786141e3b99849ef
                                                                                                                                                                    • Opcode Fuzzy Hash: 49521ef72017298f93786ca71b3f31af9576f6755d8c7048f07c4739a8bf98d4
                                                                                                                                                                    • Instruction Fuzzy Hash: 2E216B756007449BD72ABB24C805B6EB3D8EF00720F114A7EF819C7291DBB8DD488791
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F7144, Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,003E4D6E,003EDB52,?,003F70EE,00000001,00000364,?,003EC7C4,00457268,00000010), ref: 003F7149
                                                                                                                                                                    • _free.LIBCMT ref: 003F717E
                                                                                                                                                                    • _free.LIBCMT ref: 003F71A5
                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 003F71B2
                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 003F71BB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3170660625-0
                                                                                                                                                                    • Opcode ID: 4f7eadc05c386857afbe89e302ddd72e238ed89845bf999c7cf444d25f2ba9dc
                                                                                                                                                                    • Instruction ID: 0518de1d8c4efd10f7bc7548ccec713608c719af91aa7e9a7ef8c514bf59eb85
                                                                                                                                                                    • Opcode Fuzzy Hash: 4f7eadc05c386857afbe89e302ddd72e238ed89845bf999c7cf444d25f2ba9dc
                                                                                                                                                                    • Instruction Fuzzy Hash: 96017872248A183782132739AC8AE7B226E9BC03717230239FA05962C2EE248C0A4830
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003FEED9, Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • _free.LIBCMT ref: 003FEEF1
                                                                                                                                                                      • Part of subcall function 003EE435: RtlFreeHeap.NTDLL(00000000,00000000,?,003FF18C,?,00000000,?,00000000,?,003FF430,?,00000007,?,?,003FF819,?), ref: 003EE44B
                                                                                                                                                                      • Part of subcall function 003EE435: GetLastError.KERNEL32(?,?,003FF18C,?,00000000,?,00000000,?,003FF430,?,00000007,?,?,003FF819,?,?), ref: 003EE45D
                                                                                                                                                                    • _free.LIBCMT ref: 003FEF03
                                                                                                                                                                    • _free.LIBCMT ref: 003FEF15
                                                                                                                                                                    • _free.LIBCMT ref: 003FEF27
                                                                                                                                                                    • _free.LIBCMT ref: 003FEF39
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                    • Opcode ID: 40ef247290c9210b19e43c276488551cca62ef9502fba9006c295257a9536388
                                                                                                                                                                    • Instruction ID: a97f4f1c46ecbafc5d96f1b67f1ba5779a9bb6cd9da790f8336743553b8a6a65
                                                                                                                                                                    • Opcode Fuzzy Hash: 40ef247290c9210b19e43c276488551cca62ef9502fba9006c295257a9536388
                                                                                                                                                                    • Instruction Fuzzy Hash: 0EF02433004714AFC622EF1AF882C2A37F9EA447203E64D15F108CB5A2CB34FC808E68
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003EF491, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: __freea$_free
                                                                                                                                                                    • String ID: a/p$am/pm
                                                                                                                                                                    • API String ID: 3432400110-3206640213
                                                                                                                                                                    • Opcode ID: 6de2c1659bb7bf491b9914bc48f5f2cf5832a9ad43d6f60ac5cd3221ca0006da
                                                                                                                                                                    • Instruction ID: d8803f36e62981f34b7963d1d09d31d6e1517dc48c0004ac3cac487e60186fba
                                                                                                                                                                    • Opcode Fuzzy Hash: 6de2c1659bb7bf491b9914bc48f5f2cf5832a9ad43d6f60ac5cd3221ca0006da
                                                                                                                                                                    • Instruction Fuzzy Hash: 2CD127329002A6DFDB2A9F6AC855BBAB7B4FF05300F25437AE9059B6D0D3B59D40CB50
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003C87C0, Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 325COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 003C8891
                                                                                                                                                                    • new.LIBCMT ref: 003C89AE
                                                                                                                                                                      • Part of subcall function 003C51C0: new.LIBCMT ref: 003C51C2
                                                                                                                                                                      • Part of subcall function 003C5100: new.LIBCMT ref: 003C5102
                                                                                                                                                                      • Part of subcall function 00372A71: __onexit.LIBCMT ref: 00372A77
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Init_thread_footer__onexit
                                                                                                                                                                    • String ID: ::<$list<T> too long
                                                                                                                                                                    • API String ID: 1881088180-3291033661
                                                                                                                                                                    • Opcode ID: 73c342984b2d29bc43a9e9b562070c6e598d5df282a5fec5a84085d2a8d3ab40
                                                                                                                                                                    • Instruction ID: 8eb1b52108411984bf94e32cdd76594ab48c79e08a71d4c1894d3107ed5e630f
                                                                                                                                                                    • Opcode Fuzzy Hash: 73c342984b2d29bc43a9e9b562070c6e598d5df282a5fec5a84085d2a8d3ab40
                                                                                                                                                                    • Instruction Fuzzy Hash: 5BD17974A00245AFCB16DF58C880BADB7B5FF48325F15816DE806EB384EB75AE04CB95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003B5690, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • new.LIBCMT ref: 003B56EA
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 003B57D5
                                                                                                                                                                    • IsValidCodePage.KERNEL32(?,?,?,06E5DBC0,00000000,00000000,00000000), ref: 003B5891
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CodeException@8PageThrowValid
                                                                                                                                                                    • String ID: or
                                                                                                                                                                    • API String ID: 1505816564-3835348867
                                                                                                                                                                    • Opcode ID: caf345634e88c58c3ddb14fc4445947007e717dd3094cc5908a6fb737cccb607
                                                                                                                                                                    • Instruction ID: 64bdb52f0674a10683dfeefa830ab8551e169ad9d5ffd05e3bb140c059f7b49c
                                                                                                                                                                    • Opcode Fuzzy Hash: caf345634e88c58c3ddb14fc4445947007e717dd3094cc5908a6fb737cccb607
                                                                                                                                                                    • Instruction Fuzzy Hash: DB71E671A00249DFCB21CFA4C885BEEBBF9EF08724F144629E915A7781D735A944CBA0
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002EA1F0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: <2C
                                                                                                                                                                    • API String ID: 0-3499459005
                                                                                                                                                                    • Opcode ID: e61b30113d9ac181665e7f2373cf42564e2a2c43a13220dd87e17b129af1e14a
                                                                                                                                                                    • Instruction ID: 55ecb952182fa975b8601f393df16637b7f49bc771779a3251d91241adccc624
                                                                                                                                                                    • Opcode Fuzzy Hash: e61b30113d9ac181665e7f2373cf42564e2a2c43a13220dd87e17b129af1e14a
                                                                                                                                                                    • Instruction Fuzzy Hash: 4651FE706002858FCB24DF69D484B5ABBE8FB08314F40856EF909CB781D376F954CB95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00319120, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0031C1E0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0031C33C
                                                                                                                                                                    • ___std_type_info_name.LIBVCRUNTIME ref: 00319216
                                                                                                                                                                    Strings
                                                                                                                                                                    • conversion of type ", xrefs: 003191EC
                                                                                                                                                                    • void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_, xrefs: 0031925C
                                                                                                                                                                    • " to data failed, xrefs: 0031922C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Ios_base_dtor___std_type_info_namestd::ios_base::_
                                                                                                                                                                    • String ID: " to data failed$conversion of type "$void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_
                                                                                                                                                                    • API String ID: 2756934762-3578818472
                                                                                                                                                                    • Opcode ID: 1785dd3e3c0a3b0a7ba97a623f94b4d6031d68d55e1545de3508bd39d23f1f2d
                                                                                                                                                                    • Instruction ID: 3d0dd9c675c52b9048503bb84590672847ea67952954cb49dcae7bf95948cfc9
                                                                                                                                                                    • Opcode Fuzzy Hash: 1785dd3e3c0a3b0a7ba97a623f94b4d6031d68d55e1545de3508bd39d23f1f2d
                                                                                                                                                                    • Instruction Fuzzy Hash: 8841D871904248FFDB19DBA4CC55FDFBBB8AF09304F10416AE811AB2C1DB756A44C791
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00319270, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0031C050: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0031C1AC
                                                                                                                                                                    • ___std_type_info_name.LIBVCRUNTIME ref: 00319366
                                                                                                                                                                    Strings
                                                                                                                                                                    • conversion of type ", xrefs: 0031933C
                                                                                                                                                                    • void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_, xrefs: 003193AC
                                                                                                                                                                    • " to data failed, xrefs: 0031937C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Ios_base_dtor___std_type_info_namestd::ios_base::_
                                                                                                                                                                    • String ID: " to data failed$conversion of type "$void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_
                                                                                                                                                                    • API String ID: 2756934762-3578818472
                                                                                                                                                                    • Opcode ID: c800eda2830b9ac39dbe1e74e8269cb053d7c6b2037d674db955871237e0f0b0
                                                                                                                                                                    • Instruction ID: 2bb8c2ba4391a6a8c0d9d053c0cd8169663c1f85bffd20762794de7c607197ae
                                                                                                                                                                    • Opcode Fuzzy Hash: c800eda2830b9ac39dbe1e74e8269cb053d7c6b2037d674db955871237e0f0b0
                                                                                                                                                                    • Instruction Fuzzy Hash: 2941E87190424CEFDB19DBA4C855FEEBBB8AF09304F10455AF812BB2C2DB756A44C791
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0031A900, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0031BD20: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0031BE7C
                                                                                                                                                                    • ___std_type_info_name.LIBVCRUNTIME ref: 0031A9F6
                                                                                                                                                                    Strings
                                                                                                                                                                    • conversion of type ", xrefs: 0031A9CC
                                                                                                                                                                    • void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_, xrefs: 0031AA3C
                                                                                                                                                                    • " to data failed, xrefs: 0031AA0C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Ios_base_dtor___std_type_info_namestd::ios_base::_
                                                                                                                                                                    • String ID: " to data failed$conversion of type "$void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_
                                                                                                                                                                    • API String ID: 2756934762-3578818472
                                                                                                                                                                    • Opcode ID: 67d1f87d4166bf9155580bedb897a65a3fd64f75f8dffbdff2657e042a075be2
                                                                                                                                                                    • Instruction ID: 689c36aa9e65028b741b726e635bf9464ab5b142034ff4186b98447e626e2b97
                                                                                                                                                                    • Opcode Fuzzy Hash: 67d1f87d4166bf9155580bedb897a65a3fd64f75f8dffbdff2657e042a075be2
                                                                                                                                                                    • Instruction Fuzzy Hash: C841C57190424CAFDB1ADBA4C855FEEBBB8AF08304F104159E851AB2C1DB756A44C791
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0031AA50, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0031BB90: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0031BCEC
                                                                                                                                                                    • ___std_type_info_name.LIBVCRUNTIME ref: 0031AB46
                                                                                                                                                                    Strings
                                                                                                                                                                    • void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_, xrefs: 0031AB8C
                                                                                                                                                                    • conversion of type ", xrefs: 0031AB1C
                                                                                                                                                                    • " to data failed, xrefs: 0031AB5C
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Ios_base_dtor___std_type_info_namestd::ios_base::_
                                                                                                                                                                    • String ID: " to data failed$conversion of type "$void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_
                                                                                                                                                                    • API String ID: 2756934762-3578818472
                                                                                                                                                                    • Opcode ID: 170d81963d6811e7f78cf5b562dd59ed72ae8cee4cea3f2e1c40d157a3532f5b
                                                                                                                                                                    • Instruction ID: ec26e2fe30398f21c37160862554da93d9945104a8c196cd1d566a3aaa31f037
                                                                                                                                                                    • Opcode Fuzzy Hash: 170d81963d6811e7f78cf5b562dd59ed72ae8cee4cea3f2e1c40d157a3532f5b
                                                                                                                                                                    • Instruction Fuzzy Hash: AA41C571904248EEDB19DBA4C955FEEBBB8AF08304F104159F802AB2C2DB756A44C791
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00313370, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 003133FE
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    • new.LIBCMT ref: 00313442
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8ThrowUser
                                                                                                                                                                    • String ID: t2B$t2B
                                                                                                                                                                    • API String ID: 2513928553-3888122593
                                                                                                                                                                    • Opcode ID: 73d5d38ca6bc98c08ef67fe99b861fa1d37a419f320fdb1723af7ec671d4639f
                                                                                                                                                                    • Instruction ID: b9180d1d227425852d024df30ac8ea4586dac7456995562aeb867d1c71af3281
                                                                                                                                                                    • Opcode Fuzzy Hash: 73d5d38ca6bc98c08ef67fe99b861fa1d37a419f320fdb1723af7ec671d4639f
                                                                                                                                                                    • Instruction Fuzzy Hash: 314160B1A00659EFCB00CF58D844B9AFBF8FB05714F50865AE814AB781D7B9AA04CFD4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003184C0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_type_info_name.LIBVCRUNTIME ref: 00318595
                                                                                                                                                                    Strings
                                                                                                                                                                    • conversion of data to type ", xrefs: 00318568
                                                                                                                                                                    • bool __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_, xrefs: 003185D5
                                                                                                                                                                    • " failed, xrefs: 003185AB
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_type_info_name
                                                                                                                                                                    • String ID: " failed$bool __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_$conversion of data to type "
                                                                                                                                                                    • API String ID: 1734802720-918919259
                                                                                                                                                                    • Opcode ID: d28c9f0c2f8a36d88ae3c636f5c63b7101a0fcbf8930eb819f65af91e9f60158
                                                                                                                                                                    • Instruction ID: a66ea771c9835bd6cc8b0b47958e4ee6cc0bda1d6c09da735737096cdf00276d
                                                                                                                                                                    • Opcode Fuzzy Hash: d28c9f0c2f8a36d88ae3c636f5c63b7101a0fcbf8930eb819f65af91e9f60158
                                                                                                                                                                    • Instruction Fuzzy Hash: 3B31E471A04288EFDB15DBA4C905FDFBBB8EF19304F14419AF801AB382DB799A04C765
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00318D20, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_type_info_name.LIBVCRUNTIME ref: 00318DF3
                                                                                                                                                                    Strings
                                                                                                                                                                    • conversion of type ", xrefs: 00318DC9
                                                                                                                                                                    • void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_, xrefs: 00318E36
                                                                                                                                                                    • " to data failed, xrefs: 00318E06
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_type_info_name
                                                                                                                                                                    • String ID: " to data failed$conversion of type "$void __thiscall boost::property_tree::basic_ptree<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> >,struct std::less<class std::basic_
                                                                                                                                                                    • API String ID: 1734802720-3578818472
                                                                                                                                                                    • Opcode ID: f7f45ffe45e57d445d94c8bff07a164cd26653f5cba00fd02e86d95e810aa97f
                                                                                                                                                                    • Instruction ID: 90eba8dd7cc019666eb024c28b89ca76efdb888f354dfbd174aa76a24b1b6e7c
                                                                                                                                                                    • Opcode Fuzzy Hash: f7f45ffe45e57d445d94c8bff07a164cd26653f5cba00fd02e86d95e810aa97f
                                                                                                                                                                    • Instruction Fuzzy Hash: D2313971D0424CAACB16DBA4C895FEFBBB8AF09300F10455AF451B72C1DF795A48CBA4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002EE7C0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 002EE590: ___std_exception_copy.LIBVCRUNTIME ref: 002EE5D3
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 002EE84E
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    • new.LIBCMT ref: 002EE888
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8ThrowUser___std_exception_copy
                                                                                                                                                                    • String ID: h6C$t2B
                                                                                                                                                                    • API String ID: 2739578831-3780089853
                                                                                                                                                                    • Opcode ID: 6c24c291153c51de9afde54101dede0c7fa5c0028f7978fd21e9d25d16711284
                                                                                                                                                                    • Instruction ID: 3ec8f78bf3441ab3e8acd24fa2c3ea7a8d1ab0927d0a250b52815dabdfc923ff
                                                                                                                                                                    • Opcode Fuzzy Hash: 6c24c291153c51de9afde54101dede0c7fa5c0028f7978fd21e9d25d16711284
                                                                                                                                                                    • Instruction Fuzzy Hash: 1C31A0B5D14208EFDB04CF98D845BAEB7F8FB08714F00866AF825A7381D778A9048F94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00374AD0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000,06E5DBC0), ref: 00374B02
                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000,00300B28), ref: 00374B3D
                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00374B47
                                                                                                                                                                    Strings
                                                                                                                                                                    • boost::filesystem::current_path, xrefs: 00374B51
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CurrentDirectory$ErrorLast
                                                                                                                                                                    • String ID: boost::filesystem::current_path
                                                                                                                                                                    • API String ID: 1128942804-4026011040
                                                                                                                                                                    • Opcode ID: 7e23ca6047361e086d32f0dd201432fd3d2ecf88ce10412ef11565b430d9fdba
                                                                                                                                                                    • Instruction ID: 73c3d459dfd986eef8f857873c0eab3e23d9bded0bc0081cbc941790b8f3d172
                                                                                                                                                                    • Opcode Fuzzy Hash: 7e23ca6047361e086d32f0dd201432fd3d2ecf88ce10412ef11565b430d9fdba
                                                                                                                                                                    • Instruction Fuzzy Hash: E221D771600245ABD7109F68DC06BABBBECEF84710F05853AF80AC7690E7B9EA04C7D5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00324C30, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 00324C73
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                    • String ID: 9Z2$dPB$l2B
                                                                                                                                                                    • API String ID: 2659868963-2702590916
                                                                                                                                                                    • Opcode ID: e1988e66c34430ee4bb356560d58a94102028d9ff3721c0e4d4e0099a61685e1
                                                                                                                                                                    • Instruction ID: bac00bb59c4eb5404daab129a5b5d5f41164393aa54c7c24c3870f9ffc431d46
                                                                                                                                                                    • Opcode Fuzzy Hash: e1988e66c34430ee4bb356560d58a94102028d9ff3721c0e4d4e0099a61685e1
                                                                                                                                                                    • Instruction Fuzzy Hash: B72115B1A00725EFCB15CF59D880A56BBF8FF49720B11CA6AE819DBA11D374E914CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0031AD00, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 0031AD43
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                    • String ID: 91$dPB$l2B
                                                                                                                                                                    • API String ID: 2659868963-216996581
                                                                                                                                                                    • Opcode ID: bb15693a1258de4499bad44f552913638d96be2d13574c74d4299f28e4ca6d43
                                                                                                                                                                    • Instruction ID: 0fa18a92bfafa2b6b9746e92f8de203a63369111850b695c72792dd94f34fb05
                                                                                                                                                                    • Opcode Fuzzy Hash: bb15693a1258de4499bad44f552913638d96be2d13574c74d4299f28e4ca6d43
                                                                                                                                                                    • Instruction Fuzzy Hash: 802157B1A00B15DFC714CF19D880A9ABBF8FF09721B10C66AE819DBA01D374E914CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FA770, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002FA7B3
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                    • String ID: dPB$l2B$yM/
                                                                                                                                                                    • API String ID: 2659868963-36141450
                                                                                                                                                                    • Opcode ID: bba25e745f43324f2f447971b3245f355700e7d275672ea0f4d3e4ecb0ce3979
                                                                                                                                                                    • Instruction ID: 857071c7cda6c7093baf9a134f9452ee47da334ea4d22cc5596259b67fb4c7bc
                                                                                                                                                                    • Opcode Fuzzy Hash: bba25e745f43324f2f447971b3245f355700e7d275672ea0f4d3e4ecb0ce3979
                                                                                                                                                                    • Instruction Fuzzy Hash: 002147B5A10619DFC710CF59D880A5AFBF8FF09720B50CA6BE819DBB00D374EA148B94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002EE590, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002EE5D3
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                    • String ID: I.$dPB$l2B
                                                                                                                                                                    • API String ID: 2659868963-3311594433
                                                                                                                                                                    • Opcode ID: 50589239488d89e5a75c65e4524a62893ad4834ae2517051715f998ff48aaef6
                                                                                                                                                                    • Instruction ID: 131abe5426ac0a809bfdfbd161317ab823d9e76b6f1cc8dd04500b1c5a3a79aa
                                                                                                                                                                    • Opcode Fuzzy Hash: 50589239488d89e5a75c65e4524a62893ad4834ae2517051715f998ff48aaef6
                                                                                                                                                                    • Instruction Fuzzy Hash: 1C2127B1A10655DFCB10CF59D880A56FBF8FB09720B51CA6AE819DB700E374E914CBA4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003CADD0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 60COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 003CAE6E
                                                                                                                                                                      • Part of subcall function 003C87C0: __Init_thread_footer.LIBCMT ref: 003C8891
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Init_thread_footer___std_exception_copy
                                                                                                                                                                    • String ID: "<$::<$::<
                                                                                                                                                                    • API String ID: 80980709-789738095
                                                                                                                                                                    • Opcode ID: 052192974ef38579141281090b75affd65490b648b6c5b5967b551a3582f25c3
                                                                                                                                                                    • Instruction ID: 70a78777f5922808d8ce6079036c66e2b9f7e618a0f6e1f11f31d6ef3df1bd0e
                                                                                                                                                                    • Opcode Fuzzy Hash: 052192974ef38579141281090b75affd65490b648b6c5b5967b551a3582f25c3
                                                                                                                                                                    • Instruction Fuzzy Hash: 5F118171D0424D9BCF01DFA4D842BDEBBB8EB08714F40822AF810B6281E77596588F95
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FB180, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 002FB207
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                    • String ID: 05B$dPB$l2B
                                                                                                                                                                    • API String ID: 4194217158-169140585
                                                                                                                                                                    • Opcode ID: d70bfddb8d2340ac99103c69cfd2de762fd09c665f5a5d7a129924d0d199eaa5
                                                                                                                                                                    • Instruction ID: 3c3ebd38ffa38a464b7eb33b711d656d1d10dedf02414cad1671f5a6bd40c79b
                                                                                                                                                                    • Opcode Fuzzy Hash: d70bfddb8d2340ac99103c69cfd2de762fd09c665f5a5d7a129924d0d199eaa5
                                                                                                                                                                    • Instruction Fuzzy Hash: 651106B1B00A59ABC711CF09D810B26F7B8FF44720F10C22AD5295B780E779E910CBC4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00313280, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 00313307
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                    • String ID: dPB$l2B$iB
                                                                                                                                                                    • API String ID: 4194217158-155138513
                                                                                                                                                                    • Opcode ID: 4348d75443730d0230b1b74af51d7e468223cb608a8dbd4694b4b4bc13667eaa
                                                                                                                                                                    • Instruction ID: e14605413b12a7928d1dddd41b98c834b311fa578356e4229ccded9c1579ce12
                                                                                                                                                                    • Opcode Fuzzy Hash: 4348d75443730d0230b1b74af51d7e468223cb608a8dbd4694b4b4bc13667eaa
                                                                                                                                                                    • Instruction Fuzzy Hash: E81125F1A00B519BC715DF48D801B56F7A8FF48B20F11CB2AE4259B780E739E9148BC8
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FB900, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 002FB987
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                    • String ID: dPB$l2B$3B
                                                                                                                                                                    • API String ID: 4194217158-1231784975
                                                                                                                                                                    • Opcode ID: 10c64624aef37fa096b3c299d50d9c157a9801357f99504139c074c660877061
                                                                                                                                                                    • Instruction ID: 611e814ab4e5844441bec5fb0f6b8265d0a1442837efc26b8b5c7bedb1fdbdb6
                                                                                                                                                                    • Opcode Fuzzy Hash: 10c64624aef37fa096b3c299d50d9c157a9801357f99504139c074c660877061
                                                                                                                                                                    • Instruction Fuzzy Hash: DF11A3B1A00A19DBC711DF14D801B59F7E8FF44B60F10CB2AD5255B780D779E9248F94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002ECC10, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 002ECC97
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                    • String ID: dPB$l2B$WB
                                                                                                                                                                    • API String ID: 4194217158-1224352428
                                                                                                                                                                    • Opcode ID: 8c02b74fa484fbe376eb277d82611f725e60205f111c33d4d6a84da8d2f8a38c
                                                                                                                                                                    • Instruction ID: 8ee04dff7dbaf4b04d22eb818d5babd4a5f27fea3fdc2c23e9642ac7d080fc70
                                                                                                                                                                    • Opcode Fuzzy Hash: 8c02b74fa484fbe376eb277d82611f725e60205f111c33d4d6a84da8d2f8a38c
                                                                                                                                                                    • Instruction Fuzzy Hash: 5E1106B2A44B529BC710CF55D800B4AB7A8FB44B20F60C22BD4255B780D779A8108BC4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002E35E0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ConvertString_com_issue_error_com_util::
                                                                                                                                                                    • String ID: WQL
                                                                                                                                                                    • API String ID: 729922077-1249411209
                                                                                                                                                                    • Opcode ID: 56aa86d4ab6d3bd445e626549d0d3fb99844a7e3aefe77ca12d573cbe59f160b
                                                                                                                                                                    • Instruction ID: 1116c542942e6df4412b3607bcee01670d35dffd804360c6ac33caf2ffb5bea1
                                                                                                                                                                    • Opcode Fuzzy Hash: 56aa86d4ab6d3bd445e626549d0d3fb99844a7e3aefe77ca12d573cbe59f160b
                                                                                                                                                                    • Instruction Fuzzy Hash: 1601C0B2D50755EBD321DF65C801B56F7E8EB45B20F20872EE951A7380D7F4594087D4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00393F80, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • TlsAlloc.KERNEL32(00000000,0037FBEE,00000000), ref: 00393F83
                                                                                                                                                                    • TlsFree.KERNEL32(?,06E5DBC0,00000000,00404730,000000FF,?,libs\log\src\thread_specific.cpp,00000029,TLS capacity depleted,0000000C), ref: 00393FD4
                                                                                                                                                                    Strings
                                                                                                                                                                    • libs\log\src\thread_specific.cpp, xrefs: 00393F9D
                                                                                                                                                                    • TLS capacity depleted, xrefs: 00393F96
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocFree
                                                                                                                                                                    • String ID: TLS capacity depleted$libs\log\src\thread_specific.cpp
                                                                                                                                                                    • API String ID: 265982327-1379514790
                                                                                                                                                                    • Opcode ID: 6332a41cdba24cb6552792ee32a1bb8d637c317239bd3c84525495d35d52f161
                                                                                                                                                                    • Instruction ID: 993e941c6f2af4e7023473408276f4be141d1e885242599e33a96a907f4cae9b
                                                                                                                                                                    • Opcode Fuzzy Hash: 6332a41cdba24cb6552792ee32a1bb8d637c317239bd3c84525495d35d52f161
                                                                                                                                                                    • Instruction Fuzzy Hash: 07F0BE72744654EFC7119F28EC05B85B7A8E70AB20F20477BF925D77D0DB7949008A94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0035C463, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __Getcvt.LIBCPMT ref: 0035C4BB
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(002EF2FE,00000009,?,00000002,?,00000000,?,00000001,?), ref: 0035C509
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(002EF2FE,00000009,00000001,8514C483,?,00000000,?,00000001,?), ref: 0035C57B
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(002EF2FE,00000009,00000001,00000001,?,00000000,?,00000001,?), ref: 0035C5A3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiWide$Getcvt
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3195005509-0
                                                                                                                                                                    • Opcode ID: ef95b3ca43d8017f51cbbdffd947fea52d0a67b5306fce3c070ae9bd4748f9f0
                                                                                                                                                                    • Instruction ID: f75056058649ba0ebb2626c6038e41069c0fc2560b541587c06a44caf0704bc8
                                                                                                                                                                    • Opcode Fuzzy Hash: ef95b3ca43d8017f51cbbdffd947fea52d0a67b5306fce3c070ae9bd4748f9f0
                                                                                                                                                                    • Instruction Fuzzy Hash: 08411471520345AFDB238FA6C851FBA77F9AF05319F169429EC518B1A0D770E848CB40
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003C6B40, Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ab4a1e770766286d84bf8810ca73b6d6de2cf2ba22eec24b346793a1d7464855
                                                                                                                                                                    • Instruction ID: 7e4557d282b5f09ebcb82be3047e89c955fb68cdba000076a751bb3ef23a0b88
                                                                                                                                                                    • Opcode Fuzzy Hash: ab4a1e770766286d84bf8810ca73b6d6de2cf2ba22eec24b346793a1d7464855
                                                                                                                                                                    • Instruction Fuzzy Hash: 9D41BE762006418FC325DF6AC086F6AF3A5EF94321F15C56EE599CB251D730EC64CBA1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003FBF56, Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000006,00000000,0000007F,0042A9F0,00000000,00000000,8B56FF8B,003F1945,?,00000006,00000001,0042A9F0,0000007F,?,8B56FF8B,00000001), ref: 003FBFA3
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003FC02C
                                                                                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 003FC03E
                                                                                                                                                                    • __freea.LIBCMT ref: 003FC047
                                                                                                                                                                      • Part of subcall function 003EE0D4: RtlAllocateHeap.NTDLL(00000000,00000003,00000000,?,00000003,003F7143), ref: 003EE106
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2652629310-0
                                                                                                                                                                    • Opcode ID: a8d36d1ef679b9dcfb50102daecbbde7b0b5f9cd20771cd0640217b68e9c347f
                                                                                                                                                                    • Instruction ID: 291b78ade040aeae3408446577516180bf23306185d9b80fcdc30c009059d879
                                                                                                                                                                    • Opcode Fuzzy Hash: a8d36d1ef679b9dcfb50102daecbbde7b0b5f9cd20771cd0640217b68e9c347f
                                                                                                                                                                    • Instruction Fuzzy Hash: 1131AE72A1021EABDB268F64DC85DFF7BA5EB40310B064128FD14DA190EB3ACD55CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00371080, Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 002F54E0: CloseHandle.KERNEL32(00000000,06E5DBC0), ref: 002F5535
                                                                                                                                                                      • Part of subcall function 002F54E0: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,06E5DBC0,?,?,?,06E5DBC0,?,00370E1D,06E5DBC0), ref: 002F5547
                                                                                                                                                                    • ReleaseSemaphore.KERNEL32(?,?,00000000,06E5DBC0,?,?,?,?,00000000,0040C412,000000FF,?,00370F17), ref: 003710D4
                                                                                                                                                                    • ReleaseSemaphore.KERNEL32(?,?,00000000,?,?,?,?,00000000,0040C412,000000FF,?,00370F17), ref: 003710F5
                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00371137
                                                                                                                                                                    • SetEvent.KERNEL32(00000000), ref: 00371171
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CloseHandleReleaseSemaphore$EventObjectSingleWait
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3698072468-0
                                                                                                                                                                    • Opcode ID: 6559970f92b232653501616b45cd30f2674e29675711330d3326bb2d4a863707
                                                                                                                                                                    • Instruction ID: 07c50b6a218b158dd01bcf44e5dd28a3a830c56ee767c3d426234dc4ba151e32
                                                                                                                                                                    • Opcode Fuzzy Hash: 6559970f92b232653501616b45cd30f2674e29675711330d3326bb2d4a863707
                                                                                                                                                                    • Instruction Fuzzy Hash: A731AD726002049FDF268F58C888B66BBA8FB05710F5586ADED18CB296D739DC10CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003107B0, Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • new.LIBCMT ref: 003107EC
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0031086B
                                                                                                                                                                      • Part of subcall function 0035BA78: __CxxThrowException@8.LIBVCRUNTIME ref: 0035BA8F
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00310870
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Concurrency::cancel_current_task$Exception@8Throw
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3339364867-0
                                                                                                                                                                    • Opcode ID: 125d0a8ba313f7c5b269d0f2f86da89c8f04bec799ae25068b97df5f83351f0f
                                                                                                                                                                    • Instruction ID: e143227815f472ef1d1fb05a660b53ed1b971c5ac05398a990ecfa62090dfff7
                                                                                                                                                                    • Opcode Fuzzy Hash: 125d0a8ba313f7c5b269d0f2f86da89c8f04bec799ae25068b97df5f83351f0f
                                                                                                                                                                    • Instruction Fuzzy Hash: 9F21F3B1904106ABC71EDB68D981D9EF7A8EF08300B104239E919D7291E771FAA4CBE0
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002EA4A0, Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • new.LIBCMT ref: 002EA4D8
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 002EA549
                                                                                                                                                                      • Part of subcall function 0035BA78: __CxxThrowException@8.LIBVCRUNTIME ref: 0035BA8F
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 002EA54E
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Concurrency::cancel_current_task$Exception@8Throw
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3339364867-0
                                                                                                                                                                    • Opcode ID: 104d443f2275aa6a2f0745ff4e77f179184feaf8d2b366903d45c30843966a17
                                                                                                                                                                    • Instruction ID: 16a1e37d8b3aed6af720331da4497937bdbf785dea2c375e89d159203c74a2fd
                                                                                                                                                                    • Opcode Fuzzy Hash: 104d443f2275aa6a2f0745ff4e77f179184feaf8d2b366903d45c30843966a17
                                                                                                                                                                    • Instruction Fuzzy Hash: F81106B1910146ABC719DF6AD985D6EF7A8EF04300B904229FC08D7290D770F974C7A1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FE690, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • new.LIBCMT ref: 002FE6C6
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 002FE730
                                                                                                                                                                      • Part of subcall function 0035BA78: __CxxThrowException@8.LIBVCRUNTIME ref: 0035BA8F
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 002FE735
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Concurrency::cancel_current_task$Exception@8Throw
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3339364867-0
                                                                                                                                                                    • Opcode ID: 6244d1e91eda1ff131b8c9868559cb1786080ece112e63050a8a88273de4b655
                                                                                                                                                                    • Instruction ID: c9b5bf7c32b76de10ba1ce5bbd8743ca6092da8aef4f7b1b3c6e005f7e8ed435
                                                                                                                                                                    • Opcode Fuzzy Hash: 6244d1e91eda1ff131b8c9868559cb1786080ece112e63050a8a88273de4b655
                                                                                                                                                                    • Instruction Fuzzy Hash: CD11D3B152010A9FCB19EF68C981C7AF3ACEF54340715463AEA19C7260E771E924C7A1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0031DD80, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • new.LIBCMT ref: 0031DDB6
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0031DE20
                                                                                                                                                                      • Part of subcall function 0035BA78: __CxxThrowException@8.LIBVCRUNTIME ref: 0035BA8F
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0031DE25
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Concurrency::cancel_current_task$Exception@8Throw
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3339364867-0
                                                                                                                                                                    • Opcode ID: 1a4d73ad40f018859e00cce7895b367c806a58cca549bf122c2fd8bae5f72807
                                                                                                                                                                    • Instruction ID: 97dd8c3f916cbd3fe4e819f4c1ccd4936339183c3c174fb63168ae45a4893fd0
                                                                                                                                                                    • Opcode Fuzzy Hash: 1a4d73ad40f018859e00cce7895b367c806a58cca549bf122c2fd8bae5f72807
                                                                                                                                                                    • Instruction Fuzzy Hash: FA11D0B2900106AFC71EDF68D981DAAF3ACEF493007114639E819C7250E731F964C7A0
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FE740, Relevance: 6.1, APIs: 4, Instructions: 71COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • new.LIBCMT ref: 002FE776
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 002FE7E2
                                                                                                                                                                      • Part of subcall function 0035BA78: __CxxThrowException@8.LIBVCRUNTIME ref: 0035BA8F
                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 002FE7E7
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Concurrency::cancel_current_task$Exception@8Throw
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3339364867-0
                                                                                                                                                                    • Opcode ID: 69119978a3182e3c09e1bb7f319814a13cc60fb374b6fae99760dcf4edddafc6
                                                                                                                                                                    • Instruction ID: 931a2087d5003687df5e17076dac17eefb96cda9e6d860b56141869f647e2353
                                                                                                                                                                    • Opcode Fuzzy Hash: 69119978a3182e3c09e1bb7f319814a13cc60fb374b6fae99760dcf4edddafc6
                                                                                                                                                                    • Instruction Fuzzy Hash: 8211D3B152010A9FDB1AEF69D881C7EF7A8EF44340B154639EA19C7260E730FD24C791
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0039A370, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9bb0f210b26eb29534f55ec4a8f6b190fb71b59141534ea164d09a2d9ef286e9
                                                                                                                                                                    • Instruction ID: 4a08d91babc547ed9128f58297624a7ab3b8861e1066366d1cb1b8b45dc03c6c
                                                                                                                                                                    • Opcode Fuzzy Hash: 9bb0f210b26eb29534f55ec4a8f6b190fb71b59141534ea164d09a2d9ef286e9
                                                                                                                                                                    • Instruction Fuzzy Hash: 5501FE79600A018BDF25EB3AD9C5D5EB3E8DF803513054729E81AC7651DB70EC818793
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003A1BA0, Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9b2877f3ad1a0de57319c617c6c76c8bc00e8905ba7b4ac366029913d7536f13
                                                                                                                                                                    • Instruction ID: e7f8f50099a449d7960eac2188e4b0cfa05535ab7afb15bdd30982e26b53973c
                                                                                                                                                                    • Opcode Fuzzy Hash: 9b2877f3ad1a0de57319c617c6c76c8bc00e8905ba7b4ac366029913d7536f13
                                                                                                                                                                    • Instruction Fuzzy Hash: 7A0104B15082405FD71BEB64C901B6EBAD8DF95340F01096CF4858A1B2E738C8958732
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002E3680, Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: _com_issue_error$AllocString
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 245909816-0
                                                                                                                                                                    • Opcode ID: 9caf6b8021fe52d33345f553933a001548685eba1815f4f6195c2193e9350c7d
                                                                                                                                                                    • Instruction ID: 7cda61a99aa9dee8baabd6440b6db578769d0aa569d2fb17b04d29338c2ad82c
                                                                                                                                                                    • Opcode Fuzzy Hash: 9caf6b8021fe52d33345f553933a001548685eba1815f4f6195c2193e9350c7d
                                                                                                                                                                    • Instruction Fuzzy Hash: 6511A3B1950656EBD7219F66C805B56F7E8EB40B20F10872AE814A7380D7F59950CBD4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003F9887, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,003F982E,?,00000000,00000000,00000000,?,003F9B5A,00000006,FlsSetValue), ref: 003F98B9
                                                                                                                                                                    • GetLastError.KERNEL32(?,003F982E,?,00000000,00000000,00000000,?,003F9B5A,00000006,FlsSetValue,0042B710,0042B718,00000000,00000364,?,003F7192), ref: 003F98C5
                                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,003F982E,?,00000000,00000000,00000000,?,003F9B5A,00000006,FlsSetValue,0042B710,0042B718,00000000), ref: 003F98D3
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3177248105-0
                                                                                                                                                                    • Opcode ID: 6e07bce23c35dbcbff46b96b6f4f5de874a81fc75ec7e64e7ad21ed2e04f0a2b
                                                                                                                                                                    • Instruction ID: ea8599aca9b44a2620c38418b6cb5f49afe95d02985da4ec9925483c5f09fcfd
                                                                                                                                                                    • Opcode Fuzzy Hash: 6e07bce23c35dbcbff46b96b6f4f5de874a81fc75ec7e64e7ad21ed2e04f0a2b
                                                                                                                                                                    • Instruction Fuzzy Hash: DE01AC3365532AABC7224A69DC84FB6779CAF167E17214635FA06D7180DB21D80186E4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003C6A60, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: abfa20defeef95a6f38eadb0cf637ecbc2ac679541f65d51cb5d99ec35931535
                                                                                                                                                                    • Instruction ID: a008ba7c95ebb60a8a6abc8fa93775c7f52934bd7dac1ab79a26c52cdb793b72
                                                                                                                                                                    • Opcode Fuzzy Hash: abfa20defeef95a6f38eadb0cf637ecbc2ac679541f65d51cb5d99ec35931535
                                                                                                                                                                    • Instruction Fuzzy Hash: 68F020F951024042DA2FB7714443F6E618C4EA0351B11C63EF81AE9193EBA4DD958322
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002EB5F0, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 770c4ad116421cb3f010b30265f934289c382512a04b38283b500f6ab6e133d7
                                                                                                                                                                    • Instruction ID: 44bf12e702611b94f38d30586374a04e9d6ced862e6cd6f6bd806d954515fcac
                                                                                                                                                                    • Opcode Fuzzy Hash: 770c4ad116421cb3f010b30265f934289c382512a04b38283b500f6ab6e133d7
                                                                                                                                                                    • Instruction Fuzzy Hash: 7AF027F26541844BD71DFB75A817D2F72CC8B20354740413AF01ECA291F731E8648219
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00315130, Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c3b405721609de0dd6f7c7bd127657b07f032d3544c59e99076ea7aefd569c71
                                                                                                                                                                    • Instruction ID: ccb00d0bee258f35578a7c5286368c96c536307db3e6d74d4abc8ec3aea8eb8e
                                                                                                                                                                    • Opcode Fuzzy Hash: c3b405721609de0dd6f7c7bd127657b07f032d3544c59e99076ea7aefd569c71
                                                                                                                                                                    • Instruction Fuzzy Hash: 16F0ECB36041046B9F2FE7786852EAE72888BB4350B01463EF52FCA291F735E9D5C255
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FE7F0, Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 697adb2a7490e7bba972daeeebb49143875acc5a87266bd8365fea4e93a190d5
                                                                                                                                                                    • Instruction ID: 3684d7807daf869a67fe428d4184b0b12b9acd9192b0ab84ac0910e7e9cd0c64
                                                                                                                                                                    • Opcode Fuzzy Hash: 697adb2a7490e7bba972daeeebb49143875acc5a87266bd8365fea4e93a190d5
                                                                                                                                                                    • Instruction Fuzzy Hash: 9CF027B26142080BDA2DFB746847D3EB2888B603D0705423AF61ECA2B2F632E864C255
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003C6AD0, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 41de2cd2c8271a2e1a6479b68efe259301aa6e378b82bfa9e165e0d1979330e1
                                                                                                                                                                    • Instruction ID: 8e88f449866992b84eafd63961771b2430766b3da3db98257555156211093e11
                                                                                                                                                                    • Opcode Fuzzy Hash: 41de2cd2c8271a2e1a6479b68efe259301aa6e378b82bfa9e165e0d1979330e1
                                                                                                                                                                    • Instruction Fuzzy Hash: 64F0B4B560019446DB2EE7728557F6E62C8CF90306F01857DB507CA493EB64EC658362
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002EB590, Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 8553e1fd540f993b3b77b63ee82f40b9039e15202eb2cbebb504e9f3b25d1f5d
                                                                                                                                                                    • Instruction ID: fe3b5f39be9e5ec6ea4a004c23b515b6e124c60b90cc42439242234c548ca280
                                                                                                                                                                    • Opcode Fuzzy Hash: 8553e1fd540f993b3b77b63ee82f40b9039e15202eb2cbebb504e9f3b25d1f5d
                                                                                                                                                                    • Instruction Fuzzy Hash: D8F02EB15541444FD61DE779A542D3F73C8CB60350780413BF00ECB151FB32E968C255
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003C3C40, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 003C5190: new.LIBCMT ref: 003C5192
                                                                                                                                                                      • Part of subcall function 003D5860: LoadLibraryA.KERNEL32(?), ref: 003D587C
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 003C3D74
                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 003C3DC9
                                                                                                                                                                    Strings
                                                                                                                                                                    • Unable to open message catalog: , xrefs: 003C3D29
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: LibraryLoad___std_exception_copy___std_exception_destroy
                                                                                                                                                                    • String ID: Unable to open message catalog:
                                                                                                                                                                    • API String ID: 2927770020-3361316291
                                                                                                                                                                    • Opcode ID: 46c185e470f0d56c9571ea82711063cffe6e7e3c1c9b46f64879db6a660d48e9
                                                                                                                                                                    • Instruction ID: 8b1e8e9b05c875c774962f97b5b7ddfff8c7a32e1aff51ae4e8bb03d2953c940
                                                                                                                                                                    • Opcode Fuzzy Hash: 46c185e470f0d56c9571ea82711063cffe6e7e3c1c9b46f64879db6a660d48e9
                                                                                                                                                                    • Instruction Fuzzy Hash: B9C1DE71D00288CFDF16DBA4C488BDEBBB9AF15310F24855DE446EB282D7759E48CBA1
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0038AC30, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 215COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: deque<T> too long$list<T> too long
                                                                                                                                                                    • API String ID: 0-27806271
                                                                                                                                                                    • Opcode ID: 8b80c529c64b337d2e5f5d3f66a6f2990fb0f6cbb3149448dd54282badb7dba7
                                                                                                                                                                    • Instruction ID: de0ea09d1cb3aa9db0b7fd2bbdbea26f5fa6c399363b20866d7f70b4a6bec920
                                                                                                                                                                    • Opcode Fuzzy Hash: 8b80c529c64b337d2e5f5d3f66a6f2990fb0f6cbb3149448dd54282badb7dba7
                                                                                                                                                                    • Instruction Fuzzy Hash: F9518975204305AFD705DF28C985E5AB7E9EF88704F15896EF849CB341EA30ED09CBA2
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003EE224, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 003EE2BD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ErrorHandling__start
                                                                                                                                                                    • String ID: pow
                                                                                                                                                                    • API String ID: 3213639722-2276729525
                                                                                                                                                                    • Opcode ID: 1f8fd869b2b23198e01972cb379e7e19cf101024af04908342e4bb17ec230824
                                                                                                                                                                    • Instruction ID: 17c5bc05d765fdc1a5bdef8f468ff651385ff188a633db48a63172fcc99489c7
                                                                                                                                                                    • Opcode Fuzzy Hash: 1f8fd869b2b23198e01972cb379e7e19cf101024af04908342e4bb17ec230824
                                                                                                                                                                    • Instruction Fuzzy Hash: 3D51CF61E0814986CB237F16C90937E37A9EB40711F248F79F2D5466E8EF358CC19A8B
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00326120, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 003262BB
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Exception@8Throw
                                                                                                                                                                    • String ID: L>F
                                                                                                                                                                    • API String ID: 2005118841-1488671342
                                                                                                                                                                    • Opcode ID: b5fbbc34441f1b45da898b7103ea12c57ef7021c828ef1bdcce3739dca49dd87
                                                                                                                                                                    • Instruction ID: 9deb4b1614a34594b9e246d13d97b47a723b9360683fce95897b8ef830a978c3
                                                                                                                                                                    • Opcode Fuzzy Hash: b5fbbc34441f1b45da898b7103ea12c57ef7021c828ef1bdcce3739dca49dd87
                                                                                                                                                                    • Instruction Fuzzy Hash: 8D51BFB0A04315DFD726CF69D44536ABBF4BF49300F20899ED44A8B352D374A995CF80
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0037D870, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 0037D8BE
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                      • Part of subcall function 0037D410: ___std_exception_copy.LIBVCRUNTIME ref: 0037D437
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8ThrowUser___std_exception_copy
                                                                                                                                                                    • String ID: (@B$t2B
                                                                                                                                                                    • API String ID: 2739578831-1163863528
                                                                                                                                                                    • Opcode ID: 3b35551fcad96387a2b42432f037a545becdb5152a0ee3864bb265f9e9c9374a
                                                                                                                                                                    • Instruction ID: 6c93223165b5ae25dbf40e891d81fa89e14ad81e4ea2c44210f3abe9fbe3249b
                                                                                                                                                                    • Opcode Fuzzy Hash: 3b35551fcad96387a2b42432f037a545becdb5152a0ee3864bb265f9e9c9374a
                                                                                                                                                                    • Instruction Fuzzy Hash: 2541B275A00209EFCB11DF54D844F9ABBB8FF08714F10862AE814AB781D779E604CB94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00323A70, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00323B8D
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Exception@8Throw
                                                                                                                                                                    • String ID: L>F
                                                                                                                                                                    • API String ID: 2005118841-1488671342
                                                                                                                                                                    • Opcode ID: fead1e61de9fb8b20be06d061aeb2804968f4a406da806162503aa35d80dd894
                                                                                                                                                                    • Instruction ID: 8fc732bb8f208d51bc236052ffeec2187e743cd354698abdd675d5ca69f584a0
                                                                                                                                                                    • Opcode Fuzzy Hash: fead1e61de9fb8b20be06d061aeb2804968f4a406da806162503aa35d80dd894
                                                                                                                                                                    • Instruction Fuzzy Hash: A1312E70F002599FCB12DF28D4817BABBE8EF59300F6045BEE58597242D7385E84C7A0
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00378F80, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00379320: __Init_thread_footer.LIBCMT ref: 0037938A
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 00379022
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00379059
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8Init_thread_footerThrowUser___std_exception_copy
                                                                                                                                                                    • String ID: 2B
                                                                                                                                                                    • API String ID: 1712276224-2442387537
                                                                                                                                                                    • Opcode ID: 529670acaff68504af5cbf509015d846da3596dcadc9b717c1102a8676407ed9
                                                                                                                                                                    • Instruction ID: d74e8483e6b8fcc3ea2c3c3f9658599f05c3ef3a1945db91eb710e328b270a53
                                                                                                                                                                    • Opcode Fuzzy Hash: 529670acaff68504af5cbf509015d846da3596dcadc9b717c1102a8676407ed9
                                                                                                                                                                    • Instruction Fuzzy Hash: 2C414FB1E10218DFCF15CFD4D881A9EBBB9FF48310F14821AE815AB340D775A945CBA4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00304EF0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                    • String ID: _K7
                                                                                                                                                                    • API String ID: 2659868963-865174366
                                                                                                                                                                    • Opcode ID: cb3c6848ec1dd595d2ae66918978e0d6a6a9960706f8327d27bde589c0d9c40c
                                                                                                                                                                    • Instruction ID: a490a3f360fa2e24e6e87c0ca4c1cd74a206fb30947c975cfebeffdbf06162a4
                                                                                                                                                                    • Opcode Fuzzy Hash: cb3c6848ec1dd595d2ae66918978e0d6a6a9960706f8327d27bde589c0d9c40c
                                                                                                                                                                    • Instruction Fuzzy Hash: FF4168B0911344CFDB19CF24D544B5ABBF4FF09304F1085AEE4065B692D7BAE605CBA5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003D46B0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 003D46FE
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherExceptionException@8ThrowUser
                                                                                                                                                                    • String ID: TwB$t2B
                                                                                                                                                                    • API String ID: 2513928553-2011736226
                                                                                                                                                                    • Opcode ID: 3b483d573d03db34217925959d4f7fa1c51faeb5eac5ebc462042cf936dd8b9f
                                                                                                                                                                    • Instruction ID: 4d8eaa559fb9588880d12c73e296c92e241769239ebb251268db2819b2dd2f20
                                                                                                                                                                    • Opcode Fuzzy Hash: 3b483d573d03db34217925959d4f7fa1c51faeb5eac5ebc462042cf936dd8b9f
                                                                                                                                                                    • Instruction Fuzzy Hash: C631D176A00609EBCB01CF54E944F8ABBF8FB45724F10426AE8149B780D779FA08CBD4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003FFEF2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,0040014D,?,00000050,?,?,?,?,?), ref: 003FFFCD
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                    • API String ID: 0-711371036
                                                                                                                                                                    • Opcode ID: 6dc652c014ab15ec432d31f52fed71ac80d48344ab8a87b715e18634581a75b0
                                                                                                                                                                    • Instruction ID: ed4fc8292dc1c713bb37ba2d803ea58ca502c8d6e8713417dbb3636b5c95eae7
                                                                                                                                                                    • Opcode Fuzzy Hash: 6dc652c014ab15ec432d31f52fed71ac80d48344ab8a87b715e18634581a75b0
                                                                                                                                                                    • Instruction Fuzzy Hash: 6921C763A0430DAED7329B54D901BBBB2AAAF56F14B578474EF09D7600F732DD008390
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F4F80, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002F5065
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                    • String ID: Day of month is not valid for year$zo/
                                                                                                                                                                    • API String ID: 2659868963-580808045
                                                                                                                                                                    • Opcode ID: 3ce01e9e5e98ed5975114a31678ac3b76ee5ae3ff0bd55c6c62a8aad7886c0b2
                                                                                                                                                                    • Instruction ID: 278234fce7d7f6392f816db808096a644814571b64ed3b38d08dc9a7e6ca0a9b
                                                                                                                                                                    • Opcode Fuzzy Hash: 3ce01e9e5e98ed5975114a31678ac3b76ee5ae3ff0bd55c6c62a8aad7886c0b2
                                                                                                                                                                    • Instruction Fuzzy Hash: F231BEB191025CDBDB00DF94C881BEEFBB8FF08750F50413AE912A7281EB795A54CBA5
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00376320, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetLastError.KERNEL32(06E5DBC0,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00376357
                                                                                                                                                                      • Part of subcall function 00372720: __Init_thread_footer.LIBCMT ref: 00372783
                                                                                                                                                                      • Part of subcall function 00374050: ___std_exception_copy.LIBVCRUNTIME ref: 003740A7
                                                                                                                                                                      • Part of subcall function 00374050: new.LIBCMT ref: 003740FE
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 003763E3
                                                                                                                                                                      • Part of subcall function 003D83E3: KiUserExceptionDispatcher.NTDLL(?,?,?,0035BA94,?,?,?,?,?,?,?,?,0035BA94,?,0044A374), ref: 003D8442
                                                                                                                                                                    Strings
                                                                                                                                                                    • boost::filesystem::status, xrefs: 003763B4
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: DispatcherErrorExceptionException@8Init_thread_footerLastThrowUser___std_exception_copy
                                                                                                                                                                    • String ID: boost::filesystem::status
                                                                                                                                                                    • API String ID: 1779292212-3746320807
                                                                                                                                                                    • Opcode ID: e1a0cbf80335ca212548db466c5c0341efa2b2cc92afa989cf42e7fc60b26f4a
                                                                                                                                                                    • Instruction ID: c892fb205d142ae81a8c00b46a3f3ccef81471d83af93c4e1d1bc81885ca11fd
                                                                                                                                                                    • Opcode Fuzzy Hash: e1a0cbf80335ca212548db466c5c0341efa2b2cc92afa989cf42e7fc60b26f4a
                                                                                                                                                                    • Instruction Fuzzy Hash: A821C3B5D00659DADB369F58D8967EEF7B8FB09311F018136E8196B251DB389808CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003415A0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___from_strstr_to_strchr.LIBCMT ref: 003415CF
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___from_strstr_to_strchr
                                                                                                                                                                    • String ID: .$0123456789
                                                                                                                                                                    • API String ID: 601868998-4187921772
                                                                                                                                                                    • Opcode ID: f02d6f9a1a74a84d2eb107cc8a81292753c527dbd17c04e8e1eb322335ea8ea2
                                                                                                                                                                    • Instruction ID: ff6ed25abba0c4cc7ef9458d92af39a9265d779e168d719385125b1ed7f0301b
                                                                                                                                                                    • Opcode Fuzzy Hash: f02d6f9a1a74a84d2eb107cc8a81292753c527dbd17c04e8e1eb322335ea8ea2
                                                                                                                                                                    • Instruction Fuzzy Hash: E1212B369009045ADB228A28CD903F9BBFDDF46355F1B00BACC49CF201D639E9858689
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00302A50, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00302AFE
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                    • String ID: r(0$t?F
                                                                                                                                                                    • API String ID: 1385522511-395057117
                                                                                                                                                                    • Opcode ID: cd514aeee3b65191ecadadccba0a777e7ab265bfd572c0a440254b7880727fbc
                                                                                                                                                                    • Instruction ID: 980ec54f41f45520352a54f75f9db86d73664a405730f4bbd6e541db9e138fc3
                                                                                                                                                                    • Opcode Fuzzy Hash: cd514aeee3b65191ecadadccba0a777e7ab265bfd572c0a440254b7880727fbc
                                                                                                                                                                    • Instruction Fuzzy Hash: E03105B0D01288DFD71ADF14E85AB6FBBB4EB05301F50016AE4016B2E1E7F95A04CBDA
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002ED030, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 002ED0EC
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                    • String ID: dPB$l2B
                                                                                                                                                                    • API String ID: 4194217158-3608660662
                                                                                                                                                                    • Opcode ID: 67c23668fa71ba1a15afaf76b0e3863630f53de5ad553df2983e3a95b6be63d8
                                                                                                                                                                    • Instruction ID: 54fc9a758844142cbf31137e406c5ff18600f8e9e6fdafb37bd20aa1851992c3
                                                                                                                                                                    • Opcode Fuzzy Hash: 67c23668fa71ba1a15afaf76b0e3863630f53de5ad553df2983e3a95b6be63d8
                                                                                                                                                                    • Instruction Fuzzy Hash: 9921FFB1610A529BCB20DF05D800706F7F8FF44710F94861AD4559BB80E77AB925CBA9
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003134E0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 0031359C
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                    • String ID: dPB$l2B
                                                                                                                                                                    • API String ID: 4194217158-3608660662
                                                                                                                                                                    • Opcode ID: 28601331f07ece0a00b89d5ac5cddece2cd0a2d4e0f7022c8c30a8269300c9cb
                                                                                                                                                                    • Instruction ID: 74383bc6ef04909d46c9e9e6357324079ab81123fff15dc9512cfb9362124385
                                                                                                                                                                    • Opcode Fuzzy Hash: 28601331f07ece0a00b89d5ac5cddece2cd0a2d4e0f7022c8c30a8269300c9cb
                                                                                                                                                                    • Instruction Fuzzy Hash: B32104B1600A11DBC725CF08D800756B7F9FF09B20F50861AD4559BB80D779FA14CBD9
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F4610, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Getcvt
                                                                                                                                                                    • String ID: L6C
                                                                                                                                                                    • API String ID: 1921796781-3758632169
                                                                                                                                                                    • Opcode ID: eee0fa1aec234f3ab2b4e5094565c628658b47ed97c9b87bad4975c6f315243f
                                                                                                                                                                    • Instruction ID: a424f332dab19f0ed17811a3cad04e4e9608345600ba16812803aa77b233cb12
                                                                                                                                                                    • Opcode Fuzzy Hash: eee0fa1aec234f3ab2b4e5094565c628658b47ed97c9b87bad4975c6f315243f
                                                                                                                                                                    • Instruction Fuzzy Hash: 7421D3B1D10649EFD714DF14C540BAAF7B8FF54310F10826AE9059B251EBB4A694CB80
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00375A30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetFileAttributesExW.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,0038B6E9,?,00000000,06E5DBC0), ref: 00375A5C
                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,0038B6E9,?,00000000,06E5DBC0), ref: 00375A66
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AttributesErrorFileLast
                                                                                                                                                                    • String ID: boost::filesystem::file_size
                                                                                                                                                                    • API String ID: 1799206407-1937220381
                                                                                                                                                                    • Opcode ID: cbf7e2f93ad125ea0f80c20f23a4855b629037a62edda57222f9c2c0b0fa2adb
                                                                                                                                                                    • Instruction ID: 4ad1c349312865d4cf8997fa120309b130b24abbbc075e79e3ef944741404909
                                                                                                                                                                    • Opcode Fuzzy Hash: cbf7e2f93ad125ea0f80c20f23a4855b629037a62edda57222f9c2c0b0fa2adb
                                                                                                                                                                    • Instruction Fuzzy Hash: C7112731614600ABD629DF28DC82B6B77F8EF98724F808B1DF49DDB181E67CD9008692
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002EC610, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002EC653
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                    • String ID: dPB$l2BHI@
                                                                                                                                                                    • API String ID: 2659868963-2780465344
                                                                                                                                                                    • Opcode ID: 26810e0a84e782a006d804c1dca4473aec12c8a86e7c63f532356fce2358c480
                                                                                                                                                                    • Instruction ID: d84509c468a5318c6ef395acab7f8570a021df530f51dc68eefcc5739e7d190e
                                                                                                                                                                    • Opcode Fuzzy Hash: 26810e0a84e782a006d804c1dca4473aec12c8a86e7c63f532356fce2358c480
                                                                                                                                                                    • Instruction Fuzzy Hash: 7D2135B1A10619EFC714CF59D880A5AFBF8FB49720B90C66BE819DBB01D374E9148F94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002EC7F0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002EC833
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                    • String ID: dPB$l2BFH@
                                                                                                                                                                    • API String ID: 2659868963-3057620107
                                                                                                                                                                    • Opcode ID: bb7a625a2e33740bf4b2ec1bbced86776dd594e371a840994e00937cdfa01e38
                                                                                                                                                                    • Instruction ID: 562e531657d259c715861ac159b0bef050917f15c288412892b57ed98a2441fc
                                                                                                                                                                    • Opcode Fuzzy Hash: bb7a625a2e33740bf4b2ec1bbced86776dd594e371a840994e00937cdfa01e38
                                                                                                                                                                    • Instruction Fuzzy Hash: 222118B5A10A55DFC710CF59D880A56FBF8FB49720B50C66BE819DB700E374E914CB94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FA910, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002FA953
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                    • String ID: dPB$l2B
                                                                                                                                                                    • API String ID: 2659868963-3608660662
                                                                                                                                                                    • Opcode ID: c0737f87c4c7d9ca8492491d54185ab55a402746a60cd44a4ebd6b4d263dc475
                                                                                                                                                                    • Instruction ID: ff027a03cc017c0ba1c6631588c586b7386df77853992d887289510070a70fde
                                                                                                                                                                    • Opcode Fuzzy Hash: c0737f87c4c7d9ca8492491d54185ab55a402746a60cd44a4ebd6b4d263dc475
                                                                                                                                                                    • Instruction Fuzzy Hash: 362135B5A10619EFC711CF59D880A5AFBF8FB09720B50C66BE829DB701D3B4A9148F90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003289E0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 00328A23
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                    • String ID: dPB$l2B
                                                                                                                                                                    • API String ID: 2659868963-3608660662
                                                                                                                                                                    • Opcode ID: 8dd31e8e3a5a59472d568abc54ed8b2f5ba62621a946888b98e0f8b9fd666ed6
                                                                                                                                                                    • Instruction ID: 2279b545b064442b657e11159edea26a864c058c74af3f0b313d40e5bc6f0a8f
                                                                                                                                                                    • Opcode Fuzzy Hash: 8dd31e8e3a5a59472d568abc54ed8b2f5ba62621a946888b98e0f8b9fd666ed6
                                                                                                                                                                    • Instruction Fuzzy Hash: 1C2137B5A00625DFCB10CF59E880A56FBF8FB49720B50C66BE8199B601D774E9048B94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FAAF0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002FAB33
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                    • String ID: dPB$l2B
                                                                                                                                                                    • API String ID: 2659868963-3608660662
                                                                                                                                                                    • Opcode ID: f1bf220d93006dabf301198e1840af8fc10d8a7f63534ae36a2fdf227b732382
                                                                                                                                                                    • Instruction ID: 1e0c146e9f51f963f59db34c94dcdec7e7582333003606dbf3783704c3f9faa1
                                                                                                                                                                    • Opcode Fuzzy Hash: f1bf220d93006dabf301198e1840af8fc10d8a7f63534ae36a2fdf227b732382
                                                                                                                                                                    • Instruction Fuzzy Hash: 112149B5A10619EFC710CF59D880A56FBF8FB09720B50C66BE819DB700D374E914CBA4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FACD0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002FAD13
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                    • String ID: dPB$l2B
                                                                                                                                                                    • API String ID: 2659868963-3608660662
                                                                                                                                                                    • Opcode ID: 24c7af99701fff67c3e511e686c9ff75149a88fdc9b3ca321819b858f6fbfe59
                                                                                                                                                                    • Instruction ID: e889b4d56c7a03a3fecfcb4c85f676e0e6e218ac3e46ffef6fa55cac86a292b6
                                                                                                                                                                    • Opcode Fuzzy Hash: 24c7af99701fff67c3e511e686c9ff75149a88fdc9b3ca321819b858f6fbfe59
                                                                                                                                                                    • Instruction Fuzzy Hash: E12168B5A00619EFC710CF19D880A56FBF8FB09320B50C66BE819DBB00D374E9148F94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00312F20, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 00312F63
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                    • String ID: dPB$l2B
                                                                                                                                                                    • API String ID: 2659868963-3608660662
                                                                                                                                                                    • Opcode ID: d9c3f54e9aad0e2ac53b0e37b04efaaf446896067426edd25551678465877d59
                                                                                                                                                                    • Instruction ID: fcc4c4f1087326c26ecd3f9ad19d0469690e2fb1336923a791f7bb146b73e1ee
                                                                                                                                                                    • Opcode Fuzzy Hash: d9c3f54e9aad0e2ac53b0e37b04efaaf446896067426edd25551678465877d59
                                                                                                                                                                    • Instruction Fuzzy Hash: 082134B5A00615DFC710CF59D880A56FBF8FB49720B51C66AE8199BA00D374E9548B94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00391CA0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 002EB390: std::ios_base::_Addstd.LIBCPMT ref: 002EB3D2
                                                                                                                                                                      • Part of subcall function 002EAC10: new.LIBCMT ref: 002EAC3E
                                                                                                                                                                      • Part of subcall function 002EAC10: std::locale::_Init.LIBCPMT ref: 002EAC55
                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00391D9D
                                                                                                                                                                      • Part of subcall function 0035C306: std::ios_base::_Tidy.LIBCPMT ref: 0035C326
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::ios_base::_$AddstdInitIos_base_dtorTidystd::locale::_
                                                                                                                                                                    • String ID: H$HEB
                                                                                                                                                                    • API String ID: 2217990145-3936656248
                                                                                                                                                                    • Opcode ID: dc3f500f5cba711d05f6debd817ebe94945bc09f724cfac2b043740e6f0a8c5b
                                                                                                                                                                    • Instruction ID: e7bd02a79fe69346d0af1141c384c8f4e60cb3a4a9af16696748262eef90b36a
                                                                                                                                                                    • Opcode Fuzzy Hash: dc3f500f5cba711d05f6debd817ebe94945bc09f724cfac2b043740e6f0a8c5b
                                                                                                                                                                    • Instruction Fuzzy Hash: 97310AB4E0025CEFDB10DF94D845B9DBBB8FF05308F1085AAE818AB281D7795A48CF55
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002E2960, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Getctype
                                                                                                                                                                    • String ID: L6C
                                                                                                                                                                    • API String ID: 2085600672-3758632169
                                                                                                                                                                    • Opcode ID: 99ae009c2d0083a6c67a8a6a0d382ee8441354df08bc527ff517e7ec33f695b0
                                                                                                                                                                    • Instruction ID: 96d30034140f971f67e2d1f013f9dceb26c435073812f9659a171bc90abeeece
                                                                                                                                                                    • Opcode Fuzzy Hash: 99ae009c2d0083a6c67a8a6a0d382ee8441354df08bc527ff517e7ec33f695b0
                                                                                                                                                                    • Instruction Fuzzy Hash: 7C1103B1910249EBDB14CF55C841BA9F7B8FB54710F60D22AEC065B381EB74AA98CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00375990, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00375A00
                                                                                                                                                                      • Part of subcall function 00372720: __Init_thread_footer.LIBCMT ref: 00372783
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Exception@8Init_thread_footerThrow
                                                                                                                                                                    • String ID: _K7$_K7
                                                                                                                                                                    • API String ID: 3881679518-3723475516
                                                                                                                                                                    • Opcode ID: fca00c4e5ea219981d37171a2d5f21716fc66777c0e6060157b8f7044d6d25cf
                                                                                                                                                                    • Instruction ID: f430cd64164bc045c2d7fd40459d15a2d80b5a2dd7fb41afd28e93218d55b73d
                                                                                                                                                                    • Opcode Fuzzy Hash: fca00c4e5ea219981d37171a2d5f21716fc66777c0e6060157b8f7044d6d25cf
                                                                                                                                                                    • Instruction Fuzzy Hash: AB117B76940649DBCB27DF54C941BAFB7F8EF54B20F11862AEC59AB241DF38A900C790
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002EAC10, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • new.LIBCMT ref: 002EAC3E
                                                                                                                                                                    • std::locale::_Init.LIBCPMT ref: 002EAC55
                                                                                                                                                                      • Part of subcall function 0035BDD1: __EH_prolog3.LIBCMT ref: 0035BDD8
                                                                                                                                                                      • Part of subcall function 0035BDD1: std::_Lockit::_Lockit.LIBCPMT ref: 0035BDE3
                                                                                                                                                                      • Part of subcall function 0035BDD1: std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 0035BDF6
                                                                                                                                                                      • Part of subcall function 0035BDD1: std::locale::_Setgloballocale.LIBCPMT ref: 0035BDFE
                                                                                                                                                                      • Part of subcall function 0035BDD1: _Yarn.LIBCPMT ref: 0035BE14
                                                                                                                                                                      • Part of subcall function 0035BDD1: std::_Lockit::~_Lockit.LIBCPMT ref: 0035BE52
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: std::locale::_$Lockitstd::_$H_prolog3InitLocimpLocimp::_Lockit::_Lockit::~_New_SetgloballocaleYarn
                                                                                                                                                                    • String ID: z.
                                                                                                                                                                    • API String ID: 2548088810-3979806767
                                                                                                                                                                    • Opcode ID: 79f928516d1587c27f7c13a3961e7d6d181ccbb28d355c85793522c0fd2448ac
                                                                                                                                                                    • Instruction ID: 86fc9f69dc7d7f4a834658968ddc33b2a7b64ab81b026b3d402e444cc67ce1df
                                                                                                                                                                    • Opcode Fuzzy Hash: 79f928516d1587c27f7c13a3961e7d6d181ccbb28d355c85793522c0fd2448ac
                                                                                                                                                                    • Instruction Fuzzy Hash: DC21A4B5A00A0AAFD305CF25C940B81FBF8FB09710F10866AE81587B50E7B5A9648FD0
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0038C2A0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0038C361
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                    • String ID: $3F$03F
                                                                                                                                                                    • API String ID: 1385522511-2469152375
                                                                                                                                                                    • Opcode ID: 0601c88b2a483aef8d54a28fd9d275097b7822fe9e3af913a41abf339acb1494
                                                                                                                                                                    • Instruction ID: 2385eb08c962ae6169990a54f4053abc8f967391c56a9dc9e61a5194573595a0
                                                                                                                                                                    • Opcode Fuzzy Hash: 0601c88b2a483aef8d54a28fd9d275097b7822fe9e3af913a41abf339acb1494
                                                                                                                                                                    • Instruction Fuzzy Hash: E5210270910384CBCB22EF58DC41BADB3B0FB05710F4042A9E8259B3D1EBB89A44CB66
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0037E490, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0037E551
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Init_thread_footer
                                                                                                                                                                    • String ID: <2F$H2F
                                                                                                                                                                    • API String ID: 1385522511-1337479122
                                                                                                                                                                    • Opcode ID: 63e48183be50dfac034d0ced9aeb7e4af48d1970b103ab72c1dcc23c7621704e
                                                                                                                                                                    • Instruction ID: 80678d6714be45be8403ed364c3e65bf6ca496071373e3b9b6c5e8fa3e9520af
                                                                                                                                                                    • Opcode Fuzzy Hash: 63e48183be50dfac034d0ced9aeb7e4af48d1970b103ab72c1dcc23c7621704e
                                                                                                                                                                    • Instruction Fuzzy Hash: 1121D270900284DBD722DF58DC52BA9B3A0FB06B15F0086A9E4295B2D2E77C9A04CB56
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FB390, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 002FB417
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                    • String ID: dPB$l2B
                                                                                                                                                                    • API String ID: 4194217158-3608660662
                                                                                                                                                                    • Opcode ID: 0d3d71add220291dc23f1877d9ecae12c228386e41116a5333bd51ac69cd69ac
                                                                                                                                                                    • Instruction ID: 6f8c02df428b7f63b25135c9606de789205ddd85cd73dd613de04187d0130571
                                                                                                                                                                    • Opcode Fuzzy Hash: 0d3d71add220291dc23f1877d9ecae12c228386e41116a5333bd51ac69cd69ac
                                                                                                                                                                    • Instruction Fuzzy Hash: C61106B1B00A15ABC711DF04E900B25F7A8FB44B60F50C26AD5255B781D779A9148F94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002FB6F0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 002FB777
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                    • String ID: dPB$l2B
                                                                                                                                                                    • API String ID: 4194217158-3608660662
                                                                                                                                                                    • Opcode ID: dc25404b0ca0e95cfc6547b62f770466a5567bc03e13ccbbd318305388df82bb
                                                                                                                                                                    • Instruction ID: fa1ec85a177cf49a9fb0b5ae661d562ae0bbc5a08aec61d7e53c407f979d2aaf
                                                                                                                                                                    • Opcode Fuzzy Hash: dc25404b0ca0e95cfc6547b62f770466a5567bc03e13ccbbd318305388df82bb
                                                                                                                                                                    • Instruction Fuzzy Hash: 511102B2B04B15ABC711EF14D901B5AF7A8FB84B20F50C22AE5215B781E779E9108F84
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00328CE0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 00328D67
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                    • String ID: dPB$l2B
                                                                                                                                                                    • API String ID: 4194217158-3608660662
                                                                                                                                                                    • Opcode ID: 2f421840cc0a44f3b0cb240eef5927212da687c4be7a1cf4928688fa695169c7
                                                                                                                                                                    • Instruction ID: ff1988da3d4af58a20793039daf4f844059284fbeacd12fdb259aa746e728243
                                                                                                                                                                    • Opcode Fuzzy Hash: 2f421840cc0a44f3b0cb240eef5927212da687c4be7a1cf4928688fa695169c7
                                                                                                                                                                    • Instruction Fuzzy Hash: EB1106B1A02A219BC711CF04E800B05F7A8FB45720F51C62BE4259B7C0DB79E9048F98
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002ECE20, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 002ECEA7
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                    • String ID: dPB$l2B
                                                                                                                                                                    • API String ID: 4194217158-3608660662
                                                                                                                                                                    • Opcode ID: 53d971a6d472e44505b0f867cb87887e62c939d6b83e2695c1d160ec3f490415
                                                                                                                                                                    • Instruction ID: 784b15748abc9434914c1bdd12f08cbabb27c6f415e3b732412f43232d322678
                                                                                                                                                                    • Opcode Fuzzy Hash: 53d971a6d472e44505b0f867cb87887e62c939d6b83e2695c1d160ec3f490415
                                                                                                                                                                    • Instruction Fuzzy Hash: 911102B1A00A51ABC715DF45D800B59F7A8FB44B20FA4CB5AE4215B780E779AA148F98
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002E7BE0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_destroy.LIBVCRUNTIME ref: 002E7C5A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_destroy
                                                                                                                                                                    • String ID: dPB$l2B
                                                                                                                                                                    • API String ID: 4194217158-3608660662
                                                                                                                                                                    • Opcode ID: 0d474f77b71adde318644e3d795c3c6b4d1958f8da8d0a538a8bccf3bd976171
                                                                                                                                                                    • Instruction ID: 882ee454ab6fe79e1099423e24214b4352a6660055ae4a3453d50deec877f95d
                                                                                                                                                                    • Opcode Fuzzy Hash: 0d474f77b71adde318644e3d795c3c6b4d1958f8da8d0a538a8bccf3bd976171
                                                                                                                                                                    • Instruction Fuzzy Hash: 030126B1A44B519BC710CF15E800B5AB7A8FB44B20F60832BE4259B7C0E73AED108BD4
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 0037C7B0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 0037B920: GetProcessHeap.KERNEL32(00000000,00000004,06E5DBC0,000000FF,?,0037C812), ref: 0037B949
                                                                                                                                                                      • Part of subcall function 0037B920: HeapAlloc.KERNEL32(00000000,?,0037C812), ref: 0037B950
                                                                                                                                                                      • Part of subcall function 0037B880: new.LIBCMT ref: 0037B8BA
                                                                                                                                                                      • Part of subcall function 00372A71: __onexit.LIBCMT ref: 00372A77
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 0037C843
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$AllocInit_thread_footerProcess__onexit
                                                                                                                                                                    • String ID: $2F$(2F
                                                                                                                                                                    • API String ID: 644686530-1398691419
                                                                                                                                                                    • Opcode ID: a749b475267f87b6b9eb564ba0082db941fd2d1921aef61757e7456e916ad6ed
                                                                                                                                                                    • Instruction ID: d19cbb524ad10e9d3c04b08d01fd295b5d76c2630737d4b942315b992d58424b
                                                                                                                                                                    • Opcode Fuzzy Hash: a749b475267f87b6b9eb564ba0082db941fd2d1921aef61757e7456e916ad6ed
                                                                                                                                                                    • Instruction Fuzzy Hash: EC114871D40580EBC721DF58EC12F95B7A8EB09B11F00867AF81997380E778AA00CA5A
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00377270, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                      • Part of subcall function 00372A71: __onexit.LIBCMT ref: 00372A77
                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 003772E9
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Init_thread_footer__onexit
                                                                                                                                                                    • String ID: 1F$1F
                                                                                                                                                                    • API String ID: 1881088180-2431436261
                                                                                                                                                                    • Opcode ID: 192bccc8812d1c1d490dd88e4b6da70af5e1d3cdc110d6666193c12db0197501
                                                                                                                                                                    • Instruction ID: aee5b6d41365c58c17d356686b87cd3739b6efd169709d8e143e08505ff51718
                                                                                                                                                                    • Opcode Fuzzy Hash: 192bccc8812d1c1d490dd88e4b6da70af5e1d3cdc110d6666193c12db0197501
                                                                                                                                                                    • Instruction Fuzzy Hash: 8F012671A44180DBC721DF14DC42F4877A0E706B12F10C67AF829A77C1EB3EAA00CA1A
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 002F4420, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • ___std_exception_copy.LIBVCRUNTIME ref: 002F445A
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ___std_exception_copy
                                                                                                                                                                    • String ID: $2C$6{.
                                                                                                                                                                    • API String ID: 2659868963-4023667319
                                                                                                                                                                    • Opcode ID: d79c0e43bce822cee54e875f9c215d020852227e643ba8c9a9000954b934f3c3
                                                                                                                                                                    • Instruction ID: d40db356047d6c79f9daa25bd6fe374f1e14cdfeb8e8a30f960f59386cc4ccc5
                                                                                                                                                                    • Opcode Fuzzy Hash: d79c0e43bce822cee54e875f9c215d020852227e643ba8c9a9000954b934f3c3
                                                                                                                                                                    • Instruction Fuzzy Hash: 4501BCB0910308DFC724DF68E40565ABBF8EF44314F50C6AED4959B381D7B9AA48CF98
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 003FAA2B, Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 003FAAC1
                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 003FAACF
                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,?,00000000,?,00000000), ref: 003FAB2A
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 1717984340-0
                                                                                                                                                                    • Opcode ID: 77385cde3ff63d98060bba5e0835cac80c3029a16231b35f4ab50aa2ba457709
                                                                                                                                                                    • Instruction ID: ecf8de9ac160de50e7b242380ee7771174e0a53364a715076841b92d85839dd5
                                                                                                                                                                    • Opcode Fuzzy Hash: 77385cde3ff63d98060bba5e0835cac80c3029a16231b35f4ab50aa2ba457709
                                                                                                                                                                    • Instruction Fuzzy Hash: 4F413D70600A5EAFCF238F69C884ABE7BA6DF05320F1641A9FA5D5B191D7308D05C752
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00370B60, Relevance: 5.1, APIs: 4, Instructions: 103memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,74B05520), ref: 00370C35
                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00370C42
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,0040C324,?,00000000,?,?,?,?,?,?,?,?,00000000,0040C324,000000FF), ref: 00370C75
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,00000000,0040C324,000000FF), ref: 00370C7C
                                                                                                                                                                      • Part of subcall function 00370FF0: GetProcessHeap.KERNEL32(00000000,0040C3D6,?,?,0040C3D6,000000FF), ref: 00371052
                                                                                                                                                                      • Part of subcall function 00370FF0: HeapFree.KERNEL32(00000000,?,?,0040C3D6,000000FF), ref: 00371059
                                                                                                                                                                      • Part of subcall function 00370850: TlsGetValue.KERNEL32(0000001C,06E5DBC0,74B05520,0040C324), ref: 003708BD
                                                                                                                                                                      • Part of subcall function 00370850: CreateWaitableTimerA.KERNEL32(00000000,00000000,00000000), ref: 0037091E
                                                                                                                                                                      • Part of subcall function 00370850: GetModuleHandleA.KERNEL32(KERNEL32.DLL,SetWaitableTimerEx), ref: 00370968
                                                                                                                                                                      • Part of subcall function 00370850: GetProcAddress.KERNEL32(00000000), ref: 0037096F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$FreeProcess$AddressCreateHandleModuleProcTimerValueWaitable
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 79733456-0
                                                                                                                                                                    • Opcode ID: 8485904ac422a572f196531055629421c168628873250520fa4666c0aa701dc5
                                                                                                                                                                    • Instruction ID: 52d0528c55ee9549b6b8bc1be555bf5a71a2c22a232ac39f5cba58208dcd9c38
                                                                                                                                                                    • Opcode Fuzzy Hash: 8485904ac422a572f196531055629421c168628873250520fa4666c0aa701dc5
                                                                                                                                                                    • Instruction Fuzzy Hash: 5B31D531D04649DBCB25CFA8C94579EBBB4EF59720F11831AF52EAB2D0DB346944CB90
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                    Function 00370CA0, Relevance: 5.1, APIs: 4, Instructions: 67memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,002E3FC8,?,00000008,00000000,0040F42C,000000FF,?,002E3FC8,06E5DBC0), ref: 00370CF9
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,00000008,00000000,0040F42C,000000FF,?,002E3FC8,06E5DBC0), ref: 00370D00
                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,002E3FC8,?,00000008,00000000,0040F42C,000000FF,?,002E3FC8,06E5DBC0), ref: 00370D38
                                                                                                                                                                    • HeapFree.KERNEL32(00000000,?,00000008,00000000,0040F42C,000000FF,?,002E3FC8,06E5DBC0), ref: 00370D3F
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.579267481.00000000002E1000.00000020.00020000.sdmp, Offset: 002E0000, based on PE: true
                                                                                                                                                                    • Associated: 00000001.00000002.579223434.00000000002E0000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581045545.0000000000418000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581395913.000000000045A000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581425946.000000000045C000.00000008.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581565795.0000000000462000.00000004.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581609481.0000000000465000.00000002.00020000.sdmp Download File
                                                                                                                                                                    • Associated: 00000001.00000002.581935120.0000000000467000.00000002.00020000.sdmp Download File
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_2e0000_installer.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3859560861-0
                                                                                                                                                                    • Opcode ID: fbfb1a0cf2b36c6afa54b47cdf3ab90a8a25ecb5b7d3471072f9a9c94558f851
                                                                                                                                                                    • Instruction ID: 78812be42f8f162cbcb6c28f9b72e2c9a4341ec5d50e893f796cf22bae9835c1
                                                                                                                                                                    • Opcode Fuzzy Hash: fbfb1a0cf2b36c6afa54b47cdf3ab90a8a25ecb5b7d3471072f9a9c94558f851
                                                                                                                                                                    • Instruction Fuzzy Hash: D911B731E05714DBD735CFA4D904B9ABBA8EF09B31F018669E91D973C0DB756800CB94
                                                                                                                                                                    Uniqueness

                                                                                                                                                                    Uniqueness Score: -1.00%